Cryptanalytic Attacks and Countermeasures on RSA

  • Manish Kant Dubey
  • Ram Ratan
  • Neelam Verma
  • Pramod Kumar Saxena
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 258)


RSA cryptosystem is based on the difficulty of factoring large integers. It is used in encryption as well as in digital signature for providing security and authenticity of information. RSA is employed in various security applications. RSA has been extensively analyzed for flaws and cryptanalytic attacks but it is still considered secure due to adequate countermeasures and improvements reported. In this paper, we present a brief overview on RSA, discuss various flaws and cryptanalytic attacks including applicability of genetic algorithm and some countermeasures to overcome from certain flaws and cryptanalytic attacks. The review study shows that RSA is a most popular secure asymmetric cryptosystem and its strength would remain intact until availability of quantum computers.


Public key cryptography Information security Digital signature Cryptanalytic attack Countermeasure Soft computing Genetic algorithm 


  1. 1.
    Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3/4), 379–423/623–656 (1948)Google Scholar
  2. 2.
    Mollin, R.A.: An Introduction to Cryptography. Chapman & Hall, CRC Press (2010)Google Scholar
  3. 3.
    Diffe, W., Hellman, M.: New directions in cryptography. Trans. Inf. Theory 22(6), 644–654 (1976)CrossRefGoogle Scholar
  4. 4.
    Merkle, R.C., Hellman, M.E.: Hiding information and receipts in trapdoor Knapsacks. In: International Symposium on Information Theory, Cornell University, Ithaca, New York (1977) Google Scholar
  5. 5.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)CrossRefMATHMathSciNetGoogle Scholar
  6. 6.
    Ellis, J.H.: The History of Non-secret Encryption. GCHQ-CESG Publication, London (1987) Google Scholar
  7. 7.
    Lenstra, A.K., James, P.H., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. (2012)
  8. 8.
    Ali, H., Al-Salami, M.: Timing attack prospect for RSA cryptanalysis using genetic algorithm technique. Int. Arab J. Inf. Tech. 1(1), 80–84 (2004)Google Scholar
  9. 9.
    Qiao, G., Lam, K.-Y.: RSA signature algorithm for microcontroller implementation. In: Proceedings of CARDIS’98, LNCS, vol. 1820, pp. 353–356 (1998)Google Scholar
  10. 10.
    Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Proceedings of ASIACRYPT’06, LNCS, vol. 4284, pp. 267–282 (2006)Google Scholar
  11. 11.
    Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices Amer. Math. Soc. 46(2), 203–213 (1999)Google Scholar
  12. 12.
    Jevons, W.S.: The Principles of Science: A Treatise on Logic and Scientific Method. Macmillan & Co., London (1874)Google Scholar
  13. 13.
    Crandall, R., Pomerance, C.: Prime Numbers: A Computational Perspective. 2nd edn. Springer-Verlag, New York (2005)Google Scholar
  14. 14.
    Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A kilobit special number field sieve factorization. In: Proceedings of ASIACRYPT’07, LNCS, vol. 4833, pp. 1–12 (2007)Google Scholar
  15. 15.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thome, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A.,te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit RSA modulus. Advances in Cryptology, LNCS, vol. 6223, pp. 333–350 (2010)Google Scholar
  16. 16.
    Bai, S., Thome, E. Zimmermann, P.: Factorisation of RSA-704 with CADO-NFS. crypto-eprint archive, 369 (2012)Google Scholar
  17. 17.
    Shamir, A. : Factoring large numbers with the TWINKLE device. CHES’99, LNCS, vol. 1717, pp. 2–12 (1999)Google Scholar
  18. 18.
    Shamir, A., Tromer, E.: Factoring large numbers with the TWIRL device. CRYPTO’03, LNCS, vol. 2729, pp. 1–26 (2003)Google Scholar
  19. 19.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. EUROCRYPT’94, LNCS, vol. 950, pp. 92–111 (1995)Google Scholar
  20. 20.
    Wiener, H.: Cryptanalysis of short RSA secret exponents. Trans. Inf. Theory 36(3), 553–558 (1990)CrossRefMATHMathSciNetGoogle Scholar
  21. 21.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. Trans. Inf. Theory 46(4), 1339–1349 (2000)Google Scholar
  22. 22.
    Steinfeld, R., Contini, S.,Wang, H., Pieprzyk, J.: Converse results to the Wiener attack on RSA. PKC’05, LNCS, vol. 3386, pp. 184–198 (2005)Google Scholar
  23. 23.
    Jochemsz, E., May, A.: A polynomial time attack on RSA with private CRT-exponents smaller than N 0.73. Advances in Cryptology, LNCS, vol. 4622, pp. 395–411 (2007)Google Scholar
  24. 24.
    Bleichenbacher, D., May, A.: New attacks on RSA with small secret CRT-exponents. PKC’06, LNCS, vol. 3958, pp. 1–13 (2006)Google Scholar
  25. 25.
    Nitaj, A.: A new attack on RSA and CRT-RSA. AFRICACRYPT’12, LNCS, vol. 7374, pp. 221–233 (2012)Google Scholar
