In this paper, we present a new attack on RSA when the public exponent is short, for instance 3 or 216 +1, and when the classical exponent randomization is used. This attack works ...
sion of an extended abstract published in Proceedings of Crypto 2009, Springer-Verlag, 2009. Available from the IACR Cryptology ePrint Archive as Report 2008/510. We show that an ...