Get all the updates for this publication
Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We concentrate on the cases when e ( = N α ) satisfies eX − ZY = 1, given |N − Z| = N τ . Using the idea of Boneh and Durfee (Eurocrypt 1999, IEEE-IT 2000) we show that the LLL algorithm can be efficiently applied to get Z when |Y| = N γ and 𝛾<4𝛼𝜏(14𝜏+112𝛼−(14𝜏+112𝛼)2+12𝛼𝜏(112+𝜏24𝛼−𝛼8𝜏)‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾√). This idea substantially extends the class of weak keys presented by Nitaj (Africacrypt 2008) when Z = ψ(p, q, u, v) = (p − u)(q − v). Further, we consider Z = ψ(p, q, u, v) = N − pu − v to provide a new class of weak keys in RSA. This idea does not require any kind of factorization as used in Nitaj’s work. A very conservative estimate for the number of such weak exponents is N 0.75 − ε , where ε> 0 is arbitrarily small for suitably large N.
View more info for "A New Class of Weak Encryption Exponents in RSA"
Journal | Data powered by TypesetProgress in Cryptology |
---|---|
Publisher | Data powered by TypesetSpringer Berlin Heidelberg |
Open Access | No |