Increment of insecure RSA private exponent bound through perfect square RSA diophantine parameters cryptanalysis

•A new weak RSA key equation structure that solves the factoring problem under certain specified conditions in polynomial time is proposed.•Note that our cryptanalytic work extends the bound of insecure RSA decryption exponents of some previous literature.•Experimental results are provided to demons...

Full description

Saved in:
Bibliographic Details
Published inComputer standards and interfaces Vol. 80; p. 103584
Main Authors Wan Mohd Ruzai, Wan Nur Aqlili, Nitaj, Abderrahmane, Kamel Ariffin, Muhammad Rezal, Mahad, Zahari, Asbullah, Muhammad Asyraf
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier B.V 01.03.2022
Elsevier BV
Elsevier
Subjects
Algebraic cryptanalysis
Algorithms
Computer Science
Cryptography
Cryptography and Security
Diophantine approximation
Diophantine equation
Integer factorization problem
Kleptography
Lattice basis reduction
Parameters
Polynomials
RSA cryptosystem
Diophantine approximation
Algebraic cryptanalysis
Integer factorization problem
Lattice basis reduction
Kleptography
RSA cryptosystem
lattice basis reduction
kleptography
algebraic cryptanalysis
integer factorization problem
Online AccessGet full text
ISSN0920-5489
1872-7018
1872-7018
DOI10.1016/j.csi.2021.103584

Cover

More Information
Summary:•A new weak RSA key equation structure that solves the factoring problem under certain specified conditions in polynomial time is proposed.•Note that our cryptanalytic work extends the bound of insecure RSA decryption exponents of some previous literature.•Experimental results are provided to demonstrate the effectiveness of the new attack. The public parameters of the RSA cryptosystem are represented by the pair of integers N and e. In this work, first we show that if e satisfies the Diophantine equation of the form ex2−ϕ(N)y2=z for appropriate values of x,y and z under certain specified conditions, then one is able to factor N. That is, the unknown yx can be found amongst the convergents of eN via continued fractions algorithm. Consequently, Coppersmith’s theorem is applied to solve for prime factors p and q in polynomial time. We also report a second weakness that enabled us to factor k instances of RSA moduli simultaneously from the given (Ni,ei) for i=1,2,⋯,k and a fixed x that fulfills the Diophantine equation eix2−yi2ϕ(Ni)=zi. This weakness was identified by solving the simultaneous Diophantine approximations using the lattice basis reduction technique. We note that this work extends the bound of insecure RSA decryption exponents.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0920-5489
1872-7018
1872-7018
DOI:10.1016/j.csi.2021.103584