  26. 26.
    Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. ASIACRYPT’98, LNCS, vol. 1514, pp. 25–34 (1998)Google Scholar
  27. 27.
    Blomer, J., May, A.: New partial key exposure attacks on RSA. CRYPTO’03, LNCS, vol. 2729, pp. 27–43 (2003)Google Scholar
  28. 28.
    Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. EUROCRYPT’05, LNCS, vol. 3494, pp. 371–386 (2005)Google Scholar
  29. 29.
    Coron, J.-S.: Finding small roots of bivariate integer equations revisited. EUROCRYPT’04, LNCS, vol. 3027, pp. 492–505 (2004)Google Scholar
  30. 30.
    Sarkar, S., Gupta, S., Maitra, S.:Partial key exposure attack on RSAC improvements for limited lattice dimensions. INDOCRYPT’10, LNCS, vol. 6498, pp. 2–16 (2010)Google Scholar
  31. 31.
    Joye, M., Lepoint, T.: Partial key exposure on RSA with private exponents larger than N. ISPEC’12, LNCS, vol. 7232, pp. 369–380 (2012)Google Scholar
  32. 32.
    Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. ASIACRYPT’06. LNCS, vol. 4284, pp. 267–282 (2006)Google Scholar
  33. 33.
    Howgrave, N., Graham: Finding small roots of univariate modular equations revisited. A cryptography and coding, LNCS, vol. 1355, pp. 131–142 (1997)Google Scholar
  34. 34.
    May, A.: New RSA vulnerabilities using lattice reduction methods. PhD thesis, University of Paderborn (2003)Google Scholar
  35. 35.
    Hastad, J.: Solving simultaneous modular equations of low degree. SIAM J. Comput. 17, 336–341 (1988)CrossRefMATHMathSciNetGoogle Scholar
  36. 36.
    Bortz, A., Boneh, D., Nangy, P.: Exposing private information by timing web applications. In: Proceedings of the 16th International World Wide Web. Conference, Banff, Alberta, pp. 8–12 (2007)Google Scholar
  37. 37.
    May, A., Ritzenhofen, M.: Solving systems of modular equations in one variable: how many RSA-encrypted messages does Eve need to know? PKC’08, LNCS, vol. 2146, pp. 37–46 (2008) Google Scholar
  38. 38.
    Franklin, M.K., Reiter, M.K.: A linear protocol failure for RSA with exponent three. Crypto’95 Rump Session (1995)Google Scholar
  39. 39.
    Coppersmith, D., Franklin, M., Patarin, J., Reiter, M.: Low-exponent RSA with related messages. EUROCRYPT’96, LNCS, vol. 1070, pp. 1–9 (1996)Google Scholar
  40. 40.
    Boneh, D., DeMillo, R.A., Lipton, R. J.: On the importance of checking cryptographic protocols for faults. EUROCRYPT’97, LNCS, vol. 1233, pp. 37–51 (1997)Google Scholar
  41. 41.
    Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. U.S. Patent Number 5, 991,415 (1999)Google Scholar
  42. 42.
    Joye, M., Pailler, P., Yen, S.-M.: Secure evaluation of modular functions. In: International Workshop on Cryptology and Network Security, pp.227–229 (2001)Google Scholar
  43. 43.
    Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. CRYPTO’08, LNCS, vol. 5157, pp. 221–240 (2008)Google Scholar
  44. 44.
    Pellegrini, A., Bertacco, V., Austin, T.: Fault based attack of RSA authentication. In: Proceedings of the Conference on Design, Automation and Test, pp. 855–860 (2010)Google Scholar
  45. 45.
    Kocher, P.:Timing attacks on implementations of Diffe-Hellman, RSA, DSS and other systems. CRYPTO’96, LNCS, vol. 1109, pp. 104–113 (1996)Google Scholar
  46. 46.
    Schindler, W.: A timing attack against RSA with the Chinese remainder theorem. CHES’2000, LNCS, vol. 1965, pp. 110–125 (2000)Google Scholar
  47. 47.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Usenix Security Symposium, pp. 1-14 (2003)Google Scholar
  48. 48.
    Kocher, P., Jae, J., Jun, B.: Differential power analysis. CYRPTO’99, LNCS, vol. 1666, pp. 388–397 (1999)Google Scholar
  49. 49.
    Finke, T., Gebhardt, M., Schindler, W.: New side-channel attack on RSA prime generation. CHES’09, LNCS, vol. 5747, pp. 141–155 (2009)Google Scholar
  50. 50.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS#1. CRYPTO’98, LNCS, vol. 1462, pp.1–12 (1998)Google Scholar
  51. 51.
    Bleichenbacher, D.: Forging some RSA signature on pencil and paper. Rump Session, CRYPTO’06 (2006)Google Scholar
  52. 52.
    Izu, T., Shimoyama, T., Takenaka, M.: Extending Bleichenbacher’s forgery attack. J. Inf. Process. 16, 122–129 (2008)Google Scholar
  53. 53.
    Jager, T., Schinzel, S., Somorovsky, J.: Bleichenbacher’s attack strikes again: breaking PKCS# 1 v1.5 in XML encryption? ESORICS’12, LNCS, vol. 7459, pp.752–769 (2012)Google Scholar
  54. 54.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. FOCS’94, pp. 124–134 (1994)Google Scholar

Copyright information

© Springer India 2014

Authors and Affiliations

  • Manish Kant Dubey
    • 1
  • Ram Ratan
    • 1
  • Neelam Verma
    • 1
  • Pramod Kumar Saxena
    • 1
  1. 1.Scientific Analysis GroupDefence Research and Development OrganizationDelhiIndia

Personalised recommendations