New Attacks on RSA with Moduli N = p r q [chapter]

Abderrahmane Nitaj, Tajjeeddine Rachidi
2015 Lecture Notes in Computer Science  
We present three attacks on the Prime Power RSA with modulus N = p r q. In the first attack, we consider a public exponent e satisfying an equation ex − φ(N )y = z where φ(N ) = p r−1 (p − 1)(q − 1). We show that one can factor N if the parameters |x| and |z| satisfy |xz| < N r(r−1) (r+1) 2 thereby extending the recent results of Sakar [16] . In the second attack, we consider two public exponents e1 and e2 and their corresponding private exponents d1 and d2. We show that one can factor N when
more » ... and d2 share a suitable amount of their most significant bits, that is |d1 − d2| < N r(r−1) (r+1) 2 . The third attack enables us to factor two Prime Power RSA moduli N1 = p r 1 q1 and N2 = p r 2 q2 when p1 and p2 share a suitable amount of their most significant bits, namely, |p1 − p2| < p 1 2rq 1 q 2 .
doi:10.1007/978-3-319-18681-8_28 fatcat:rnqsm42mgbh5zm2bbnrpcvjuee