Results 1 
8 of
8
On the design of RSA with short secret exponent
 Proc. of Asiacrypt ’99, LNCS
, 1999
"... Based on continued fractions Wiener showed that a typical RSA system can be to ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Based on continued fractions Wiener showed that a typical RSA system can be to
RSA with balanced short exponents and its application to entity authentication
 IN PUBLIC KEY CRYPTOLOGY— PKC 2005, LECTURE NOTES IN COMPUTER SCIENCE. NEWYORK
, 2005
"... In typical RSA, it is impossible to create a key pair (e, d) such that both are simultaneously much shorter than φ(N). This is because if d is selected first, then e will be of the same order of magnitude as φ(N), and vice versa. At Asiacrypt’99, Sun et al. designed three variants of RSA using prim ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
In typical RSA, it is impossible to create a key pair (e, d) such that both are simultaneously much shorter than φ(N). This is because if d is selected first, then e will be of the same order of magnitude as φ(N), and vice versa. At Asiacrypt’99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N 0.25 and N 0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bitlength 1 2 log 2 N + 56. The third RSA variant is constructed by such a method that allows a tradeoff between the lengths of d and e. Unfortunately, at Asiacrypt’2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a tradeoff between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolensecret attack is presented.
Fast Generation Of Random, Strong RSA Primes
, 1997
"... A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.
Cryptanalysis of Koyama Scheme
, 2006
"... In this paper we analyze the security of Koyama scheme based on the singular cubic curve for some well known attacks. We provide an efficient algorithm for linearly related plaintext attack and identify isomorphic attack on Koyama scheme. Some other attacks are also discussed in this paper. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this paper we analyze the security of Koyama scheme based on the singular cubic curve for some well known attacks. We provide an efficient algorithm for linearly related plaintext attack and identify isomorphic attack on Koyama scheme. Some other attacks are also discussed in this paper.
Author Retains Full Rights
"... This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. ..."
Abstract
 Add to MetaCart
(Show Context)
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
How to Choose Secret Parameters for RSA and its Extensions to Elliptic Curves
, 2001
"... Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because ..."
Abstract
 Add to MetaCart
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because the underlying groups are not always cyclic.
How to Choose Secret Parameters for RSAtype Cryptosystems over Elliptic Curves
, 1997
"... . Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying grou ..."
Abstract
 Add to MetaCart
(Show Context)
. Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curvebased analogues, the length of the RSAmodulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSAtype cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSAtype systems over elliptic curves if a fixed point is found. Keywords: RSAtype cryptosystems, Cycling attacks, Elliptic curves, Strong primes. 1. Introd...
Author Retains Full Rights
"... This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. ..."
Abstract
 Add to MetaCart
(Show Context)
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.