Results 1 
4 of
4
On the design of RSA with short secret exponent
 Proc. of Asiacrypt ’99, LNCS
, 1999
"... Based on continued fractions Wiener showed that a typical RSA system can be to ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Based on continued fractions Wiener showed that a typical RSA system can be to
Fast Generation Of Random, Strong RSA Primes
, 1997
"... A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.
C.T.Yang, ―RSA with balanced short exponents and its application to entity authentication
 in Public Key Cryptology— PKC 2005, Lecture Notes in Computer Science. NewYork
"... Abstract. In typical RSA, it is impossible to create a key pair (e, d) such that both are simultaneously much shorter than φ(N). This is because if d is selected first, then e will be of the same order of magnitude as φ(N), and vice versa. At Asiacrypt’99, Sun et al. designed three variants of RSA u ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. In typical RSA, it is impossible to create a key pair (e, d) such that both are simultaneously much shorter than φ(N). This is because if d is selected first, then e will be of the same order of magnitude as φ(N), and vice versa. At Asiacrypt’99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N 0.25 and N 0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bitlength 1 2 log 2 N + 56. The third RSA variant is constructed by such a method that allows a tradeoff between the lengths of d and e. Unfortunately, at Asiacrypt’2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a tradeoff between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolensecret attack is presented.
Cryptanalysis of Koyama Scheme
, 2006
"... In this paper we analyze the security of Koyama scheme based on the singular cubic curve for some well known attacks. We provide an efficient algorithm for linearly related plaintext attack and identify isomorphic attack on Koyama scheme. Some other attacks are also discussed in this paper. ..."
Abstract
 Add to MetaCart
In this paper we analyze the security of Koyama scheme based on the singular cubic curve for some well known attacks. We provide an efficient algorithm for linearly related plaintext attack and identify isomorphic attack on Koyama scheme. Some other attacks are also discussed in this paper.