Increment of insecure RSA private exponent bound through perfect square RSA diophantine parameters cryptanalysis

•A new weak RSA key equation structure that solves the factoring problem under certain specified conditions in polynomial time is proposed.•Note that our cryptanalytic work extends the bound of insecure RSA decryption exponents of some previous literature.•Experimental results are provided to demons...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer standards and interfaces 2022-03, Vol.80, p.103584, Article 103584
Hauptverfasser: Wan Mohd Ruzai, Wan Nur Aqlili, Nitaj, Abderrahmane, Kamel Ariffin, Muhammad Rezal, Mahad, Zahari, Asbullah, Muhammad Asyraf
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:•A new weak RSA key equation structure that solves the factoring problem under certain specified conditions in polynomial time is proposed.•Note that our cryptanalytic work extends the bound of insecure RSA decryption exponents of some previous literature.•Experimental results are provided to demonstrate the effectiveness of the new attack. The public parameters of the RSA cryptosystem are represented by the pair of integers N and e. In this work, first we show that if e satisfies the Diophantine equation of the form ex2−ϕ(N)y2=z for appropriate values of x,y and z under certain specified conditions, then one is able to factor N. That is, the unknown yx can be found amongst the convergents of eN via continued fractions algorithm. Consequently, Coppersmith’s theorem is applied to solve for prime factors p and q in polynomial time. We also report a second weakness that enabled us to factor k instances of RSA moduli simultaneously from the given (Ni,ei) for i=1,2,⋯,k and a fixed x that fulfills the Diophantine equation eix2−yi2ϕ(Ni)=zi. This weakness was identified by solving the simultaneous Diophantine approximations using the lattice basis reduction technique. We note that this work extends the bound of insecure RSA decryption exponents.
ISSN:0920-5489
1872-7018
DOI:10.1016/j.csi.2021.103584