The Search is performed on all of the following fields:
Note: Please use complete words only.

Publication Title

Abstract

Publication Keywords

DOI

Proceeding Title

Proceeding Foreword

ISBN (Completed)

Insticc Ontology

Author Affiliation

Author Name

Editor Name

If you're looking for an exact phrase use quotation marks on text fields.

Paper

Extension of de Weger’s Attack on RSA with Large Public KeysTopics: Applied Cryptography; Identification, Authentication and Non-Repudiation; Information Hiding

Keyword(s):RSA, Cryptanalysis, Weak Keys, Exponent Blinding, Wiener’s Attack, de Weger’s Attack, Large Public Keys.

Related
Ontology
Subjects/Areas/Topics:Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Information Assurance
;
Information Hiding

Abstract: RSA cryptosystem (Rivest et al., 1978) is the most widely deployed public-key cryptosystem for both encryption and digital signatures. Since its invention, lots of cryptanalytic efforts have been made which helped us to improve it, especially in the area of key selection. The security of RSA relies on the computational hardness of factoring large integers and most of the attacks exploit bad choice parameters or flaws in implementations. Two very important cryptanalytic efforts in this area have been made by Wiener (Wiener, 1990) and de Weger (Weger, 2002) who developed attacks based on small secret keys (Hinek, 2010).The main idea of Wiener’s attack is to approximate the fraction e j(N) by eN for large values of N and then make use of the continued fraction algorithm to recover the secret key d by computing the convergents of the fraction eN. He proved that the secret key d can be efficiently recovered if d < 1 3N 1 4 and e < j(N) and then de Weger extended this attack from d < 1 3N 1 4 to d < N 3 4−b, for any 1 4 < b < 1 2 such that |p−q| < Nb. The aim of this paper is to investigate for which values of the variables s and D = |p−q|, RSA which uses public keys of the special structure E = e+sj(N), where e < j(N), is insecure against cryptanalysis. Adding multiples of j(N) either to e or to d is called Exponent Blinding and it is widely used especially in case of encryption schemes or digital signatures implemented in portable devices such as smart cards (Schindler and Itoh, 2011). We show that an extension of de Weger’s attack from public keys e < j(N) to E > j(N) is possible if the security parameter s satisfies s ≤ N 12 .(More)

RSA cryptosystem (Rivest et al., 1978) is the most widely deployed public-key cryptosystem for both encryption and digital signatures. Since its invention, lots of cryptanalytic efforts have been made which helped us to improve it, especially in the area of key selection. The security of RSA relies on the computational hardness of factoring large integers and most of the attacks exploit bad choice parameters or flaws in implementations. Two very important cryptanalytic efforts in this area have been made by Wiener (Wiener, 1990) and de Weger (Weger, 2002) who developed attacks based on small secret keys (Hinek, 2010).The main idea of Wiener’s attack is to approximate the fraction e j(N) by eN for large values of N and then make use of the continued fraction algorithm to recover the secret key d by computing the convergents of the fraction eN. He proved that the secret key d can be efficiently recovered if d < 1 3N 1 4 and e < j(N) and then de Weger extended this attack from d < 1 3N 1 4 to d < N 3 4−b, for any 1 4 < b < 1 2 such that |p−q| < Nb. The aim of this paper is to investigate for which values of the variables s and D = |p−q|, RSA which uses public keys of the special structure E = e+sj(N), where e < j(N), is insecure against cryptanalysis. Adding multiples of j(N) either to e or to d is called Exponent Blinding and it is widely used especially in case of encryption schemes or digital signatures implemented in portable devices such as smart cards (Schindler and Itoh, 2011). We show that an extension of de Weger’s attack from public keys e < j(N) to E > j(N) is possible if the security parameter s satisfies s ≤ N 12 .

Guests can use SciTePress Digital Library without having a SciTePress account. However, guests have limited access to downloading full text versions of papers and no access to special options.

Guests can use SciTePress Digital Library without having a SciTePress account. However, guests have limited access to downloading full text versions of papers and no access to special options.

T. Courtois, N.; Mourouzis, T. and V. Le, P. (2012). Extension of de Weger’s Attack on RSA with Large Public Keys.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 145-153. DOI: 10.5220/0004054201450153

@conference{secrypt12, author={Nicolas T. Courtois. and Theodosis Mourouzis. and Pho V. Le.}, title={Extension of de Weger’s Attack on RSA with Large Public Keys}, booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)}, year={2012}, pages={145-153}, publisher={SciTePress}, organization={INSTICC}, doi={10.5220/0004054201450153}, isbn={978-989-8565-24-2}, }

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) TI - Extension of de Weger’s Attack on RSA with Large Public Keys SN - 978-989-8565-24-2 AU - T. Courtois, N. AU - Mourouzis, T. AU - V. Le, P. PY - 2012 SP - 145 EP - 153 DO - 10.5220/0004054201450153