Paper 2018/609
Improved Results on Factoring General RSA Moduli with Known Bits
Abstract
We revisit the factoring with known bits problem on general RSA moduli in the forms of $N=p^r q^s$ for $r,s\ge 1$, where two primes $p$ and $q$ are of the same bit-size. The relevant moduli are inclusive of $pq$, $p^r q$ for $r>1$, and $p^r q^s$ for $r,s>1$, which are used in the standard RSA scheme and other RSA-type variants. Previous works acquired the results mainly by solving univariate modular equations. In contrast, we investigate how to efficiently factor $N=p^r q^s$ with given leakage of the primes by the integer method using the lattice-based technique in this paper. More precisely, factoring general RSA moduli with known most significant bits (MSBs) of the primes can be reduced to solving bivariate integer equations, which was first proposed by Coppersmith to factor $N=pq$ with known high bits. Our results provide a unifying solution to the factoring with known bits problem on general RSA moduli. Furthermore, we reveal that there exists an improved factoring attack via the integer method for particular RSA moduli like $p^3 q^2$ and $p^5 q^3$.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. IEEE Access
- DOI
- 10.1109/ACCESS.2023.3264590
- Keywords
- FactorizationGeneral RSA moduliKnown bitsInteger methodLattice-based technique
- Contact author(s)
- mengce zheng @ gmail com
- History
- 2023-04-11: revised
- 2018-06-22: received
- See all versions
- Short URL
- https://ia.cr/2018/609
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/609,
author = {Mengce Zheng},
title = {Improved Results on Factoring General {RSA} Moduli with Known Bits},
howpublished = {Cryptology {ePrint} Archive, Paper 2018/609},
year = {2018},
doi = {10.1109/ACCESS.2023.3264590},
url = {https://eprint.iacr.org/2018/609}
}
