524 Hits in 6.3 sec

Factoring RSA Modulus Using Prime Reconstruction from Random Known Bits [chapter]

Subhamoy Maitra, Santanu Sarkar, Sourav Sen Gupta
2010 Lecture Notes in Computer Science  
This paper discusses the factorization of the RSA modulus N (i.e., N = pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits.  ...  Here we revisit the work of Heninger and Shacham in Crypto 2009 and provide a combinatorial model for the search where some random bits of the primes are known.  ...  Conclusion Our work discusses the factorization of RSA modulus N by reconstructing the primes from randomly known bits.  ... 
doi:10.1007/978-3-642-12678-9_6 fatcat:46lwzdkmineidim6gihb3hg5xy

A New LSB Attack on Special-Structured RSA Primes

Amir Hamzah Abd Ghafar, Muhammad Rezal Kamel Ariffin, Muhammad Asyraf Asbullah
2020 Symmetry  
Second, we assume that the bits of r p and r q are the known LSBs of p and q respectively. In our analysis, we have successfully factored N in polynomial time using both assumptions.  ...  Previous attacks on the cryptosystem focus on the effort to weaken the hardness of integer factorization problem, embedded in the RSA modulus, N = p q .  ...  They successfully conducted the attack if 0.57 random bits of the primes are known.  ... 
doi:10.3390/sym12050838 fatcat:ak6l73bh2rdzrefaz6sc6guvpm

On the Security of Distributed Multiprime RSA [chapter]

Ivan Damgård, Gert Læssøe Mikkelsen, Tue Skeltved
2015 Lecture Notes in Computer Science  
Further, we show that RSA keys based on moduli with more than two prime factors and where part of the factorization is leaked to the adversary are useful in practice by showing that commonly used schemes  ...  such as PSS-RSA and OAEP-RSA is secure even if the adversary knows a partial factorization of the multiprime moduli.  ...  So we achieve the same level of security (bit-length of the individual primes) using M-RSA as using standard RSA.  ... 
doi:10.1007/978-3-319-15943-0_2 fatcat:yx7cjhcvpfhrlj3rqvyarn6jtq

Factoring a Multiprime Modulus N with Random Bits [chapter]

Routo Terada, Reynaldo Cáceres Villena
2015 Lecture Notes in Computer Science  
In 2009, Heninger and Shacham presented an algorithm using the Hensel's lemma for reconstructing the prime factors of the modulus N = r 1 r 2 .  ...  Keywords Factoring a multi-prime modulus N , random key bits leakage attack, cold boot attack *  ...  It is relevant to mention there is an advantage to use more than two primes in the RSA modulus N .  ... 
doi:10.1007/978-3-319-27659-5_13 fatcat:xxjzr7brprd5ljhbkt2dlqx65m

The Comparative Study on Public Key Algorithm using RSA AND OAEP

E. Vinithra
2016 International Journal Of Engineering And Computer Science  
The core idea is enhance the security of RSA algorithm. In this dissertation public key algorithm RSA and enhanced RSA are compared analysis is made on time based on execution time.  ...  The cryptography algorithms use of real security applications. These applications tend to be too complicated, exposing too much detail of the cryptographic process.  ...  Although the RSA problem of taking eth roots modulo n is not known to be equivalent to factoring the modulus, factorization is the only method known for solving the problem in the general case.  ... 
doi:10.18535/ijecs/v5i9.48 fatcat:2rzvjht65nc4nixafvgxeg5ima

Partial Key Attack Given MSBs of CRT-RSA Private Keys

Amir Hamzah Abd Abd Ghafar, Muhammad Rezal Kamel Kamel Ariffin, Sharifah Md Md Yasin, Siti Hasana Sapar
2020 Mathematics  
of p−1e, it will enable the adversary to factor the RSA modulus N=pq.  ...  By using partial most significant bits (MSBs) of one of the RSA primes, p or q and its corresponding private exponent, d, we obtain an RSA intermediate.  ...  Abbreviations The following abbreviations are used in this manuscript: LSB Least significant bits MSB Most significant bits RSA Rivest-Shamir-Adleman  ... 
doi:10.3390/math8122188 fatcat:jr7grloa6fbojpdjnnd2qcgz7m

An Attack on RSA Given a Small Fraction of the Private Key Bits [chapter]

Dan Boneh, Glenn Durfee, Yair Frankel
1998 Lecture Notes in Computer Science  
For instance, when e is a prime in the range [N 1/4 , N 1/2 ], half the bits of the private key suffice to reconstruct the entire private key.  ...  We show that for low public exponent rsa, given a quarter of the bits of the private key an adversary can recover the entire private key.  ...  If e has at most r distinct prime factors, and its factorization is known, then given the t most significant bits of d we can factor N in polynomial time.  ... 
doi:10.1007/3-540-49649-1_3 fatcat:l5tkjfazejdvporoqcoci7dgv4

SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation [chapter]

Roman Novak
2002 Lecture Notes in Computer Science  
The findings can be used to eventually improve future implementations of fast RSA decryption.  ...  We describe an adaptive chosen-ciphertext attack on a smart card implementation of the RSA decryption algorithm in the presence of side-channel information leakage.  ...  Reconstruction of prime p INPUT: modulus n, public exponent e. OUTPUT: prime p such that p divides n. 1. Repeat until computed diff (x) equals 1: (a) Pick random number x, 0 ≤ x < n.  ... 
doi:10.1007/3-540-45664-3_18 fatcat:hg4xdmuhd5e5rhq3eevlv7kzru

Further Simplifications in Proactive RSA Signatures [chapter]

Stanisław Jarecki, Nitesh Saxena
2005 Lecture Notes in Computer Science  
The new scheme is conceptually simple because all the sharing and proactive re-sharing of the RSA secret key is done modulo a prime, while the reconstruction of the RSA signature employs an observation  ...  that the secret can be recovered from such sharing using a simple equation over the integers.  ...  It relied on an observation that the secret sharing of the private key d modulo any modulus which has only large prime factors enables efficient reconstruction of d over integers.  ... 
doi:10.1007/978-3-540-30576-7_28 fatcat:cthznnve4jbwriii5e7d25h3da

A Novel Approach For Verifiable Secret Sharing In Proactive Network Using Rsa

Vikas Kumar, Prof. O.P. Verma, Deepak Kumar, Sandeep Jain
2017 Zenodo  
Random selection of Modulus E and D starts by random selection of two large prime numbers.  ...  RSA derives its security from the difficulty of factoring large integers that are the product of two large prime numbers.  ... 
doi:10.5281/zenodo.581480 fatcat:fxelltio7zgtvfprmque3skvka

Unbelievable Security Matching AES Security Using Public Key Systems [chapter]

Arjen K. Lenstra
2001 Lecture Notes in Computer Science  
The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits.  ...  Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols.  ...  A regular RSA modulus n has two prime factors of about (log 2 n)/2 bits.  ... 
doi:10.1007/3-540-45682-1_5 fatcat:2uc5yj5upncjbol6clxsdsygsm

Fully Distributed Threshold RSA under Standard Assumptions [chapter]

Pierre-Alain Fouque, Jacques Stern
2001 Lecture Notes in Computer Science  
This comes from the fact that the scheme needs a special assumption on the RSA modulus and this kind of RSA moduli cannot be easily generated in an efficient way with many players.  ...  Recently Shoup proposed a practical RSA threshold signature scheme that allows to share the ability to sign between a set of players. This scheme can be used for decryption as well.  ...  Finally, a prime number p is a safe prime if p and p are both prime. A RSA modulus N = pq is called a safe prime modulus if p and q are both safe primes.  ... 
doi:10.1007/3-540-45682-1_19 fatcat:vifsdwy5mvgmfd6eqpkqyriqri

Computing Inverses over a Shared Secret Modulus [chapter]

Dario Catalano, Rosario Gennaro, Shai Halevi
2000 Lecture Notes in Computer Science  
The most interesting case is when φ is the Euler function of a known RSA modulus N , φ = φ(N ).  ...  A more complete version is available from  ...  The public key of the signer is an RSA modulus N , product of two safe primes p, q, and a random element s ∈ Z * N .  ... 
doi:10.1007/3-540-45539-6_14 fatcat:4eycdfpquzcsbm7bulbur6ikgy

Efficient generation of shared RSA keys

Dan Boneh, Matthew Franklin
2001 Journal of the ACM  
We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known.  ...  None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption.  ...  Our protocols generate an RSA modulus which is the product of two large random primes. It would be useful to be able to generate moduli of some special form.  ... 
doi:10.1145/502090.502094 fatcat:4n33cvishrghxoapigq663wppu

Reconstructing RSA Private Keys from Random Key Bits [chapter]

Nadia Heninger, Hovav Shacham
2009 Lecture Notes in Computer Science  
We show that an RSA private key with small public exponent can be efficiently recovered given a 0.27 fraction of its bits at random.  ...  Our algorithm itself is elementary and does not make use of the lattice techniques used in other RSA key reconstruction problems.  ...  reduction to solve the knapsack problem implicit in our attack; Phong Nguyen for showing us how q −1 p can be used to recover the factorization of N ; and Eric Rescorla for his help with analyzing the  ... 
doi:10.1007/978-3-642-03356-8_1 fatcat:6eixuruyvzcgfmhluq3a7rmag4
« Previous Showing results 1 — 15 out of 524 results