CiteSeerX — Search Results — Factoring RSA Modulus Using Prime Reconstruction from Random Known Bits.

Results 1 - 10 of 122

Factoring RSA modulus using prime reconstruction from random known bits

by Subhamoy Maitra, Santanu Sarkar, Sourav Sen Gupta - In Progress in Cryptology - Africacrypt 2010, volume 6055 of LNCS , 2010

"... Abstract. This paper discusses the factorization of the RSA modulus N (i.e., N = pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits. The reconstruction method is a modified brute-force search exploiting the known bits to prune wrong branches of the sear ..."

Abstract - Cited by 3 (1 self) - Add to MetaCart

Abstract. This paper discusses the factorization of the RSA modulus N (i.e., N = pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits. The reconstruction method is a modified brute-force search exploiting the known bits to prune wrong branches

RSA private key reconstruction from random bits using SAT solvers

by Constantinos Patsakis , 2013

"... SAT solvers are being used more and more in Cryptanalysis, with mixed results regarding their efficiency, depending on the structure of the algorithm they are applied. However, when it comes to integer factorization, or more specially the RSA problem, SAT solvers prove to be at least inefficient. Th ..."

Abstract - Cited by 1 (0 self) - Add to MetaCart

. The running times are too long to be compared with any well known integer factorization algorithm, even when it comes to small RSA moduli numbers. The recent work on cold boot attacks has sparkled again the interest on partial key exposure attacks and in RSA key reconstruction. In our work, contrary

Reconstruction and Error Correction of RSA Secret Parameters from the MSB Side

by Santanu Sarkar, Sourav Sen Gupta, Subhamoy Maitra , 2011

"... Abstract. This paper discusses the factorization of the RSA modulus when some ‘partial information ’ about the bits of the RSA secret parameters are known. Heninger and Shacham (Crypto 2009) considered the reconstruction of RSA secret parameters from a few randomly known bits, and Henecka, May and M ..."

Abstract - Cited by 1 (0 self) - Add to MetaCart

Abstract. This paper discusses the factorization of the RSA modulus when some ‘partial information ’ about the bits of the RSA secret parameters are known. Heninger and Shacham (Crypto 2009) considered the reconstruction of RSA secret parameters from a few randomly known bits, and Henecka, May

An Attack on RSA Using LSBs of Multiples of the Prime Factors

by Abderrahmane Nitaj

"... Abstract. Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N 0.25 and its extension by Boneh and Durfee to d < N 0.292 show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can ..."

Abstract - Add to MetaCart

Abstract. Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N 0.25 and its extension by Boneh and Durfee to d < N 0.292 show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can

Remarks on the Use of RSA Moduli With Prespecified Bits

by Chae Hoon, Pil Joong Lee

"... This letter shows that the use of four-prime RSA moduli with prespecified bits proposed by Vanstone and Zuccherato may have a certain security problem. A possible way to avoid this problem is described. We also propose a more robust method for structuring RSA moduli which gives almost random moduli. ..."

Abstract - Add to MetaCart

This letter shows that the use of four-prime RSA moduli with prespecified bits proposed by Vanstone and Zuccherato may have a certain security problem. A possible way to avoid this problem is described. We also propose a more robust method for structuring RSA moduli which gives almost random moduli

Cryptanalysis of RSA with constrained keys

by Abderrahmane Nitaj, Département De Mathématiques - Appl. Algebra Eng. Commun. Comput., Submitted

"... Abstract. Let n = pq be an RSA modulus with unknown prime factors of equal bit-size. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 (mod φ(n)) where φ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted t ..."

Abstract - Cited by 3 (3 self) - Add to MetaCart

Abstract. Let n = pq be an RSA modulus with unknown prime factors of equal bit-size. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 (mod φ(n)) where φ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted

Enhanced Rsa Cryptosystem Based On Three Prime Numbers

by Vivek Choudhary , Mr N Praveen

"... Abstract Public key cryptography consists of set of methods which are used to encrypt secret messages so that they can be read only by the intended receiver. The most common public key algorithm is RSA cryptosystem used for encryption and decryption. Security of RSA Algorithm can be compromised usi ..."

Abstract - Add to MetaCart

the use of third prime number in order to make a modulus n which is not easily decomposable by intruders. Further, this approach eliminates the need to transfer n, the product of two random but essentially big prime numbers, in the public key due to which it becomes difficult for the intruder to guess

New Partial Key Exposure Attacks on RSA Revisited

by M. Jason Hinek , 2004

"... At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomial-time partial key exposure attacks against RSA with public exponent e> N 1/2. Attacks for known most significant bits and known least significant bits were presented. In thi ..."

Abstract - Cited by 1 (0 self) - Add to MetaCart

to the RSA modulus. Some experimental bounds on the fraction of bits needed to mount the attacks are presented for some common RSA modulus sizes and small lattice dimensions. When using Coppersmith’s method for finding small roots of multivariate modular polynomials in cryptographic applications, it is often

Attacking Unbalanced RSA-CRT Using SPA

by Pierre-alain Fouque, Gwenaëlle Martinet, Guillaume Poupard

"... Abstract. Efficient implementations of RSA on computationally limited devices, such as smartcards, often use the CRT technique in combination with Garner’s algorithm in order to make the computation of modular exponentiation as fast as possible. At PKC 2001, Novak has proposed to use some informatio ..."

Abstract - Cited by 1 (0 self) - Add to MetaCart

and lattice reduction, requires a small difference, say 10 bits, between the bit lengths of modulus prime factors.

Fault attacks on rsa signatures with partially unknown messages

by Jean-sébastien Coron, Antoine Joux, Ilya Kizhvatov, David Naccache, Pascal Paillier - Proceedings of ches 2009, lncs , 2009

"... Abstract. Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton [6] introduced fault-based attacks on crt-rsa. These attacks factor the signer’s modulus when the message padding function is deterministic. However, ..."

Abstract - Cited by 11 (2 self) - Add to MetaCart

Abstract. Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton [6] introduced fault-based attacks on crt-rsa. These attacks factor the signer’s modulus when the message padding function is deterministic. However

Results 1 - 10 of 122

Tools