Skip to Main content Skip to Navigation
Journal articles

A Unified Method for Private Exponent Attacks on RSA using Lattices

Abstract : Let (n = pq, e = n^β) be an RSA public key with private exponent d = n^δ , where p and q are large primes of the same bit size. At Eurocrypt 96, Coppersmith presented a polynomial-time algorithm for finding small roots of univariate modular equations based on lattice reduction and then succussed to factorize the RSA modulus. Since then, a series of attacks on the key equation ed − kφ(n) = 1 of RSA have been presented. In this paper, we show that many of such attacks can be unified in a single attack using a new notion called Coppersmith's interval. We determine a Coppersmith's interval for a given RSA public key (n, e). The interval is valid for any variant of RSA, such as Multi-Prime RSA, that uses the key equation. Then we show that RSA is insecure if δ < β + 1/3 α − 1/3 √ (12αβ + 4α^2) provided that we have approximation p0 ≥ √ n of p with |p − p0| ≤ 1/2 n^α , α ≤ 1/2. The attack is an extension of Coppersmith's result.
Document type :
Journal articles
Complete list of metadatas

Cited literature [22 references]  Display  Hide  Download

https://hal-normandie-univ.archives-ouvertes.fr/hal-02320914
Contributor : Abderrahmane Nitaj <>
Submitted on : Saturday, October 19, 2019 - 8:21:41 PM
Last modification on : Monday, September 21, 2020 - 3:00:07 PM
Long-term archiving on: : Monday, January 20, 2020 - 1:41:16 PM

File

GeneralCoppersmith.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02320914, version 1

Collections

Citation

Hatem Bahig, Dieaa Nassr, Ashraf Bhery, Abderrahmane Nitaj. A Unified Method for Private Exponent Attacks on RSA using Lattices. International Journal of Foundations of Computer Science, World Scientific Publishing, In press. ⟨hal-02320914⟩

Share

Metrics

Record views

54

Files downloads

249