Cryptanalysis Attacks on Multi Prime Power Modulus Through Analyzing Prime Difference (original) (raw)

Related papers

New Cryptanalytic Attack on RSA Modulus N=pq Using Small Prime Difference Method

Cryptography, 2018

This paper presents new short decryption exponent attacks on RSA, which successfully leads to the factorization of RSA modulus N = p q in polynomial time. The paper has two parts. In the first part, we report the usage of the small prime difference method of the form | b 2 p - a 2 q | < N γ where the ratio of q p is close to b 2 a 2 , which yields a bound d < 3 2 N 3 4 - γ from the convergents of the continued fraction expansion of e N - ⌈ a 2 + b 2 a b N ⌉ + 1 . The second part of the paper reports four cryptanalytic attacks on t instances of RSA moduli N s = p s q s for s = 1 , 2 , … , t where we use N - ⌈ a 2 + b 2 a b N ⌉ + 1 as an approximation of ϕ ( N ) satisfying generalized key equations of the shape e s d - k s ϕ ( N s ) = 1 , e s d s - k ϕ ( N s ) = 1 , e s d - k s ϕ ( N s ) = z s , and e s d s - k ϕ ( N s ) = z s for unknown positive integers d , k s , d s , k s , and z s , where we establish that t RSA moduli can be simultaneously factored in polynomial time using...

Cryptanalysis on RSA Using Decryption Exponent

In this paper, we present two new decryption exponent cryptanalysis on RSA, which successfully lead to the factorization of RSA modulus = = 2 in polynomial time. We applied Wiener's technique of attack in RSA and developed the new attacks. In the first attack, we consider RSA with modulus = , < < 2 , with public encryption exponent e and private decryption exponent d. If in polynomial time.

Cryptanalysis Attacks on RSA

2013

The RSA cryptosystem, named after Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978, is a cryptographic public-key system based on the presumed difficulty of factoring integers. To receive an RSA-encrypted message a user selects two large prime numbers and publishes the product, along with an auxiliary value, as public key. The prime factors must be kept secret. Anyone can use this public key to encrypt a message. Someone knowing the prime factors can feasibly decode the message. But there exist several approaches to break the cryptographic system without this knowledge. In this project, we implement and study the efficiency and effectiveness of three RSA attacks - Integer Factorisation, Guessing plaintext, and Guessing φ(N) attack. In order to achieve this aim, we study the RSA algorithm and implement our version of the RSA algorithm. In our study of the RSA algorithm, we look at various algorithms and number theory relevant for the implementation of RSA.

On Some Attacks on Multi-prime RSA

Lecture Notes in Computer Science, 2003

Using more than two factors in the modulus of the RSA cryptosystem has the arithmetic advantage that the private key computations can be speeded up using Chinese remaindering. At the same time, with a proper choice of parameters, one does not have to work with a larger modulus to achieve the same level of security in terms of the difficulty of the integer factorization problem. However, numerous attacks on specific instances on the RSA cryptosystem are known that apply if, for example, the decryption or encryption exponent are chosen too small, or if partial knowledge of the private key is available. Little work is known on how such attacks perform in the multi-prime case. It turns out that for most of these attacks it is crucial that the modulus contains exactly two primes. They become much less effective, or fail, when the modulus factors into more than two distinct primes.

Public key exponent attacks on multi-prime power modulus using continued fraction expansion method

Caliphate Journal of Science and Technology, 2023

This paper proposes three public key exponent attacks of breaking the security of the prime power modulus = 2 2 where and are distinct prime numbers of the same bit size. The first approach shows that the RSA prime power modulus = 2 2 for q < < 2q using key equation − () = 1 where () = 2 2 (− 1)(− 1) can be broken by recovering the secret keys from the convergents of the continued fraction expansion of e −2 3 4 + 1 2. The paper also reports the second and third approaches of factoring multi-prime power moduli = 2 2 simultaneously through exploiting generalized system of equations − () = 1 and − () = 1 respectively. This can be achieved in polynomial time through utilizing Lenstra Lenstra Lovasz (LLL) algorithm and simultaneous Diophantine approximations method for = 1, 2, … , .

