Common modulus attacks on small private exponent RSA and some fast variants (in practice)

Hinek M. Jason; Lam Charles C.Y.

doi:10.1515/jmc.2010.003

Journal of Mathematical Cryptology (Jul 2010)

Common modulus attacks on small private exponent RSA and some fast variants (in practice)

Hinek M. Jason,
Lam Charles C.Y.

Affiliations

Hinek M. Jason: iCORE Information Security Lab, Department of Computer Science, University of Calgary, Calgary, AB, T2N 1N4, Canada. E-mail: [email protected]
Lam Charles C.Y.: Department of Mathematics, California State University, Bakersfield, Bakersfield, CA. 93311-1022, USA. E-mail: [email protected]

DOI: https://doi.org/10.1515/jmc.2010.003
Journal volume & issue: Vol. 4, no. 1
pp. 58 – 93

Abstract

Read online

In this work we re-examine two common modulus attacks on RSA. First, we show that Guo's continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a commonmodulus N and private exponents each smaller than N0.33, the attack can factor the modulus about 93% of the time in practice. The success rate of the attack can be increased up to almost 100% by including a relatively small exhaustive search. Next, we consider Howgrave-Graham and Seifert's lattice-based attack and show that a second necessary condition for the attack exists that limits the bounds (beyond the original bounds) once n ≥ 7 instances of RSA are used. In particular, by construction, the attack is limited to private exponents at most N0.5–ε, given sufficiently many instances, instead of the original bound of N1–ε.

Published in Journal of Mathematical Cryptology

ISSN: 1862-2976 (Print); 1862-2984 (Online)
Publisher: De Gruyter
Country of publisher: Poland
LCC subjects: Science: Mathematics
Website: https://www.degruyter.com/view/journals/jmc/jmc-overview.xml

About the journal

Abstract

Keywords