Improved attacks on multi-prime rsa with small prime difference

Hui Zhang, Tsuyoshi Takagi

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

We consider some attacks on multi-prime RSA (MPRSA) with a modulus N = p1 p2 . . . pr (r ≥ 3). It is believed that the small private exponent attack on the MPRSA is less effective than that on RSA (see Hinek et al.'s work at SAC 2003), which means smaller private exponents can be used in the MPRSA to speed up the decryption process. Our work shows that even if a private exponent is significantly beyond Hinek et al.'s bound, it still may be insecure if the prime difference Δ (Δ = pr - p1 = Nγ, supposing p1 < p2 < · · · < pr ) is small, i.e. 0 < γ < 1/r. Specifically, by taking full advantage of prime properties, our small private exponent attack reveals that the MPRSA is insecure when δ < 1 - √ 1 + 2γ - 3/r (if γ ≥ 3 2r - 1+d/4 ) or δ ≤ 3r - 1 4 -2 (if γ < 3 2r - 1+δ/4 ), where δ is the exponential of the private exponent d with base N, i.e., d = Nδ. In addition, we present a Fermat-like factoring attack which factors N efficiently when Δ < N1/r2 . These proposed attacks surpass previous works (e.g. Bahig et al.'s at ICICS 2012), and are proved effective in practice.

Original languageEnglish
Pages (from-to)1533-1541
Number of pages9
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE97-A
Issue number7
DOIs
Publication statusPublished - Jan 1 2014

Fingerprint

Attack
Exponent
Fermat
Factoring
Modulus
Speedup

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics

Cite this

Improved attacks on multi-prime rsa with small prime difference. / Zhang, Hui; Takagi, Tsuyoshi.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E97-A, No. 7, 01.01.2014, p. 1533-1541.

Research output: Contribution to journalArticle

@article{c030d7432a034d7d98d4605decc23e61,
title = "Improved attacks on multi-prime rsa with small prime difference",
abstract = "We consider some attacks on multi-prime RSA (MPRSA) with a modulus N = p1 p2 . . . pr (r ≥ 3). It is believed that the small private exponent attack on the MPRSA is less effective than that on RSA (see Hinek et al.'s work at SAC 2003), which means smaller private exponents can be used in the MPRSA to speed up the decryption process. Our work shows that even if a private exponent is significantly beyond Hinek et al.'s bound, it still may be insecure if the prime difference Δ (Δ = pr - p1 = Nγ, supposing p1 < p2 < · · · < pr ) is small, i.e. 0 < γ < 1/r. Specifically, by taking full advantage of prime properties, our small private exponent attack reveals that the MPRSA is insecure when δ < 1 - √ 1 + 2γ - 3/r (if γ ≥ 3 2r - 1+d/4 ) or δ ≤ 3r - 1 4 -2 (if γ < 3 2r - 1+δ/4 ), where δ is the exponential of the private exponent d with base N, i.e., d = Nδ. In addition, we present a Fermat-like factoring attack which factors N efficiently when Δ < N1/r2 . These proposed attacks surpass previous works (e.g. Bahig et al.'s at ICICS 2012), and are proved effective in practice.",
author = "Hui Zhang and Tsuyoshi Takagi",
year = "2014",
month = "1",
day = "1",
doi = "10.1587/transfun.E97.A.1533",
language = "English",
volume = "E97-A",
pages = "1533--1541",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "7",

}

TY - JOUR

T1 - Improved attacks on multi-prime rsa with small prime difference

AU - Zhang, Hui

AU - Takagi, Tsuyoshi

PY - 2014/1/1

Y1 - 2014/1/1

N2 - We consider some attacks on multi-prime RSA (MPRSA) with a modulus N = p1 p2 . . . pr (r ≥ 3). It is believed that the small private exponent attack on the MPRSA is less effective than that on RSA (see Hinek et al.'s work at SAC 2003), which means smaller private exponents can be used in the MPRSA to speed up the decryption process. Our work shows that even if a private exponent is significantly beyond Hinek et al.'s bound, it still may be insecure if the prime difference Δ (Δ = pr - p1 = Nγ, supposing p1 < p2 < · · · < pr ) is small, i.e. 0 < γ < 1/r. Specifically, by taking full advantage of prime properties, our small private exponent attack reveals that the MPRSA is insecure when δ < 1 - √ 1 + 2γ - 3/r (if γ ≥ 3 2r - 1+d/4 ) or δ ≤ 3r - 1 4 -2 (if γ < 3 2r - 1+δ/4 ), where δ is the exponential of the private exponent d with base N, i.e., d = Nδ. In addition, we present a Fermat-like factoring attack which factors N efficiently when Δ < N1/r2 . These proposed attacks surpass previous works (e.g. Bahig et al.'s at ICICS 2012), and are proved effective in practice.

AB - We consider some attacks on multi-prime RSA (MPRSA) with a modulus N = p1 p2 . . . pr (r ≥ 3). It is believed that the small private exponent attack on the MPRSA is less effective than that on RSA (see Hinek et al.'s work at SAC 2003), which means smaller private exponents can be used in the MPRSA to speed up the decryption process. Our work shows that even if a private exponent is significantly beyond Hinek et al.'s bound, it still may be insecure if the prime difference Δ (Δ = pr - p1 = Nγ, supposing p1 < p2 < · · · < pr ) is small, i.e. 0 < γ < 1/r. Specifically, by taking full advantage of prime properties, our small private exponent attack reveals that the MPRSA is insecure when δ < 1 - √ 1 + 2γ - 3/r (if γ ≥ 3 2r - 1+d/4 ) or δ ≤ 3r - 1 4 -2 (if γ < 3 2r - 1+δ/4 ), where δ is the exponential of the private exponent d with base N, i.e., d = Nδ. In addition, we present a Fermat-like factoring attack which factors N efficiently when Δ < N1/r2 . These proposed attacks surpass previous works (e.g. Bahig et al.'s at ICICS 2012), and are proved effective in practice.

UR - http://www.scopus.com/inward/record.url?scp=84903699162&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84903699162&partnerID=8YFLogxK

U2 - 10.1587/transfun.E97.A.1533

DO - 10.1587/transfun.E97.A.1533

M3 - Article

AN - SCOPUS:84903699162

VL - E97-A

SP - 1533

EP - 1541

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 7

ER -