An effective Method for Attack RSA Strategy

2013

The protection on many public key encoding schemes depended on the intractability of detecting the integer factoring problem such as RSA scheme. However, there are great deals of researches regarding the RSA factoring modulus compared with the other type of attack the RSA scheme. So the need for more methods of attacks other than RSA factoring modulus to find an effective and quicker algorithm to solve this problem is still crucial. This paper introduces a new algorithmic program which approaches the RSA scheme. The suggested algorithm aims to find the private key of the RSA scheme and then factoring the modulus based on the public key of the RSA scheme. The new idea exacted to be more efficient than the already existed algorithms particularly when the public key is small, since most of public key encryption schemes select a small public encryption key e in order to improve the efficiency of encryption. Also, the suggested algorithmic program is more effective since it is faster and...

Improved Factoring Attacks on Multi-prime RSA with Small Prime Difference

Information Security and Privacy, 2017

In this paper, we study the security of multi-prime RSA with small prime difference and propose two improved factoring attacks. The modulus involved in this variant is the product of r distinct prime factors of the same bit-size. Zhang and Takagi (ACISP 2013) showed a Fermat-like factoring attack on multi-prime RSA. In order to improve the previous result, we gather more information about the prime factors to derive r simultaneous modular equations. The first attack is to combine all the equations and solve one multivariate equation by generic lattice approaches. Since the equation form is similar to multi-prime Φ-hiding problem, we propose the second attack by applying the optimal linearization technique. We also show that our attacks can achieve better bounds in the experiments.

Cryptanalysis of RSA with two decryption exponents

Information Processing Letters, 2010

In this paper, we consider RSA with N = pq, where p, q are of same bit size, i.e., q < p < 2q. We study the weaknesses of RSA when multiple encryption and decryption exponents are considered with same RSA modulus N. A decade back, Howgrave-Graham and Seifert (CQRE 1999) studied this problem in detail and presented the bounds on the decryption exponents for which RSA is weak. For the case of two decryption exponents, the bound was N 0.357. We have exploited a different lattice based technique to show that RSA is weak beyond this bound. Our analysis provides improved results and it shows that for two exponents, RSA is weak when the RSA decryption exponents are less than N 0.416. Moreover, we get further improvement in the bound when some of the most significant bits (MSBs) of the decryption exponents are same (but unknown).

A New Factoring Attack on Multi-Prime RSA with Small Prime Difference

IACR Cryptol. ePrint Arch., 2015

In this paper, we study the security of multi-prime RSA whose modulus is N = p1p2 · · · pr for r ≥ 3 with small prime difference of size N . In ACISP 2013, Zhang and Takagi showed a Fermat-like factoring attack, which can directly factor N for γ < 1 r2 . We improve this bound to theoretically achieve γ < 2 r(r+2) by a new factoring attack. Furthermore, we also analyse specific MPRSA with imbalanced prime factors. Experimental results are provided to show the efficiency of our attack.

Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99

International Conference on the Theory and Application of Cryptology and Information Security, 2000

At Asiacrypt '99, Sun, Yang and Laih proposed three RSA variants with short secret exponent that resisted all known attacks, including the recent Boneh-Durfee attack from Eurocrypt '99 that improved Wiener's attack on RSA with short secret exponent. The resistance comes from the use of unbalanced primes p and q. In this paper, we extend the Boneh-Durfee attack to break two out of the three proposed variants. While the Boneh-Durfee attack was based on Coppersmith's lattice-based technique for finding small roots to bivariate modular polynomial equations, our attack is based on its generalization to trivariate modular polynomial equations. The attack is heuristic but works well in practice, as the Boneh-Durfee attack. In particular, we were able to break in a few minutes the numerical examples proposed by Sun, Yang and Laih. The results illustrate once again the fact that one should be very cautious when using short secret exponent with RSA.