Practical  Small Private Exponent Attacks against RSA

Yansong Feng; Zhen Liu; Abderrahmane Nitaj; Yanbin Pan

Paper 2024/1331

Practical Small Private Exponent Attacks against RSA

Yansong Feng

Zhen Liu

Abderrahmane Nitaj

Yanbin Pan

Abstract

It is well known that the best small private exponent attack against RSA is that when the private exponent $d < N^{0.292}$, one can factor the RSA modulus $N = pq$. However, the bound $N^{0.292}$ is very difficult to achieve directly since we need to deal with some lattice with very high dimension, which seems infeasible by now. Recently, Li et al. proposed a practical attack that can solve cases when $d$ approaches $N^{0.292}$ within a month for $1024$ bit $N$. In this paper, we propose an improved practical small private exponent attack by enumerating the most significant bits of $p + q$. Together with some skills in implementations, we can also achieve the bound $N^{0.292}$, but with significantly less time compared to previous work.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: RSA Small Private Exponent Attack Lattice Coppersmith's method
Contact author(s): fengyansong @ amss ac cn
liuzhen @ hubu edu cn
abderrahmane nitaj @ unicaen fr
panyanbin @ amss ac cn
History: 2024-08-26: approved; 2024-08-25: received; See all versions
Short URL: https://ia.cr/2024/1331
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1331,
      author = {Yansong Feng and Zhen Liu and Abderrahmane Nitaj and Yanbin Pan},
      title = {Practical  Small Private Exponent Attacks against {RSA}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1331},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1331}
}