Factoring multi-power RSA moduli with primes sharing least or most significant bits

Omar Akchiche; Omar Khadir

doi:10.1515/gcc-2016-0002

Article

Factoring multi-power RSA moduli with primes sharing least or most significant bits

Published/Copyright: April 9, 2016

Published by

Become an author with De Gruyter Brill

Author Information Explore this Subject

From the journal Groups Complexity Cryptology Volume 8 Issue 1

Abstract

We study the factorization of a balanced multi-power RSA moduli N = p^rq when the unknown primes p and q share t least or most significant bits. We show that if t ≥ 1/(1+r)log p, then it is possible to compute the prime decomposition of N in polynomial time in log N. This result can be used to mount attacks against several cryptographic protocols that are based on the moduli N.

Keywords: Integer factorization problem; multi-power RSA; Coppersmith's theorem; public key cryptography

MSC: 11Y05; 94A60

References

1 E. Bach and J. Shallit, Algorithmic Number Theory. Volume 1: Efficient Algorithms, MIT Press, Cambridge, 1996. Search in Google Scholar

2 D. Boneh, G. Durfee and N. Howgrave-Graham, Factoring N = p^rq for large r, Advances in Cryptology (CRYPTO'99), Lecture Notes in Comput. Sci. 1666, Springer, Berlin (1999), 326–337. Search in Google Scholar

3 D. Boneh and H. Shacham, Fast variants of RSA, CryptoBytes 5 (2002), 1, 1–9. Search in Google Scholar

4 D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. Cryptology 10 (1997), 4, 233–260. 10.1007/s001459900030Search in Google Scholar

5 B. De Weger, Cryptanalysis of RSA with small prime difference, Appl. Algebra Engrg. Comm. Comput. 13 (2002), 1, 17–28. 10.1007/s002000100088Search in Google Scholar

6 A. Fujioka, T. Okamoto and S. Miyaguchi, ESIGN: An efficient digital signature implementation for smart cards, Advances in Cryptology (EUROCRYPT'91), Lecture Notes in Comput. Sci. 547, Springer, Berlin (1991), 446–457. 10.1007/3-540-46416-6_38Search in Google Scholar

7 S. D. Galbraith, Mathematics of Public Key Cryptography, Cambridge University Press, Cambridge, 2012. 10.1017/CBO9781139012843Search in Google Scholar

8 K. Itoh, N. Kunihiro and K. Kurosawa, Small secret key attack on a variant of RSA (due to Takagi), Topics in Cryptology (CT-RSA 2008), Lecture Notes in Comput. Sci. 4964, Springer, Berlin (2008), 387–406. 10.1007/978-3-540-79263-5_25Search in Google Scholar

9 D. H. Lehmer and R. E. Powers, On factoring large numbers, Bull. Amer. Math. Soc. 37 (1931), 10, 770–776. 10.1090/S0002-9904-1931-05271-XSearch in Google Scholar

10 A. K. Lenstra and H. W. Lenstra, Jr., The development of the number field sieve, Lecture Notes in Math. 1554, Springer, Berlin, 1993. 10.1007/BFb0091534Search in Google Scholar

11 H. W. Lenstra, Jr., Factoring integers with elliptic curves, Ann. of Math. (2) 126 (1987), 3, 649–673. 10.2307/1971363Search in Google Scholar

12 W. J. LeVeque, Fundamentals of Number Theory, Dover Publications, New York, 1996. Search in Google Scholar

13 S. Lim, S. Kim, I. Yie and H. Lee, A generalized takagi-cryptosystem with a modulus of the form p^rq^s, Progress in Cryptology (INDOCRYPT 2000), Lecture Notes in Comput. Sci. 1977, Springer, Berlin (2000), 283–294. 10.1007/3-540-44495-5_25Search in Google Scholar

14 Y. Lu, R. Zhang and D. Lin, Factoring multi-power RSA modulus N = p^rq with partial known bits, Information Security and Privacy (ACISP 2013), Lecture Notes in Comput. Sci. 7959, Springer, Berlin (2013), 57–71. 10.1007/978-3-642-39059-3_5Search in Google Scholar

15 A. May, Secret exponent attacks on RSA-type schemes with moduli N = p^rq, Public Key Cryptography (PKC 2004), Lecture Notes in Comput. Sci. 2947, Springer, Berlin (2004), 218–230. Search in Google Scholar

16 A. May, Using LLL-reduction for solving RSA and factorization problems, The LLL Algorithm, Inf. Secur. Cryptography, Springer, Dordrecht (2010), 315–348. 10.1007/978-3-642-02295-1_10Search in Google Scholar

17 T. Okamoto and S. Uchiyama, A new public-key cryptosystem as secure as factoring, Advances in Cryptology (EUROCRYPT'98), Lecture Notes in Comput. Sci. 1403, Springer, Berlin (1998), 308–318. 10.1007/BFb0054135Search in Google Scholar

18 J. M. Pollard, Theorems on factorization and primality testing, Math. Proc. Cambridge Philos. Soc. 76 (1974), 3, 521–528. 10.1017/S0305004100049252Search in Google Scholar

19 J. M. Pollard, A monte carlo method for factorization, BIT 15 (1975), 3, 331–334. 10.1007/BF01933667Search in Google Scholar

20 C. Pomerance, The quadratic sieve factoring algorithm, Advances in Cryptology (EUROCRYPT'84), Lecture Notes in Comput. Sci. 209, Springer, Berlin (1985), 169–182. 10.1007/3-540-39757-4_17Search in Google Scholar

21 R. L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM 21 (1978), 2, 120–126. 10.21236/ADA606588Search in Google Scholar

22 S. Sarkar, Small secret exponent attack on RSA variant with modulus N = p^rq, Des. Codes Cryptogr. 73 (2014), 2, 383–392. 10.1007/s10623-014-9928-6Search in Google Scholar

23 V. Shoup, A Computational Introduction to Number Theory and Algebra, Cambridge University Press, Cambridge, 2005. 10.1017/CBO9781139165464Search in Google Scholar

24 R. Steinfeld and Y. Zheng, On the security of RSA with primes sharing least-significant bits, Appl. Algebra Engrg. Comm. Comput. 15 (2004), 3, 179–200. 10.1007/s00200-004-0164-6Search in Google Scholar

25 T. Takagi, Fast RSA-type cryptosystem modulo p^kq, Advances in Cryptology (CRYPTO'98), Lecture Notes in Comput. Sci. 1462, Springer, Berlin (1998), 318–326. Search in Google Scholar

Received: 2015-3-25

Revised: 2015-12-1

Published Online: 2016-4-9

Published in Print: 2016-5-1

You are currently not able to access this content.

Articles in the same Issue

https://doi.org/10.1515/gcc-2016-0002

Keywords for this article

Integer factorization problem; multi-power RSA; Coppersmith's theorem; public key cryptography