A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is `application/pdf`

.

## Filters

##
###
Factoring RSA Modulus Using Prime Reconstruction from Random Known Bits
[chapter]

2010
*
Lecture Notes in Computer Science
*

This paper discusses the

doi:10.1007/978-3-642-12678-9_6
fatcat:46lwzdkmineidim6gihb3hg5xy
*factorization*of the*RSA**modulus*N (i.e., N = pq, where p, q are*primes*of same*bit*size) by*reconstructing*the*primes**from*randomly*known**bits*. ... Here we revisit the work of Heninger and Shacham in Crypto 2009 and provide a combinatorial model for the search where some*random**bits*of the*primes*are*known*. ... Conclusion Our work discusses the*factorization*of*RSA**modulus*N by*reconstructing*the*primes**from*randomly*known**bits*. ...##
###
A New LSB Attack on Special-Structured RSA Primes

2020
*
Symmetry
*

Second, we assume that the

doi:10.3390/sym12050838
fatcat:ak6l73bh2rdzrefaz6sc6guvpm
*bits*of r p and r q are the*known*LSBs of p and q respectively. In our analysis, we have successfully*factored*N in polynomial time*using*both assumptions. ... Previous attacks on the cryptosystem focus on the effort to weaken the hardness of integer*factorization*problem, embedded in the*RSA**modulus*, N = p q . ... They successfully conducted the attack if 0.57*random**bits*of the*primes*are*known*. ...##
###
On the Security of Distributed Multiprime RSA
[chapter]

2015
*
Lecture Notes in Computer Science
*

Further, we show that

doi:10.1007/978-3-319-15943-0_2
fatcat:yx7cjhcvpfhrlj3rqvyarn6jtq
*RSA*keys based on moduli with more than two*prime**factors*and where part of the*factorization*is leaked to the adversary are*useful*in practice by showing that commonly*used*schemes ... such as PSS-*RSA*and OAEP-*RSA*is secure even if the adversary knows a partial*factorization*of the multiprime moduli. ... So we achieve the same level of security (*bit*-length of the individual*primes*)*using*M-*RSA*as*using*standard*RSA*. ...##
###
Factoring a Multiprime Modulus N with Random Bits
[chapter]

2015
*
Lecture Notes in Computer Science
*

In 2009, Heninger and Shacham presented an algorithm

doi:10.1007/978-3-319-27659-5_13
fatcat:xxjzr7brprd5ljhbkt2dlqx65m
*using*the Hensel's lemma for*reconstructing*the*prime**factors*of the*modulus*N = r 1 r 2 . ... Keywords*Factoring*a multi-*prime**modulus*N ,*random*key*bits*leakage attack, cold boot attack * ... It is relevant to mention there is an advantage to*use*more than two*primes*in the*RSA**modulus*N . ...##
###
The Comparative Study on Public Key Algorithm using RSA AND OAEP

2016
*
International Journal Of Engineering And Computer Science
*

The core idea is enhance the security of

doi:10.18535/ijecs/v5i9.48
fatcat:2rzvjht65nc4nixafvgxeg5ima
*RSA*algorithm. In this dissertation public key algorithm*RSA*and enhanced*RSA*are compared analysis is made on time based on execution time. ... The cryptography algorithms*use*of real security applications. These applications tend to be too complicated, exposing too much detail of the cryptographic process. ... Although the*RSA*problem of taking eth roots modulo n is not*known*to be equivalent to*factoring*the*modulus*,*factorization*is the only method*known*for solving the problem in the general case. ...##
###
Partial Key Attack Given MSBs of CRT-RSA Private Keys

2020
*
Mathematics
*

of p−1e, it will enable the adversary to

doi:10.3390/math8122188
fatcat:jr7grloa6fbojpdjnnd2qcgz7m
*factor*the*RSA**modulus*N=pq. ... By*using*partial most significant*bits*(MSBs) of one of the*RSA**primes*, p or q and its corresponding private exponent, d, we obtain an*RSA*intermediate. ... Abbreviations The following abbreviations are*used*in this manuscript: LSB Least significant*bits*MSB Most significant*bits**RSA*Rivest-Shamir-Adleman ...##
###
An Attack on RSA Given a Small Fraction of the Private Key Bits
[chapter]

1998
*
Lecture Notes in Computer Science
*

For instance, when e is a

doi:10.1007/3-540-49649-1_3
fatcat:l5tkjfazejdvporoqcoci7dgv4
*prime*in the range [N 1/4 , N 1/2 ], half the*bits*of the private key suffice to*reconstruct*the entire private key. ... We show that for low public exponent*rsa*, given a quarter of the*bits*of the private key an adversary can recover the entire private key. ... If e has at most r distinct*prime**factors*, and its*factorization*is*known*, then given the t most significant*bits*of d we can*factor*N in polynomial time. ...##
###
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
[chapter]

