Cryptology ePrint Archive: Report 2016/195

How to Generalize RSA Cryptanalyses

Atsushi Takayasu and Noboru Kunihiro

Abstract: Recently, the security of RSA variants with moduli N=p^rq, e.g., the Takagi RSA and the prime power RSA, have been actively studied in several papers. Due to the unusual composite moduli and rather complex key generations, the analyses are more involved than the standard RSA. Furthermore, the method used in some of these works are specialized to the form of composite integers N=p^rq.

In this paper, we generalize the techniques used in the current best attacks on the standard RSA to the RSA variants. We show that the lattices used to attack the standard RSA can be transformed into lattices to attack the variants where the dimensions are larger by a factor of (r+1) of the original lattices. We believe the steps we took present to be more natural than previous researches, and to illustrate this point we obtained the following results: \begin​{itemize} \item Simpler proof for small secret exponent attacks on the Takagi RSA proposed by Itoh et al. (CT-RSA 2008). Our proof generalizes the work of Herrmann and May (PKC 2010). \item Partial key exposure attacks on the Takagi RSA; generalizations of the works of Ernst et al. (Eurocrypt 2005) and Takayasu and Kunihiro (SAC 2014). Our attacks improve the result of Huang et al. (ACNS 2014). \item Small secret exponent attacks on the prime power RSA; generalizations of the work of Boneh and Durfee (Eurocrypt 1999). Our attacks improve the results of Sarkar (DCC 2014, ePrint 2015) and Lu et al. (Asiacrypt 2015). \item Partial key exposure attacks on the prime power RSA; generalizations of the works of Ernst et al. and Takayasu and Kunihiro. Our attacks improve the results of Sarkar and Lu et al. \end{itemize} The construction techniques and the strategies we used are conceptually easier to understand than previous works, owing to the fact that we exploit the exact connections with those of the standard RSA.

Category / Keywords: public-key cryptography / RSA, Takagi RSA, prime power RSA, cryptanalysis, small secret exponent, partial key exposure, lattices, Coppersmith's method

Original Publication (with minor differences): IACR-PKC-2016

Date: received 23 Feb 2016

Contact author: a-takayasu at it k u-tokyo ac jp

Available format(s): PDF | BibTeX Citation

Version: 20160224:182923 (All versions of this report)

Short URL: ia.cr/2016/195

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]