The recent work on cold boot attacks has sparkled again the interest on partial key exposure attacks and RSA key reconstruction. In this work, contrary to the search tree or lattice-based approaches that most of these works use, SAT solvers are used. The focus is on the study of two scenarios, one where there is disclosure of random bits of $p$ and $q$ and one for the case where the public exponent $e$ is equal to three. In both cases, we provide a more efficient modeling of RSA as an instance of a satisfiability problem, and manage to reconstruct the private key, given a part of the key, even for public keys of 1024 bits in few seconds.
Category / Keywords: SAT solvers, RSA, partial key exposure, factoring, public-key cryptography Date: received 18 Jan 2013, last revised 7 May 2013 Contact author: patsakik at scss tcd ie Available format(s): PDF | BibTeX Citation Version: 20130507:162240 (All versions of this report) Short URL: ia.cr/2013/026 Discussion forum: Show discussion | Start new discussion