A Generalized Attack on Some Variants of the RSA Cryptosystem

Abstract: Let N = pq be an RSA modulus with unknown factorization. The RSA cryptosystem can be attacked by using the key equation ed−k(p−1)(q−1) = 1. Similarly, some variants of RSA, such as RSA combined with singular elliptic curves, LUC and RSA with Gaussian primes can be attacked by using the key equation ed−k p 2 − 1 q 2 − 1 = 1. In this paper, we consider the more general equation eu− p 2 − 1 q 2 − 1 v = w and present a new attack that finds the prime factors p and q in the case that u, v and w satisfy some specifi… Show more

“…They combined Coppersmith's technique, and the continued fraction method and showed that one 4 . The same equation ex − p 2 − 1 q 2 − 1 y = z was later considered by Nitaj et al [15]. For e = N α , and d = N δ , they showed that the equation ed − k p 2 − 1 q 2 − 1 = 1 can be solved and N can be factored if δ < 7 3 − 2 3 √ 1 + 3α.…”

“…Then by applying Coppersmith's method and lattice reduction techniques, we show that, under the condition δ < 2 − √ 2αβ, one can factor the RSA modulus N . If we apply our attacks to the case where p and q are randomly chosen, that is p − q = O N β with β = 1 2 , then our bounds on δ and d retrieve the existing bounds in the previous attacks in [3,15,18,22].…”

Cryptanalysis of RSA Variants with Primes Sharing Most Significant Bits

“…They combined Coppersmith's technique, and the continued fraction method and showed that one 4 . The same equation ex − p 2 − 1 q 2 − 1 y = z was later considered by Nitaj et al [15]. For e = N α , and d = N δ , they showed that the equation ed − k p 2 − 1 q 2 − 1 = 1 can be solved and N can be factored if δ < 7 3 − 2 3 √ 1 + 3α.…”

“…Then by applying Coppersmith's method and lattice reduction techniques, we show that, under the condition δ < 2 − √ 2αβ, one can factor the RSA modulus N . If we apply our attacks to the case where p and q are randomly chosen, that is p − q = O N β with β = 1 2 , then our bounds on δ and d retrieve the existing bounds in the previous attacks in [3,15,18,22].…”

Cryptanalysis of RSA Variants with Primes Sharing Most Significant Bits

“…In 1996, Coppersmith [8] introduced a rigorous method for finding the small solutions of the univariate polynomial equation f (x) ≡ 0 (mod e) and the small roots of the bivariate polynomial equation f (x, y) = 0. Coppersmith's method is based on lattice reduction and is useful in cryptography, especially for attacking the RSA cryptosystem (see [16,5,1,19]). Since then, numerous variants of Coppersmith's method have been presented for multivariate polynomial equations assuming certain hypothesis.…”

Improved Cryptanalysis of the KMOV Elliptic Curve Cryptosystem

“…In this attack, attacker emphasis is on breaking the fundamental arrangement of the mathematical function. Main attacks under this category are low public key exponent attack [4,5], Hastad broadcast attack [6,7], Coppersmith's Short Pad Attack [8], Factorization attack [9], chosen cipher text attack [10], common modulus attack [11], low private key exponent attack [12] and B l ö m e r and M a y in [13] are presented as an extension work of Wiener's attack on small RSA secret decryption exponents. All these attacks are summarized as follows:…”

Key Generation Using Generalized Pell’s Equation in Public Key Cryptography Based on the Prime Fake Modulus Principle to Image Encryption and Its Security Analysis