Sciweavers

AAECC
2004
Springer

On the Security of RSA with Primes Sharing Least-Significant Bits

13 years 3 months ago
On the Security of RSA with Primes Sharing Least-Significant Bits
Abstract. We investigate the security of a variant of the RSA public-key cryptosystem called LSBS-RSA, in which the modulus primes share a large number of least-significant bits.We show that low public-exponent LSBS-RSA is inherently resistant to Partial Key Exposure (PKE) attacks in which least-significant bits of the secret exponent are revealed to the attacker, and in particular that the Boneh-Durfee-Frankel PKE attack [5] on low public-exponent RSA is less effective for LSBS-RSA systems than for standard RSA. On the other hand, we show that large public-exponent LSBS-RSA is more vulnerable to such attacks than standard RSA. An application to server-aided RSA signature generation is proposed.
Ron Steinfeld, Yuliang Zheng
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2004
Where AAECC
Authors Ron Steinfeld, Yuliang Zheng
Comments (0)