New Partial Key Exposure Attacks on RSA

14 years 4 months ago

Download www.cs.uni-paderborn.de

Abstract. In 1998, Boneh, Durfee and Frankel [4] presented several attacks on RSA when an adversary knows a fraction of the secret key bits. The motivation for these so-called partial key exposure attacks mainly arises from the study of side-channel attacks on RSA. With side channel attacks an adversary gets either most signiﬁcant or least signiﬁcant bits of the secret key. The polynomial time algorithms given in [4] only work provided that the public key e is smaller than N 1 2 . It was raised as an open question whether there are polynomial time attacks beyond this bound. We answer this open question in the present work both in the case of most and least signiﬁcant bits. Our algorithms make use of Coppersmith’s heuristic method for solving modular multivariate polynomial equations [8]. For known most signiﬁcant bits, we provide an algorithm that works for public exponents e in the interval [N 1 2 , N0.725 ]. Surprisingly, we get an even stronger result for known least signi...

Johannes Blömer, Alexander May

Real-time Traffic

CRYPTO 2003 | Key Exposure Attacks | Partial Key Exposure | Signiﬁcant Bits |

claim paper

Post Info
More Details (n/a)

Added	06 Jul 2010
Updated	06 Jul 2010
Type	Conference
Year	2003
Where	CRYPTO
Authors	Johannes Blömer, Alexander May

Comments (0)

Sciweavers

New Partial Key Exposure Attacks on RSA

CRYPTO 2003 | Key Exposure Attacks | Partial Key Exposure | Signiﬁcant Bits |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers