Skip to Main content Skip to Navigation
Journal articles

A Unified Method for Private Exponent Attacks on RSA using Lattices

Abstract : Let (n = pq, e = n^β) be an RSA public key with private exponent d = n^δ , where p and q are large primes of the same bit size. At Eurocrypt 96, Coppersmith presented a polynomial-time algorithm for finding small roots of univariate modular equations based on lattice reduction and then succussed to factorize the RSA modulus. Since then, a series of attacks on the key equation ed − kφ(n) = 1 of RSA have been presented. In this paper, we show that many of such attacks can be unified in a single attack using a new notion called Coppersmith's interval. We determine a Coppersmith's interval for a given RSA public key (n, e). The interval is valid for any variant of RSA, such as Multi-Prime RSA, that uses the key equation. Then we show that RSA is insecure if δ < β + 1/3 α − 1/3 √ (12αβ + 4α^2) provided that we have approximation p0 ≥ √ n of p with |p − p0| ≤ 1/2 n^α , α ≤ 1/2. The attack is an extension of Coppersmith's result.
Document type :
Journal articles
Complete list of metadata

Cited literature [22 references]  Display  Hide  Download
Contributor : Abderrahmane Nitaj <>
Submitted on : Saturday, October 19, 2019 - 8:21:41 PM
Last modification on : Monday, September 21, 2020 - 3:00:07 PM
Long-term archiving on: : Monday, January 20, 2020 - 1:41:16 PM


Files produced by the author(s)


  • HAL Id : hal-02320914, version 1



Hatem Bahig, Dieaa Nassr, Ashraf Bhery, Abderrahmane Nitaj. A Unified Method for Private Exponent Attacks on RSA using Lattices. International Journal of Foundations of Computer Science, World Scientific Publishing, In press. ⟨hal-02320914⟩



Record views


Files downloads