Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 3<br />
A class <strong>of</strong> Weak Encryption<br />
Exponents in <strong>RSA</strong><br />
A lot <strong>of</strong> weakness <strong>of</strong> <strong>RSA</strong> have been identified in the past three decades, but still<br />
<strong>RSA</strong> can be securely used with proper precautions as a public key cryptosystem.<br />
In 1990, Wiener [130] proved that <strong>RSA</strong> is insecure if d < 1 3 N 1 4. Later 1999,<br />
Boneh and Durfee [14] improved this bound up to N 0.292 . In [9], Blömer and May<br />
have shown that p,q can be found in polynomial time for every (N,e) satisfying<br />
eX + φ(N)Y = −y, with X ≤ 1 3 N 1 4 and |y| = O(N −3 4ex). Some extensions<br />
considering the difference p−q have also been studied. The work <strong>of</strong> [9] uses the<br />
result <strong>of</strong> Coppersmith [24] as well as the idea <strong>of</strong> CF expression [130] in their pro<strong>of</strong>.<br />
The number <strong>of</strong> such weak keys has been estimated as N 3 4 −ǫ .<br />
In a similar direction <strong>of</strong> [9], further weak keys were presented by Nitaj [96,97].<br />
The idea <strong>of</strong> [96] is as follows. Suppose that e satisfies the following property: there<br />
exist u,v,X,Y[<br />
such that ] eX −(p−u)(q −v)Y = 1 with 1 ≤ Y < X < 2 −1 4N 4,<br />
1<br />
|u| < N 1 4, v = − qu ([x] means the nearest integer <strong>of</strong> the real number x). If all<br />
p−u<br />
the prime factors <strong>of</strong> p−u or q−v are less than 10 50 , then N can be factored from<br />
the knowledge <strong>of</strong> N,e. The number <strong>of</strong> such weak exponents is estimated as N 1 2 −ǫ .<br />
So, in this case [96] number <strong>of</strong> weak exponents is smaller than [9].<br />
In [96], Continued Fraction (CF) expression is used to find the unknowns X,Y<br />
e<br />
among the convergents <strong>of</strong> . We get immediate improvements over the results<br />
N<br />
<strong>of</strong> [96] using the LLL [77] algorithm. Our results are as follows.<br />
47