Improved Results on Factoring General RSA Moduli with Known Bits

Mengce Zheng

Paper 2018/609

Improved Results on Factoring General RSA Moduli with Known Bits

Mengce Zheng

Abstract

We revisit the factoring with known bits problem on general RSA moduli in the forms of $N = p^{r} q^{s}$ for $r, s \geq 1$ , where two primes $p$ and $q$ are of the same bit-size. The relevant moduli are inclusive of $p q$ , $p^{r} q$ for $r > 1$ , and $p^{r} q^{s}$ for $r, s > 1$ , which are used in the standard RSA scheme and other RSA-type variants. Previous works acquired the results mainly by solving univariate modular equations. In contrast, we investigate how to efficiently factor $N = p^{r} q^{s}$ with given leakage of the primes by the integer method using the lattice-based technique in this paper. More precisely, factoring general RSA moduli with known most significant bits (MSBs) of the primes can be reduced to solving bivariate integer equations, which was first proposed by Coppersmith to factor with known high bits. Our results provide a unifying solution to the factoring with known bits problem on general RSA moduli. Furthermore, we reveal that there exists an improved factoring attack via the integer method for particular RSA moduli like and .

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. IEEE Access
DOI: 10.1109/ACCESS.2023.3264590
Keywords: Factorization General RSA moduli Known bits Integer method Lattice-based technique
Contact author(s): mengce zheng @ gmail com
History: 2023-04-11: revised; 2018-06-22: received; See all versions
Short URL: https://ia.cr/2018/609
License: CC BY

BibTeX

@misc{cryptoeprint:2018/609,
      author = {Mengce Zheng},
      title = {Improved Results on Factoring General {RSA} Moduli with Known Bits},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/609},
      year = {2018},
      doi = {10.1109/ACCESS.2023.3264590},
      url = {https://eprint.iacr.org/2018/609}
}