Results 1 
3 of
3
Common Modulus Attacks on Small Private Exponent RSA and Some Fast Variants (in Practice)
, 2009
"... Abstract. In this work we reexamine two common modulus attacks on RSA. First, we show that Guo’s continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a common modulus N and private exponents each smaller than N 0.33 the attack can facto ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this work we reexamine two common modulus attacks on RSA. First, we show that Guo’s continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a common modulus N and private exponents each smaller than N 0.33 the attack can factor the modulus about 93 % of the time in practice. The success rate of the attack can be increased up to almost 100 % by including a relatively small exhaustive search. Next, we consider HowgraveGraham and Seifert’s latticebased attack and show that a second necessary condition for the attack exists that limits the bounds (beyond the original bounds) once n ≥ 7 instances of RSA are used. In particular, by construction, the attack can only succeed when the private exponents are each smaller than N 0.5−ɛ, given sufficiently many instances, instead of the original bound of N 1−ɛ. In addition, we also consider the effectiveness of the attacks when mounted against multiprime RSA and Tagaki’s variant of RSA. For multiprime RSA, we show three (or more) instances with a common modulus and private exponents smaller than N 1/3−ɛ is unsafe. For Takagi’s variant, we show that three or more instances with a common modulus N = p r q is unsafe when all the private exponents are smaller than N 2/(3(r+1))−ɛ. The results, for both variants, is obtained using Guo’s method and are successful almost always with the inclusion of a small exhaustive search. When only two instances are available, HowgraveGraham and Seifert’s attack can be mounted on multiprime RSA when the private exponents are smaller than N (3+r)/7r−ɛ when there are r primes in the modulus. Keywords: RSA, common modulus attack, multiprime RSA, Takagi’s variant, small exponent RSA. 1
An effective Method for Attack RSA Strategy
"... The protection on many public key encoding schemes depended on the intractability of detecting the integer factoring problem such as RSA scheme. However, there are great deals of researches regarding the RSA factoring modulus compared with the other type of attack the RSA scheme. So the need for mor ..."
Abstract
 Add to MetaCart
(Show Context)
The protection on many public key encoding schemes depended on the intractability of detecting the integer factoring problem such as RSA scheme. However, there are great deals of researches regarding the RSA factoring modulus compared with the other type of attack the RSA scheme. So the need for more methods of attacks other than RSA factoring modulus to find an effective and quicker algorithm to solve this problem is still crucial. This paper introduces a new algorithmic program which approaches the RSA scheme. The suggested algorithm aims to find the private key of the RSA scheme and then factoring the modulus based on the public key of the RSA scheme. The new idea exacted to be more efficient than the already existed algorithms particularly when the public key is small, since most of public key encryption schemes select a small public encryption key e in order to improve the efficiency of encryption. Also, the suggested algorithmic program is more effective since it is faster and takes less running time.
A New Factoring Attack on MultiPrime RSA with Small Prime Difference
"... In this paper, we study the security of multiprime RSA whose modulus is N = p1p2 pr for r 3 with small prime difference of size N
. In ACISP 2013, Zhang and Takagi showed a Fermatlike factoring attack, which can directly factor N for
< 1 r2. We improve this bound to theoretically achiev ..."
Abstract
 Add to MetaCart
(Show Context)
In this paper, we study the security of multiprime RSA whose modulus is N = p1p2 pr for r 3 with small prime difference of size N
. In ACISP 2013, Zhang and Takagi showed a Fermatlike factoring attack, which can directly factor N for
< 1 r2. We improve this bound to theoretically achieve
< 2 r(r+2) by a new factoring attack. Furthermore, we also analyse specific MPRSA with imbalanced prime factors. Experimental results are provided to show the efficiency of our attack.