337 Hits in 4.8 sec

The Effectiveness of Lattice Attacks Against Low-Exponent RSA [chapter]

Christophe Coupé, Phong Nguyenhttp, Jacques Stern
1999 Lecture Notes in Computer Science  
Theoretically, these are the most powerful known attacks against low-exponent RSA. However, the practical behaviour of Coppersmith's method was unclear.  ...  This led to rigorous polynomial attacks against RSA with low public exponent, in some particular settings such as encryption of stereotyped messages, random padding, or broadcast applications a l a Hast  ...  We w ould like to thank the anonymous referees for their helpful comments.  ... 
doi:10.1007/3-540-49162-7_16 fatcat:poaehifs5fhnnoypzgjac54qim

On the Insecurity of a Server-Aided RSA Protocol [chapter]

Phong Q. Nguyen, Igor E. Shparlinski
2001 Lecture Notes in Computer Science  
We present a new lattice-based provable passive attack on RSA-S1 which recovers the factorization of the RSA modulus when a very small public exponent is used, for many choices of the parameters.  ...  They discussed two simple countermeasures to thwart such attacks: renewing the decomposition of the RSA private exponent, and checking the signature (in which case a small public exponent must be used)  ...  In Section 3, we present our variant of Merkle's lattice-based attack, together with an analysis. In Section 4, we present our new lattice-based attack on low-exponent RSA-S1.  ... 
doi:10.1007/3-540-45682-1_2 fatcat:5eiv2wb7ircjpbjxr2ustewuiu

On the security of multi-prime RSA

M. Jason Hinek
2008 Journal of Mathematical Cryptology  
Five of the attacks are new. A new variant of partial key exposure attacks is also introduced which applies only to multi-prime RSA with more than two primes.  ...  In this work we collect the strongest known algebraic attacks on multi-prime RSA. These include factoring, small private exponent, small CRT exponent and partial key exposure attacks.  ...  The non-lattice-based attacks which apply to multi-prime RSA with public exponents smaller than N 1/r are in practice just as effective as the theory predicts.  ... 
doi:10.1515/jmc.2008.006 fatcat:t6xpyuma5fgbxd65jllku7s2eq

The Béguin-Quisquater Server-Aided RSA Protocol from Crypto '95 is not Secure [chapter]

Phong Nguyen, Jacques Stern
1998 Lecture Notes in Computer Science  
In this paper, we present a very effective lattice-based passive attack against this protocol.  ...  The core of our attack is the basic notion of an orthogonal lattice which we introduced at Crypto '97 as a cryptographic tool.  ...  We present a very effective lattice-based passive attack against this protocol.  ... 
doi:10.1007/3-540-49649-1_29 fatcat:2qnxcchkrvaszm5glqppexmapm

An Overview of Cryptanalysis of RSA Public key System

Berlin K, Dhenakaran S.S
2017 International Journal of Engineering and Technology  
From this research among the various attacks, timing attack has been interrupt against security in RSA algorithm.  ...  RSA was one of the first practical public key cryptosystem among the various kinds of public key system.  ...  Zheng [8] , was implemented their research called as "The Effectiveness of Lattice Attacks against Low -Exponent RSA".  ... 
doi:10.21817/ijet/2017/v9i5/170905312 fatcat:avttklyuu5exrifhnsjonfyzn4

New Results for Partial Key Exposure on RSA with Exponent Blinding

Stelvio Cimato, Silvia Mella, Ruggero Susella
2015 Proceedings of the 12th International Conference on Security and Cryptography  
This countermeasure has also the side-effect of modifying the RSA equation used by partial key exposure attacks, in a way studied by Joye and Lepoint in 2012.  ...  Thus the attacker has to rely only on a single trace, significantly incrementing the noise, making the exponent bits recovery less effective.  ...  ACKNOWLEDGEMENTS This work was partly supported by the Italian MIUR project SecurityHorizons (c.n. 2010XSEMLC).  ... 
doi:10.5220/0005571701360147 dblp:conf/secrypt/CimatoMS15 fatcat:z4xlwabdrvadblonvhaln6izvy

Key Generation Using Generalized Pell's Equation in Public Key Cryptography Based on the Prime Fake Modulus Principle to Image Encryption and Its Security Analysis

K. R. Raghunandan, Aithal Ganesh, Shetty Surendra, K. Bhavya
2020 Cybernetics and Information Technologies  
In this paper the concept of fake modulus and generalized Pell's equation is used for enhancing the security of RSA.  ...  It is explored in the results that RSA is prone to factorization problem, since it is sharing common modulus and public key exponent.  ...  Coppersmith's theorem [16, 17] for padded messages is the basis of most of the powerful attacks on low public exponent RSA.  ... 
doi:10.2478/cait-2020-0030 fatcat:3l2gtqbohrcwxnzqwcioja3f7y

RSA with Balanced Short Exponents and Its Application to Entity Authentication [chapter]

Hung-Min Sun, Cheng-Ta Yang
2005 Lecture Notes in Computer Science  
The first RSA variant is an attempt to make the private exponent d short below N 0.25 and N 0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee  ...  Based on our RSA variants, an application to entity authentication for defending the stolen-secret attack is presented.  ...  Acknowledgements The authors wish to acknowledge the anonymous reviewers for valuable comments and thank helpful discussions with Chiung-Hsun Chen, Mu-En Wu and Ting-Yao Lin on several points in the paper  ... 
doi:10.1007/978-3-540-30580-4_14 fatcat:gitpr74dinb5llw6klr3pjduva

A Survey and Analysis of Security Issues on RSA Algorithm

Kunal Gagneja, K. John Singh
2015 Research Journal of Applied Sciences Engineering and Technology  
Generally, security is calculated only on the basis of brute force attack and advancements in algorithms, hardware and software architectures are ignored.  ...  According to NIST key management guidelines, 15360 bit RSA is equivalent to 256-bit symmetric key in terms of strength. In case of small messages, even key would be longer than the message.  ...  RSA is prone to common modulus attack, Fig. 3 : An illustration of acoustic signals received chosen ciphertext attack, low encryption exponent attack and low decryption exponent attack (Bruce, 1995)  ... 
doi:10.19026/rjaset.11.2094 fatcat:i6dmjyumljavnjlfvzwjtjpm4u

Combined Attack on CRT-RSA [chapter]

Guillaume Barbu, Alberto Battistello, Guillaume Dabosville, Christophe Giraud, Guénaël Renault, Soline Renner, Rina Zeitoun
2013 Lecture Notes in Computer Science  
This article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks.  ...  Indeed, such a value would allow the attacker to recover the RSA private key by computing the gcd of the public modulus and the faulty signature.  ...  The authors would like to thank Emmanuelle Dottax for her useful comments on the preliminary version of this article.  ... 
doi:10.1007/978-3-642-36362-7_13 fatcat:q343go6pkjdojeqktiyqvvjrbi

Finding a Small Root of a Univariate Modular Equation [chapter]

Don Coppersmith
1996 Lecture Notes in Computer Science  
We show how to solve a polynomial equation (mod N ) of degree k in a single variable z, as long as there is a solution smaller than "Ik. We give two applications to RSA encryption with exponent 3.  ...  Second, if messages are padded with truly random padding and then encrypted with an exponent 3, then two encryptions of the same message (with different padding) will reveal the message, as long as the  ...  This seems to be a much more effective defense against the present attack. (3) Increase the amount of padding.  ... 
doi:10.1007/3-540-68339-9_14 fatcat:5xf4p2kpdrf2dggjhb423c3wcu

On the Security of RSA with Primes Sharing Least-Significant Bits

Ron Steinfeld, Yuliang Zheng
2004 Applicable Algebra in Engineering, Communication and Computing  
that the Boneh-Durfee-Frankel PKE attack [5] on low public-exponent RSA is less effective for LSBS-RSA systems than for standard RSA.  ...  The reduction shows that, for low public exponents, if β ≤ 2α then the one-wayness of (α, β, γ)-LSBS RSA follows from the one-wayness of α-LSBS RSA. PKE Attacks for Large Public Exponents.  ...  The authors would like to thank the anonymous referees of CT-RSA 2001 for their helpful comments on a preliminary version [20] of some of the results in this paper.  ... 
doi:10.1007/s00200-004-0164-6 fatcat:a6q6axezufc33ntuxa6zylmw54

Post-Quantum Cryptosystem NTRUEnCrypt and Its Advantage over Pre – Quantum Cryptosystem RSA

Cherckesova Larissa, Safaryan Olga, Razumov Pavel, Kravchenko Veronica, Morozov Sergey, Popov Alexey
2020 E3S Web of Conferences  
The cryptographic system NTRUEncrypt is able to provide the necessary level of security at an extremely low cost, while possessing high speeds and low memory requirements.  ...  Cryptography is inextricably linked to the transfer of data, and in addition to ensuring user authorization; it is designed to guarantee the integrity of the transmitted information and its confidentiality  ...  After all, the algorithm that solves the problem of the shortest lattice vector still does not exist (although searches are actively conducted from the first half of the 1990s), which means that the NTRUEncrypt  ... 
doi:10.1051/e3sconf/202022401037 doaj:9846c5b256fa4a6f99ed169b5b402695 fatcat:hqnaylh65banxnoays7nlrfbpq

Public Key Perturbation of Randomized RSA Implementations [chapter]

Alexandre Berzati, Cécile Canovas-Dumas, Louis Goubin
2010 Lecture Notes in Computer Science  
Our attack belongs to the family of public key perturbations and is the first fault attack against RSA implementations with the exponent randomization countermeasure.  ...  Among all countermeasures that have been proposed to thwart side-channel attacks against RSA implementations, the exponent randomization method -also known as exponent blinding -has been very early suggested  ...  Thus, it might be worthwhile to check the effective robustness of the exponent blinding against other fault attacks.  ... 
doi:10.1007/978-3-642-15031-9_21 fatcat:zjbn66nrzjhk7pjfcb5e4orocy

Certified Side Channels [article]

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, Billy Bob Brumley
2020 arXiv   pre-print
We uncover a combination of weaknesses and vulnerabilities, in extreme cases inducing completely disjoint multi-precision arithmetic stacks deep within the cryptosystem level for keys that otherwise seem  ...  Exploiting these vulnerabilities, we design and implement key recovery attacks utilizing signals ranging from electromagnetic (EM) emanations, to granular microarchitecture cache timings, to coarse traditional  ...  DSA signing, but not RSA verification with a short, low-weight, and public exponent.  ... 
arXiv:1909.01785v2 fatcat:3j2dpdg2k5b3ze5cgyzoq2yzii
« Previous Showing results 1 — 15 out of 337 results