Abstract
In this paper we revisit Wiener’s method (IEEE-IT, 1990) of continued fraction (CF) to find new weaknesses in RSA. We consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. Our motivation is to find out when RSA is insecure given d is O(n δ), where we are mostly interested in the range 0.3 ≤ δ ≤ 0.5. We use both the upper and lower bounds on φ(N) and then try to find out what are the cases when \(\frac{t}{d}\) is a convergent in the CF expression of \(\frac{e}{N - \frac{3}{\sqrt{2}} \sqrt{N} + 1}\). First we show that the RSA keys are weak when d = N δ and \(\delta < \frac{3}{4} - \gamma - \tau\), where 2q − p = N γ and τ is a small value based on certain parameters. This presents additional results over the work of de Weger (AAECC 2002). Further we show that, the RSA keys are weak when \(d < \frac{1}{2} N^\delta\) and e is \(O(N^{\frac{3}{2}-2\delta})\) for \(\delta \leq \frac{1}{2}\). Using similar idea we also present new results over the work of Blömer and May (PKC 2004).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blömer, J., May, A.: A generalized Wiener attack on RSA. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 1–13. Springer, Heidelberg (2004)
Boneh, D.: Twenty Years of Attacks on the RSA Cryptosystem. Notices of the AMS 46(2), 203–213 (1999)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Trans. on Information Theory 46(4), 1339–1349 (2000)
Copppersmith, D.: Small solutions to polynomial equations and low exponent vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)
Coron, J.-S., May, A.: Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring. J. Cryptology 20(1), 39–50 (2007)
Duejella, A.: Continued fractions and RSA with small secret exponent. Tatra Mt. Math. Publ. 29, 101–112 (2004)
Jochemsz, E.: Cryptanalysis of RSA variants using small roots of polynomials. Ph. D. thesis, Technische Universiteit Eindhoven (2007)
Hastad, J.: On using RSA with low exponent in public key network. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 403–408. Springer, Heidelberg (1986)
Ibrahim, D., Bahig, H.M., Bhery, A., Daoud, S.S.: A new RSA vulnerability using continued fractions. In: 6th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2008), Doha, Qatar, March 31–April 4 (2008)
Jochemsz, E., May, A.: A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007)
Pollard, J.M.: Theorems on factorization and primality testing. Proc. of Combridge Philos. Soc. 76, 521–528 (1974)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of ACM 21(2), 158–164 (1978)
Rosen, K.H.: Elementary Number Theory. Addison-Wesley, Reading (1984)
Silverman, R.D.: Fast generation of random, strong RSA primes. Cryptobytes 3(1), 9–13 (1997)
Stinson, D.R.: Cryptography – Theory and Practice, 2nd edn. Chapman & Hall/CRC, Boca Raton (2002)
Steinfeld, R., Contini, S., Pieprzyk, J., Wang, H.: Converse results to the Wiener attack on RSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 184–198. Springer, Heidelberg (2005)
Verheul, E.R., van Tilborg, H.C.A.: Cryptanalysis of ‘less short’ RSA secret exponents. Applicable Algebra in Engineering, Communication and Computing 8, 425–435 (1997)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)
Williams, H.C.: A p + 1 method of factoring. Mathematics of Computation 39(159), 225–234 (1982)
de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering, Communication and Computing 13(1), 17–28 (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maitra, S., Sarkar, S. (2008). Revisiting Wiener’s Attack – New Weak Keys in RSA. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-85886-7_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85884-3
Online ISBN: 978-3-540-85886-7
eBook Packages: Computer ScienceComputer Science (R0)