Abstract
For a variant of RSA with modulus N = p r q and ed ≡ 1 mod (p − 1)(q − 1), we show that d can be recovered if \(d<N^{(2-\sqrt{2})/(r+1)}\). (Note that φ(N) ≠ (p − 1)(q − 1).) Boneh-Durfee’s result for the standard RSA is obtained as a special case for r = 1. Technically, we develop a method of a finding small root of a trivariate polynomial equation f(x, y,z) = x(y − 1)(z − 1) + 1 = 0 (mode) under the condition that y r z = N. Our result cannot be obtained from the generic method of Jochemsz-May.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blömer, J., May, A.: A Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251–267. Springer, Heidelberg (2005)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Transactions on Information Theory 46(4), 1339 (2000) (Firstly appeared in Eurocrypt 1999)
Boneh, D., Durfee, G., Howgrave-Graham, N.: Factoring N = p r q for Large r. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 326–337. Springer, Heidelberg (1999)
Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptology 10(4), 233–260 (1997)
Coron, J.S., May, A.: Deterministic Polynomial Time Equivalence of Computing the RSA Secret Key and Factoring. Journal of Cryptology 20(1), 39–50 (2004) (IACR ePrint Archive: Report 2004/208 (2004))
Nguyên, P.Q., Durfee, G.: Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt 99. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 14–29. Springer, Heidelberg (2000)
Ernst, M., Jochemsz, E., May, A., Weger, B.: Partial Key Exposure Attacks on RSA up to Full Size Exponents. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)
Howgrave-Graham, N.: Finding Small Roots of Univariate Modular Equations Revisited. In: IMA Int. Conf., pp. 131–142 (1997)
Jochemsz, E., May, A.: A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006)
Kunihiro, N., Kurosawa, K.: Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 412–425. Springer, Heidelberg (2007)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 515–534 (1982)
May, A.: Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Takagi, T.: Fast RSA-Type Cryptosystem Modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998)
Takagi, T.: A Fast RSA-Type Public-Key Primitive Modulo p k q Using Hensel Lifting. IEICE Trans. Fundamentals 87(1), 94–101 (2004)
Shoup, V.: Number Theory Library (NTL), http://www.shoup.net/ntl/
Wiener, M.: Cryptanalysis of Short RSA Secret Exponents. IEEE Transactions on Information Theory 36, 553–558 (1990)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Itoh, K., Kunihiro, N., Kurosawa, K. (2008). Small Secret Key Attack on a Variant of RSA (Due to Takagi). In: Malkin, T. (eds) Topics in Cryptology – CT-RSA 2008. CT-RSA 2008. Lecture Notes in Computer Science, vol 4964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79263-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-79263-5_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79262-8
Online ISBN: 978-3-540-79263-5
eBook Packages: Computer ScienceComputer Science (R0)