Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CRYPTO
2007
Springer
2007
Springer
A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073
Wiener’s famous attack on RSA with d < N0.25 shows that using a small d for an efficient decryption process makes RSA completely insecure. As an alternative, Wiener proposed to use the Chinese Remainder Theorem in the decryption phase, where dp = d mod (p − 1) and dq = d mod (q − 1) are chosen significantly smaller than p and q. The parameters dp, dq are called private CRT-exponents. Since Wiener’s proposal in 1990, it has been a challenging open question whether there exists a polynomial time attack on small private CRT-exponents. In this paper, we give an affirmative answer to this question, and show that a polynomial time attack exists if dp and dq are smaller than N0.073 .
Real-time Traffic| Added | 07 Jun 2010 |
| Updated | 07 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | CRYPTO |
| Authors | Ellen Jochemsz, Alexander May |
Comments (0)
Researcher Info
|
