AIMS Mathematics (Sep 2024)
Concurrent factorization of RSA moduli via weak key equations
Abstract
The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem's difficulty, which is computationally infeasible with large security parameters. However, this study revealed scenarios where an attacker can concurrently factorize multiple RSA moduli $ N_i = p_i q_i $ under specific conditions. The attack is feasible when the attacker possesses a set of RSA key pairs with certain flaws, allowing each $ N_i $ to be factored in polynomial time. We identified vulnerabilities in RSA keys that satisfy particular equations by applying Diophantine approximation and Coppersmith's lattice-based technique. For instance, the study demonstrates that if RSA public exponents $ e_i $ and moduli $ N_i $ adhere to $ e_i r - (N_i - p_i - q_i + u_i) s_i = t_i $, where $ r, s_i, u_i $, and $ t_i $ are small integers, then all $ N_i $ can be factorized simultaneously. Additionally, another vulnerability arises when RSA parameters satisfy $ e_i r_i - s(N_i - p_i - q_i + u_i) = t_i $, enabling concurrent factorization with small integers $ s, r_i, u_i $, and $ t_i $. This research expands the understanding of RSA security by identifying specific conditions under which RSA public-key pairs can be compromised. These findings are relevant to the broader field of cryptography and the ongoing efforts to secure communication systems against sophisticated adversaries.
Keywords