Filters

524 Hits in 6.3 sec

Factoring RSA Modulus Using Prime Reconstruction from Random Known Bits [chapter]

Subhamoy Maitra, Santanu Sarkar, Sourav Sen Gupta
2010 Lecture Notes in Computer Science
This paper discusses the factorization of the RSA modulus N (i.e., N = pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits.  ...  Here we revisit the work of Heninger and Shacham in Crypto 2009 and provide a combinatorial model for the search where some random bits of the primes are known.  ...  Conclusion Our work discusses the factorization of RSA modulus N by reconstructing the primes from randomly known bits.  ...

A New LSB Attack on Special-Structured RSA Primes

2020 Symmetry
Second, we assume that the bits of r p and r q are the known LSBs of p and q respectively. In our analysis, we have successfully factored N in polynomial time using both assumptions.  ...  Previous attacks on the cryptosystem focus on the effort to weaken the hardness of integer factorization problem, embedded in the RSA modulus, N = p q .  ...  They successfully conducted the attack if 0.57 random bits of the primes are known.  ...

On the Security of Distributed Multiprime RSA [chapter]

Ivan Damgård, Gert Læssøe Mikkelsen, Tue Skeltved
2015 Lecture Notes in Computer Science
Further, we show that RSA keys based on moduli with more than two prime factors and where part of the factorization is leaked to the adversary are useful in practice by showing that commonly used schemes  ...  such as PSS-RSA and OAEP-RSA is secure even if the adversary knows a partial factorization of the multiprime moduli.  ...  So we achieve the same level of security (bit-length of the individual primes) using M-RSA as using standard RSA.  ...

Factoring a Multiprime Modulus N with Random Bits [chapter]

2015 Lecture Notes in Computer Science
In 2009, Heninger and Shacham presented an algorithm using the Hensel's lemma for reconstructing the prime factors of the modulus N = r 1 r 2 .  ...  Keywords Factoring a multi-prime modulus N , random key bits leakage attack, cold boot attack *  ...  It is relevant to mention there is an advantage to use more than two primes in the RSA modulus N .  ...

The Comparative Study on Public Key Algorithm using RSA AND OAEP

E. Vinithra
2016 International Journal Of Engineering And Computer Science
The core idea is enhance the security of RSA algorithm. In this dissertation public key algorithm RSA and enhanced RSA are compared analysis is made on time based on execution time.  ...  The cryptography algorithms use of real security applications. These applications tend to be too complicated, exposing too much detail of the cryptographic process.  ...  Although the RSA problem of taking eth roots modulo n is not known to be equivalent to factoring the modulus, factorization is the only method known for solving the problem in the general case.  ...

Partial Key Attack Given MSBs of CRT-RSA Private Keys

Amir Hamzah Abd Abd Ghafar, Muhammad Rezal Kamel Kamel Ariffin, Sharifah Md Md Yasin, Siti Hasana Sapar
2020 Mathematics
of p−1e, it will enable the adversary to factor the RSA modulus N=pq.  ...  By using partial most significant bits (MSBs) of one of the RSA primes, p or q and its corresponding private exponent, d, we obtain an RSA intermediate.  ...  Abbreviations The following abbreviations are used in this manuscript: LSB Least significant bits MSB Most significant bits RSA Rivest-Shamir-Adleman  ...

An Attack on RSA Given a Small Fraction of the Private Key Bits [chapter]

Dan Boneh, Glenn Durfee, Yair Frankel
1998 Lecture Notes in Computer Science
For instance, when e is a prime in the range [N 1/4 , N 1/2 ], half the bits of the private key suffice to reconstruct the entire private key.  ...  We show that for low public exponent rsa, given a quarter of the bits of the private key an adversary can recover the entire private key.  ...  If e has at most r distinct prime factors, and its factorization is known, then given the t most significant bits of d we can factor N in polynomial time.  ...

SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation [chapter]

Roman Novak
2002 Lecture Notes in Computer Science
The findings can be used to eventually improve future implementations of fast RSA decryption.  ...  We describe an adaptive chosen-ciphertext attack on a smart card implementation of the RSA decryption algorithm in the presence of side-channel information leakage.  ...  Reconstruction of prime p INPUT: modulus n, public exponent e. OUTPUT: prime p such that p divides n. 1. Repeat until computed diff (x) equals 1: (a) Pick random number x, 0 ≤ x < n.  ...

Further Simplifications in Proactive RSA Signatures [chapter]

Stanisław Jarecki, Nitesh Saxena
2005 Lecture Notes in Computer Science
The new scheme is conceptually simple because all the sharing and proactive re-sharing of the RSA secret key is done modulo a prime, while the reconstruction of the RSA signature employs an observation  ...  that the secret can be recovered from such sharing using a simple equation over the integers.  ...  It relied on an observation that the secret sharing of the private key d modulo any modulus which has only large prime factors enables efficient reconstruction of d over integers.  ...

A Novel Approach For Verifiable Secret Sharing In Proactive Network Using Rsa

Vikas Kumar, Prof. O.P. Verma, Deepak Kumar, Sandeep Jain
2017 Zenodo
Random selection of Modulus E and D starts by random selection of two large prime numbers.  ...  RSA derives its security from the difficulty of factoring large integers that are the product of two large prime numbers.  ...

Unbelievable Security Matching AES Security Using Public Key Systems [chapter]

Arjen K. Lenstra
2001 Lecture Notes in Computer Science
The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits.  ...  Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols.  ...  A regular RSA modulus n has two prime factors of about (log 2 n)/2 bits.  ...

Fully Distributed Threshold RSA under Standard Assumptions [chapter]

Pierre-Alain Fouque, Jacques Stern
2001 Lecture Notes in Computer Science
This comes from the fact that the scheme needs a special assumption on the RSA modulus and this kind of RSA moduli cannot be easily generated in an efficient way with many players.  ...  Recently Shoup proposed a practical RSA threshold signature scheme that allows to share the ability to sign between a set of players. This scheme can be used for decryption as well.  ...  Finally, a prime number p is a safe prime if p and p are both prime. A RSA modulus N = pq is called a safe prime modulus if p and q are both safe primes.  ...

Computing Inverses over a Shared Secret Modulus [chapter]

Dario Catalano, Rosario Gennaro, Shai Halevi
2000 Lecture Notes in Computer Science
The most interesting case is when φ is the Euler function of a known RSA modulus N , φ = φ(N ).  ...  A more complete version is available from  ...  The public key of the signer is an RSA modulus N , product of two safe primes p, q, and a random element s ∈ Z * N .  ...

Efficient generation of shared RSA keys

Dan Boneh, Matthew Franklin
2001 Journal of the ACM
We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known.  ...  None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption.  ...  Our protocols generate an RSA modulus which is the product of two large random primes. It would be useful to be able to generate moduli of some special form.  ...