Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
PKC
2005
Springer
2005
Springer
Converse Results to the Wiener Attack on RSA
A well-known attack on RSA with low secret-exponent d was given by Wiener about 15 years ago. Wiener showed that using continued fractions, one can efficiently recover the secret-exponent d from the public key (N, e) as long as d < N1/4 . Interestingly, Wiener stated that his attack may sometimes also work when d is slightly larger than N1/4 . This raises the question of how much larger d can be: could the attack work with non-negligible probability for d = N1/4+ρ for some constant ρ > 0? We answer this question in the negative by proving a converse to Wiener’s result. Our result shows that, for any fixed > 0 and all sufficiently large modulus lengths, Wiener’s attack succeeds with negligible probability over a random choice of d < Nδ (in an interval of size Ω(Nδ )) as soon as δ > 1/4 + . Thus Wiener’s success bound d < N1/4 for his algorithm is essentially tight. We also obtain a converse result for a natural class of extensions of the Wiener attack, w...
Real-time Traffic| Added | 28 Jun 2010 |
| Updated | 28 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | PKC |
| Authors | Ron Steinfeld, Scott Contini, Huaxiong Wang, Josef Pieprzyk |
Comments (0)
Researcher Info
|
