loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Nicolas T. Courtois ; Theodosis Mourouzis and Pho V. Le

Affiliation: University College London, United Kingdom

ISBN: 978-989-8565-24-2

Keyword(s): RSA, Cryptanalysis, Weak Keys, Exponent Blinding, Wiener’s Attack, de Weger’s Attack, Large Public Keys.

Related Ontology Subjects/Areas/Topics: Applied Cryptography ; Cryptographic Techniques and Key Management ; Data Engineering ; Databases and Data Security ; Identification, Authentication and Non-Repudiation ; Information and Systems Security ; Information Assurance ; Information Hiding

Abstract: RSA cryptosystem (Rivest et al., 1978) is the most widely deployed public-key cryptosystem for both encryption and digital signatures. Since its invention, lots of cryptanalytic efforts have been made which helped us to improve it, especially in the area of key selection. The security of RSA relies on the computational hardness of factoring large integers and most of the attacks exploit bad choice parameters or flaws in implementations. Two very important cryptanalytic efforts in this area have been made by Wiener (Wiener, 1990) and de Weger (Weger, 2002) who developed attacks based on small secret keys (Hinek, 2010).The main idea of Wiener’s attack is to approximate the fraction e j(N) by eN for large values of N and then make use of the continued fraction algorithm to recover the secret key d by computing the convergents of the fraction eN. He proved that the secret key d can be efficiently recovered if d < 1 3N 1 4 and e < j(N) and then de Weger extended this attack from d < 1 3N 1 4 to d < N 3 4−b, for any 1 4 < b < 1 2 such that |p−q| < Nb. The aim of this paper is to investigate for which values of the variables s and D = |p−q|, RSA which uses public keys of the special structure E = e+sj(N), where e < j(N), is insecure against cryptanalysis. Adding multiples of j(N) either to e or to d is called Exponent Blinding and it is widely used especially in case of encryption schemes or digital signatures implemented in portable devices such as smart cards (Schindler and Itoh, 2011). We show that an extension of de Weger’s attack from public keys e < j(N) to E > j(N) is possible if the security parameter s satisfies s ≤ N 12 . (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.175.120.174

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
T. Courtois, N.; Mourouzis, T. and V. Le, P. (2012). Extension of de Weger’s Attack on RSA with Large Public Keys.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 145-153. DOI: 10.5220/0004054201450153

@conference{secrypt12,
author={Nicolas T. Courtois. and Theodosis Mourouzis. and Pho V. Le.},
title={Extension of de Weger’s Attack on RSA with Large Public Keys},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={145-153},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004054201450153},
isbn={978-989-8565-24-2},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Extension of de Weger’s Attack on RSA with Large Public Keys
SN - 978-989-8565-24-2
AU - T. Courtois, N.
AU - Mourouzis, T.
AU - V. Le, P.
PY - 2012
SP - 145
EP - 153
DO - 10.5220/0004054201450153

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.