2002
*
Lecture Notes in Computer Science
*

The findings can be

doi:10.1007/3-540-45664-3_18
fatcat:hg4xdmuhd5e5rhq3eevlv7kzru
*used*to eventually improve future implementations of fast*RSA*decryption. ... We describe an adaptive chosen-ciphertext attack on a smart card implementation of the*RSA*decryption algorithm in the presence of side-channel information leakage. ...*Reconstruction*of*prime*p INPUT:*modulus*n, public exponent e. OUTPUT:*prime*p such that p divides n. 1. Repeat until computed diff (x) equals 1: (a) Pick*random*number x, 0 ≤ x < n. ...##
###
Further Simplifications in Proactive RSA Signatures
[chapter]

2005
*
Lecture Notes in Computer Science
*

The new scheme is conceptually simple because all the sharing and proactive re-sharing of the

doi:10.1007/978-3-540-30576-7_28
fatcat:cthznnve4jbwriii5e7d25h3da
*RSA*secret key is done modulo a*prime*, while the*reconstruction*of the*RSA*signature employs an observation ... that the secret can be recovered*from*such sharing*using*a simple equation over the integers. ... It relied on an observation that the secret sharing of the private key d modulo any*modulus*which has only large*prime**factors*enables efficient*reconstruction*of d over integers. ...##
###
A Novel Approach For Verifiable Secret Sharing In Proactive Network Using Rsa

2017
*
Zenodo
*

*Random*selection of

*Modulus*E and D starts by

*random*selection of two large

*prime*numbers. ...

*RSA*derives its security

*from*the difficulty of

*factoring*large integers that are the product of two large

*prime*numbers. ...

##
###
Unbelievable Security Matching AES Security Using Public Key Systems
[chapter]

2001
*
Lecture Notes in Computer Science
*

The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256

doi:10.1007/3-540-45682-1_5
fatcat:2uc5yj5upncjbol6clxsdsygsm
*bits*. ... Given a desired level of security for the AES, this paper discusses matching public key sizes for*RSA*and the ElGamal family of protocols. ... A regular*RSA**modulus*n has two*prime**factors*of about (log 2 n)/2*bits*. ...##
###
Fully Distributed Threshold RSA under Standard Assumptions
[chapter]

2001
*
Lecture Notes in Computer Science
*

This comes

doi:10.1007/3-540-45682-1_19
fatcat:vifsdwy5mvgmfd6eqpkqyriqri
*from*the fact that the scheme needs a special assumption on the*RSA**modulus*and this kind of*RSA*moduli cannot be easily generated in an efficient way with many players. ... Recently Shoup proposed a practical*RSA*threshold signature scheme that allows to share the ability to sign between a set of players. This scheme can be*used*for decryption as well. ... Finally, a*prime*number p is a safe*prime*if p and p are both*prime*. A*RSA**modulus*N = pq is called a safe*prime**modulus*if p and q are both safe*primes*. ...##
###
Computing Inverses over a Shared Secret Modulus
[chapter]

2000
*
Lecture Notes in Computer Science
*

The most interesting case is when φ is the Euler function of a

doi:10.1007/3-540-45539-6_14
fatcat:4eycdfpquzcsbm7bulbur6ikgy
*known**RSA**modulus*N , φ = φ(N ). ... A more complete version is available*from*... The public key of the signer is an*RSA**modulus*N , product of two safe*primes*p, q, and a*random*element s ∈ Z * N . ...##
###
Efficient generation of shared RSA keys

2001
*
Journal of the ACM
*

We describe efficient techniques for three (or more) parties to jointly generate an

doi:10.1145/502090.502094
fatcat:4n33cvishrghxoapigq663wppu
*RSA*key. At the end of the protocol an*RSA**modulus*N = pq is publicly*known*. ... None of the parties know the*factorization*of N. In addition a public encryption exponent is publicly*known*and each party holds a share of the private exponent that enables threshold decryption. ... Our protocols generate an*RSA**modulus*which is the product of two large*random**primes*. It would be*useful*to be able to generate moduli of some special form. ...##
###
Reconstructing RSA Private Keys from Random Key Bits
[chapter]

2009
*
Lecture Notes in Computer Science
*

We show that an

doi:10.1007/978-3-642-03356-8_1
fatcat:6eixuruyvzcgfmhluq3a7rmag4
*RSA*private key with small public exponent can be efficiently recovered given a 0.27 fraction of its*bits*at*random*. ... Our algorithm itself is elementary and does not make*use*of the lattice techniques*used*in other*RSA*key*reconstruction*problems. ... reduction to solve the knapsack problem implicit in our attack; Phong Nguyen for showing*us*how q −1 p can be*used*to recover the*factorization*of N ; and Eric Rescorla for his help with analyzing the ...
« Previous

*Showing results 1 — 15 out of 524 results*