A Unified Method for Private Exponent Attacks on RSA using Lattices

Abstract : Let (n = pq, e = n^β) be an RSA public key with private exponent d = n^δ , where p and q are large primes of the same bit size. At Eurocrypt 96, Coppersmith presented a polynomial-time algorithm for finding small roots of univariate modular equations based on lattice reduction and then succussed to factorize the RSA modulus. Since then, a series of attacks on the key equation ed − kφ(n) = 1 of RSA have been presented. In this paper, we show that many of such attacks can be unified in a single attack using a new notion called Coppersmith's interval. We determine a Coppersmith's interval for a given RSA public key (n, e). The interval is valid for any variant of RSA, such as Multi-Prime RSA, that uses the key equation. Then we show that RSA is insecure if δ < β + 1/3 α − 1/3 √ (12αβ + 4α^2) provided that we have approximation p0 ≥ √ n of p with |p − p0| ≤ 1/2 n^α , α ≤ 1/2. The attack is an extension of Coppersmith's result.
Type de document :
Article dans une revue
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal-normandie-univ.archives-ouvertes.fr/hal-02320914
Contributeur : Abderrahmane Nitaj <>
Soumis le : samedi 19 octobre 2019 - 20:21:41
Dernière modification le : jeudi 24 octobre 2019 - 01:41:57

Fichier

GeneralCoppersmith.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-02320914, version 1

Collections

Citation

Hatem Bahig, Dieaa Nassr, Ashraf Bhery, Abderrahmane Nitaj. A Unified Method for Private Exponent Attacks on RSA using Lattices. International Journal of Foundations of Computer Science, World Scientific Publishing, In press. ⟨hal-02320914⟩

Partager

Métriques

Consultations de la notice

15

Téléchargements de fichiers

30