Small Secret CRT-Exponent Attacks on Takagi's RSA
スポンサーリンク
概要
- 論文の詳細を見る
CRT-RSA is a variant of RSA, which uses integers dp = d mod(p - 1) and dq = d mod(q - 1) (CRT-exponents), where d,p,q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagis RSA is a variant of CRT-RSA, whose public key N is of the form prq for a given positive integer r. In this paper, we extend the Mays method and the Bleichenbacher-Mays method to Takagis RSA, and we show that we obtain p in polynomial time if $p < N^{3/(4 + 2 \\sqrt{r(r+3)})}$ by the extended Mays method, and if $p < N^{6/(5r + \\sqrt{13r^2 + 48r})}$ by the extended Bleichenbacher-Mays method, when dq is arbitrary small. If r=1, these upper bounds conform to Mays and Bleichenbacher-Mays results respectively. Moreover, we also show that the upper bound of pr increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice.
- 2011-01-01
著者
-
KUNIHIRO Noboru
University of Electro-Communica-tions
-
SHINOHARA Naoyuki
National Institute of Information and Communications Technology
-
IZU Tetsuya
FUJITSU LABORATORIES Ltd. and FUJITSU Ltd.
-
Kunihiro Noboru
University Of Tokyo
-
Izu Tetsuya
Fujitsu Laboratories Ltd.
-
Shinohara Naoyuki
National Inst. Of Information And Communications Technol. Koganei‐shi Jpn
関連論文
- Extending Bleichenbachers Forgery Attack
- Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
- Small Secret CRT-Exponent Attacks on Takagis RSA
- Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition
- Cryptanalysis of Two MD5-Based Authentication Protocols : APOP and NMAC
- Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
- New Message Differences for Collision Attacks on MD4 and MD5
- Improved Collision Attacks on MD4 and MD5(Hash Functions,Cryptography and Information Security)
- Reduction Optimal Trinomials for Efficient Software Implementation of the ηT Pairing
- Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi's RSA
- A Practical Countermeasure against Address-bit Differential Power Analysis (特集:プライバシを保護するコンピュータセキュリティ技術)
- Improved Collision Search for Hash Functions : New Advanced Message Modification
- A Note on the Lattice Factoring Method (Cryptography and Information Security)
- Small Secret CRT-Exponent Attacks on Takagi's RSA
- A Note on the Lattice Factoring Method
- Near-Collision Attacks on MD4 : Applied to MD4-Based Protocols
- Exact Analyses of Computational Time for Factoring in Quantum Computers(Public Key Cryptography)(Cryptography and Information Security)
- Side Channel Cryptanalysis on XTR Public Key Cryptosystem(Discrete Mathematics and Its Applications)
- Solving Generalized Small Inverse Problems
- Detailed Cost Estimation of CNTW Forgery Attack against EMV Signature Scheme
- Experimental Analysis of Cheon's Algorithm against Pairing-friendly Curves
- Key Length Estimation of Pairing-Based Cryptosystems Using ηT Pairing over GF(3n)
- Extending Bleichenbacher's Forgery Attack