New Jochemsz–May Cryptanalytic bound for RSA system utilizing common Modulus N = p2q

This paper describes an attack on the Rivest, Shamir and Adleman (RSA) cryptosystem utilizing the modulus N = p 2 q where p and q are two large balanced primes. Let e1 ,e2 < Nγ be the integers such that d1 , d2 < Nδ be their multiplicative inverses. Based on the two key equations e1d1 − k1φ(N) = 1 and e2d2 − k2φ(N) = 1 where φ(N) = p(p − 1)(q − 1), our attack works when the primes share a known amount of least significant bits (LSBs) and the private exponents share an amount of most significant bits (MSBs). We apply the extended strategy of Jochemsz–May to find the small roots of an integer polynomial and show that N can be factored if δ < 11 10 + 9 4 α − 1 2 β − 1 2 γ − 1 30 p 180γ + 990α − 180β + 64. Our attack improves the bounds of some previously proposed attacks that makes the RSA variant vulnerable.

Actions (login required)

View Item