Cryptology ePrint Archive: Report 2015/398

Factoring RSA moduli with weak prime factors

Abderrahmane Nitaj and Tajjeeddine Rachidi

Abstract: In this paper, we study the problem of factoring an RSA modulus $N=pq$ in polynomial time, when $p$ is a weak prime, that is, $p$ can be expressed as $ap=u_0+M_1u_1+\ldots+M_ku_k$ for some $k$ integers $M_1,\ldots, M_k$ and $k+2$ suitably small parameters $a$, $u_0,\ldots u_k$. We further compute a lower bound for the set of weak moduli, that is, moduli made of at least one weak prime, in the interval $[2^{2n},2^{2(n+1)}]$ and show that this number is much larger than the set of RSA prime factors satisfying Coppersmith's conditions, effectively extending the likelihood for factoring RSA moduli. We also prolong our findings to moduli composed of two weak primes.

Category / Keywords: RSA

Original Publication (in the same form): C2SI-Berger2015

Date: received 27 Apr 2015, last revised 27 Apr 2015

Contact author: abderrahmane nitaj at unicaen fr

Available format(s): PDF | BibTeX Citation

Version: 20150501:120738 (All versions of this report)

Short URL: ia.cr/2015/398

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]