Results 1  10
of
82
Partial Key Exposure Attack on RSA – Improvements for Limited Lattice Dimensions
"... Abstract. Consider the RSA public key cryptosystem with the parameters N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. In this paper, cryptanalysis of RSA is studied given that some amount of the Most Significant Bits (MSBs) of d is exposed. In Eurocrypt 2 ..."
Abstract
 Add to MetaCart
Abstract. Consider the RSA public key cryptosystem with the parameters N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. In this paper, cryptanalysis of RSA is studied given that some amount of the Most Significant Bits (MSBs) of d is exposed. In Eurocrypt
New Partial Key Exposure Attacks on RSA Revisited
, 2004
"... At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomialtime partial key exposure attacks against RSA with public exponent e> N 1/2. Attacks for known most significant bits and known least significant bits were presented. In thi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomialtime partial key exposure attacks against RSA with public exponent e> N 1/2. Attacks for known most significant bits and known least significant bits were presented
exposure attack for RSA (revised)
, 2009
"... A new lattice construction for partial key exposure attack for RSA (revised) ..."
Abstract
 Add to MetaCart
A new lattice construction for partial key exposure attack for RSA (revised)
A New lattice construction for partial key exposure attack for RSA
, 2008
"... In this paper we present a new lattice construction for a lattice based partial key exposure attack for the RSA cryptography. We consider the situation that the RSA secret key d is small and a sufficient amount of the LSBs (least significant bits) of d are known by the attacker. We show that our lat ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
In this paper we present a new lattice construction for a lattice based partial key exposure attack for the RSA cryptography. We consider the situation that the RSA secret key d is small and a sufficient amount of the LSBs (least significant bits) of d are known by the attacker. We show that our
New Partial Key Exposure Attacks on RSA
"... Abstract. In 1998, Boneh, Durfee and Frankel [4] presented several attacks on RSA when an adversary knows a fraction of the secret key bits. The motivation for these socalled partial key exposure attacks mainly arises from the study of sidechannel attacks on RSA. With side channel attacks an adver ..."
Abstract
 Add to MetaCart
quarter of the bits of N and therefore the method belongs to the strongest known partial key exposure attacks. Keywords: RSA, known bits, lattice reduction, Coppersmith's method 1 Introduction Let (N, e) be an RSA public key with N = pq, where p and q are of equal bitsize.The secret key d satisfies
A Partial Key Exposure Attack on RSA Using a 2Dimensional Lattice
"... Abstract. We describe an attack on the RSA cryptosystem when the private exponent d is chosen to be ’small’, under the condition that a sufficient amount of bits of d is available to the attacker. The attack uses a 2dimensional lattice and is therefore (in the area of the keyspace where it applies ..."
Abstract
 Add to MetaCart
Abstract. We describe an attack on the RSA cryptosystem when the private exponent d is chosen to be ’small’, under the condition that a sufficient amount of bits of d is available to the attacker. The attack uses a 2dimensional lattice and is therefore (in the area of the keyspace where
Partial Key Exposure on RSA with Private Exponents Larger than N
"... Abstract. In 1998, Boneh, Durfee and Frankel described several attacks against RSA enabling an attacker given a fraction of the bits of the private exponent d to recover all of d. These attacks were later improved and extended in various ways. They however always consider that the private exponent d ..."
Abstract
 Add to MetaCart
and quantifies the number of bits of d required to mount practical partial key exposure attacks. Both the cases of known most significant bits (MSBs) and least significant bits (LSBs) are analyzed. Our results are based on Coppersmith’s heuristic methods and validated by practical experiments run through
Revisiting Prime Power RSA
"... Recently Sarkar (DCC 2014) has proposed a new attack on small decryption exponent when RSA Modulus is of the form N = prq for r ≥ 2. This variant is known as Prime Power RSA. The work of Sarkar improves the result of May (PKC 2004) when r ≤ 5. In this paper, we improve the existing results for r = 3 ..."
Abstract
 Add to MetaCart
= 3, 4. We also study partial key exposure attack on Prime Power RSA. Our result improves the work of May (PKC 2004) for certain parameters.
An Attack on RSA Using LSBs of Multiples of the Prime Factors
"... Abstract. Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N 0.25 and its extension by Boneh and Durfee to d < N 0.292 show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can ..."
Abstract
 Add to MetaCart
be broken in polynomial time under special conditions. For example, various partial key exposure attacks on RSA and some attacks using additional information encoded in the public exponent e are efficient to factor the RSA modulus. These attacks were later improved and extended in various ways
RSA private key reconstruction from random bits using SAT solvers
, 2013
"... SAT solvers are being used more and more in Cryptanalysis, with mixed results regarding their efficiency, depending on the structure of the algorithm they are applied. However, when it comes to integer factorization, or more specially the RSA problem, SAT solvers prove to be at least inefficient. Th ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. The running times are too long to be compared with any well known integer factorization algorithm, even when it comes to small RSA moduli numbers. The recent work on cold boot attacks has sparkled again the interest on partial key exposure attacks and in RSA key reconstruction. In our work, contrary
Results 1  10
of
82