A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf
.
Cryptanalysis of RSA with a Small Parameter
[chapter]
2012
Lecture Notes in Computer Science
This paper investigates the security of RSA system with short exponents. Let N = pq be an RSA modulus with balanced primes p and q. Denote the public exponent by e and the private exponent by d. Then e and d satisfy ed − 1 = kφ(N ), which is usually called the RSA equation. When e and d are both short, and parameter k is the smallest unknown variable in RSA equation, we prove that there exist two new square root attacks. One attack applies the baby-step giant-step method, the other applies the
doi:10.1007/978-3-642-31448-3_9
fatcat:6sgoquh7tzetbon5axygs4i5fm