Let´Ò ÔÕ µ be an RSA public key with private exponent Ò AE where Ô and Õ are large primes of the same bit size. Suppose that Ô ¼ Ô Ò be an approximation of Ô with Ô Ô ¼ ½ Ò « « ½ ¾ Using continued fractions, we show that the system is insecure if AE ½ « ¾ Our result is deterministic polynomial time and an extension of Coppersmith's result on a factorization.
Let [Formula: see text] be an RSA public key with private exponent [Formula: see text] where [Formula: see text] and [Formula: see text] are large primes of the same bit size. At Eurocrypt 96, Coppersmith presented a polynomial-time algorithm for finding small roots of univariate modular equations based on lattice reduction and then succussed to factorize the RSA modulus. Since then, a series of attacks on the key equation [Formula: see text] of RSA have been presented. In this paper, we show that many of such attacks can be unified in a single attack using a new notion called Coppersmith’s interval. We determine a Coppersmith’s interval for a given RSA public key [Formula: see text] The interval is valid for any variant of RSA, such as Multi-Prime RSA, that uses the key equation. Then we show that RSA is insecure if [Formula: see text] provided that we have approximation [Formula: see text] of [Formula: see text] with [Formula: see text] [Formula: see text] The attack is an extension of Coppersmith’s result.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.