Results 1  10
of
122
Factoring RSA modulus using prime reconstruction from random known bits
 In Progress in Cryptology  Africacrypt 2010, volume 6055 of LNCS
, 2010
"... Abstract. This paper discusses the factorization of the RSA modulus N (i.e., N = pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits. The reconstruction method is a modified bruteforce search exploiting the known bits to prune wrong branches of the sear ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. This paper discusses the factorization of the RSA modulus N (i.e., N = pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits. The reconstruction method is a modified bruteforce search exploiting the known bits to prune wrong branches
RSA private key reconstruction from random bits using SAT solvers
, 2013
"... SAT solvers are being used more and more in Cryptanalysis, with mixed results regarding their efficiency, depending on the structure of the algorithm they are applied. However, when it comes to integer factorization, or more specially the RSA problem, SAT solvers prove to be at least inefficient. Th ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. The running times are too long to be compared with any well known integer factorization algorithm, even when it comes to small RSA moduli numbers. The recent work on cold boot attacks has sparkled again the interest on partial key exposure attacks and in RSA key reconstruction. In our work, contrary
Reconstruction and Error Correction of RSA Secret Parameters from the MSB Side
, 2011
"... Abstract. This paper discusses the factorization of the RSA modulus when some ‘partial information ’ about the bits of the RSA secret parameters are known. Heninger and Shacham (Crypto 2009) considered the reconstruction of RSA secret parameters from a few randomly known bits, and Henecka, May and M ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. This paper discusses the factorization of the RSA modulus when some ‘partial information ’ about the bits of the RSA secret parameters are known. Heninger and Shacham (Crypto 2009) considered the reconstruction of RSA secret parameters from a few randomly known bits, and Henecka, May
An Attack on RSA Using LSBs of Multiples of the Prime Factors
"... Abstract. Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N 0.25 and its extension by Boneh and Durfee to d < N 0.292 show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can ..."
Abstract
 Add to MetaCart
Abstract. Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N 0.25 and its extension by Boneh and Durfee to d < N 0.292 show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can
Remarks on the Use of RSA Moduli With Prespecified Bits
"... This letter shows that the use of fourprime RSA moduli with prespecified bits proposed by Vanstone and Zuccherato may have a certain security problem. A possible way to avoid this problem is described. We also propose a more robust method for structuring RSA moduli which gives almost random moduli. ..."
Abstract
 Add to MetaCart
This letter shows that the use of fourprime RSA moduli with prespecified bits proposed by Vanstone and Zuccherato may have a certain security problem. A possible way to avoid this problem is described. We also propose a more robust method for structuring RSA moduli which gives almost random moduli
Cryptanalysis of RSA with constrained keys
 Appl. Algebra Eng. Commun. Comput., Submitted
"... Abstract. Let n = pq be an RSA modulus with unknown prime factors of equal bitsize. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 (mod φ(n)) where φ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted t ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. Let n = pq be an RSA modulus with unknown prime factors of equal bitsize. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 (mod φ(n)) where φ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted
Enhanced Rsa Cryptosystem Based On Three Prime Numbers
"... Abstract Public key cryptography consists of set of methods which are used to encrypt secret messages so that they can be read only by the intended receiver. The most common public key algorithm is RSA cryptosystem used for encryption and decryption. Security of RSA Algorithm can be compromised usi ..."
Abstract
 Add to MetaCart
the use of third prime number in order to make a modulus n which is not easily decomposable by intruders. Further, this approach eliminates the need to transfer n, the product of two random but essentially big prime numbers, in the public key due to which it becomes difficult for the intruder to guess
New Partial Key Exposure Attacks on RSA Revisited
, 2004
"... At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomialtime partial key exposure attacks against RSA with public exponent e> N 1/2. Attacks for known most significant bits and known least significant bits were presented. In thi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
to the RSA modulus. Some experimental bounds on the fraction of bits needed to mount the attacks are presented for some common RSA modulus sizes and small lattice dimensions. When using Coppersmith’s method for finding small roots of multivariate modular polynomials in cryptographic applications, it is often
Attacking Unbalanced RSACRT Using SPA
"... Abstract. Efficient implementations of RSA on computationally limited devices, such as smartcards, often use the CRT technique in combination with Garner’s algorithm in order to make the computation of modular exponentiation as fast as possible. At PKC 2001, Novak has proposed to use some informatio ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
and lattice reduction, requires a small difference, say 10 bits, between the bit lengths of modulus prime factors.
Fault attacks on rsa signatures with partially unknown messages
 Proceedings of ches 2009, lncs
, 2009
"... Abstract. Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton [6] introduced faultbased attacks on crtrsa. These attacks factor the signer’s modulus when the message padding function is deterministic. However, ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Abstract. Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton [6] introduced faultbased attacks on crtrsa. These attacks factor the signer’s modulus when the message padding function is deterministic. However
Results 1  10
of
122