In the RSA system, balanced modulus N denotes a product of two large prime numbers p and q, where q < p < 2q. Since IntegerFactorization is difficult, p and q are simply estimated as √ N. In the Wiener attack, 2 √ N is adopted to be the estimation of p + q in order to raise the security boundary of private-exponent d. This work proposes a novel approach, called EPF, to determine the appropriate prime-factors of N. The estimated values are called ”EPFs of N”, and are denoted as pE and qE. Thus pE and qE can be adopted to estimate p + q more accurately than by simply adopting 2 √ N. In addition, we show that the Verheul and Tilborg’s extension of the Wiener attack can be considered to be brute-guessing for the MSBs of p + q. Comparing with their work, EPF can extend the Wiener attack to reduce the cost of exhaustivesearching for 2r +8 bits down to 2r −10 bits, where r depends on N and the private key d. The security boundary of private-exponent d can be raised 9 bits ...