Publishing Upper Half of RSA Decryption Exponent

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6434)


In the perspective of RSA, given small encryption exponent e (e.g., e = 216 + 1), the top half of the decryption exponent d can be narrowed down within a small search space. This fact has been previously exploited in RSA cryptanalysis. On the contrary, here we propose certain schemes to exploit this fact towards efficient RSA decryption.


Cryptology Decryption Exponent Efficient Decryption Public Key Cryptography RSA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with Private Key d Less Than N 0.292. IEEE Transactions on Information Theory 46(4), 1339–1349 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA Private Key given a Small Fraction of its Bits,
  3. 3.
    Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. Journal of Cryptology 10(4), 233–260 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Galbraith, S., Heneghan, C., McKee, J.: Tunable Balancing RSA,
  5. 5.
    Lenstra, A.: Generating RSA moduli with a predetermined portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. Springer, Heidelberg (1993)CrossRefzbMATHGoogle Scholar
  7. 7.
    Maitra, S., Sarkar, S.: Efficient CRT-RSA Decryption for Small Encryption Exponents. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 26–40. Springer, Heidelberg (2010)Google Scholar
  8. 8.
    Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computations with insecure auxiliary devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 497–506. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  9. 9.
    Nguyen, P.Q., Shparlinski, I.: On the Insecurity of a Server-Aided RSA Protocol. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 21–25. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Quisquater, J.-J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electronic Letters 18, 905–907 (1982)CrossRefGoogle Scholar
  11. 11.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of ACM 21(2), 158–164 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Sakai, R., Morii, M., Kasahara, M.: New Key Generation Algorithm for RSA Cryptosystem. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 77(1), 89–97 (1994)Google Scholar
  13. 13.
    Stinson, D.R.: Cryptography - Theory and Practice. 2nd Edition, Chapman & Hall/CRC (2002)Google Scholar
  14. 14.
    Sun, H.-M., Hinek, M.J., Wu, M.-E.: On the Design of Rebalanced RSA-CRT,
  15. 15.
    Vanstone, S.A., Zuccherato, R.J.: Short RSA Keys and Their Generation. Journal of Cryptology 8(2), 101–114 (1995)zbMATHGoogle Scholar
  16. 16.
    Verheul, E., van Tilborg, H.: Cryptanalysis of less short RSA secret exponents. Applicable Algebra in Engineering, Communication and Computing 18, 425–435 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering, Communication and Computing 13, 17–28 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Wiener, M.: Cryptanalysis of Short RSA Secret Exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations