### A New Attack on Three Variants of the RSA Cryptosystem [chapter]

Martin Bunder, Abderrahmane Nitaj, Willy Susilo, Joseph Tonien
2016 Lecture Notes in Computer Science
In 1995, Kuwakado, Koyama and Tsuruoka presented a new RSA-type scheme based on singular cubic curves y 2 ≡ x 3 +bx 2 (mod N) where N = pq is an RSA modulus. Then, in 2002, Elkamchouchi, Elshenawy and Shaban introduced an extension of the RSA scheme to the field of Gaussian integers using a modulus N = PQ where P and Q are Gaussian primes such that p = |P| and q = |Q| are ordinary primes. Later, in 2007, Castagnos proposed a scheme over quadratic field quotients with an RSA modulus N = pq. In
more » ... e three schemes, the public exponent e is an integer satisfying the key equation edk(p 2 -1) (q 2 -1) = 1. In this paper, we apply the continued fraction method to launch an attack on the three schemes when the private exponent d is sufficiently small. Our attack can be considered as an extension of the famous Wiener attack on the RSA. Abstract. In 1995, Kuwakado, Koyama and Tsuruoka presented a new RSA-type scheme based on singular cubic curves y 2 ≡ x 3 + bx 2 (mod N ) where N = pq is an RSA modulus. Then, in 2002, Elkamchouchi, Elshenawy and Shaban introduced an extension of the RSA scheme to the field of Gaussian integers using a modulus N = P Q where P and Q are Gaussian primes such that p = |P | and q = |Q| are ordinary primes. Later, in 2007, Castagnos proposed a scheme over quadratic field quotients with an RSA modulus N = pq. In the three schemes, the public exponent e is an integer satisfying the key equation ed − k p 2 − 1 q 2 − 1 = 1. In this paper, we apply the continued fraction method to launch an attack on the three schemes when the private exponent d is sufficiently small. Our attack can be considered as an extension of the famous Wiener attack on the RSA.