Cryptanalysis of Exhaustive Search on Attacking RSA
In: Network and System Security ISBN: 9783642346002 NSS; (2012)
Online
unknown
Zugriff:
In RSA equation: ed=k·φ(N)+1, we may guess on partial bits of d or p+q by doing an exhaustive search to further extend the security boundary of d. In this paper, we discuss the following question: Does guessing on p+q bring more benefit than guessing on d? We provide the detailed analysis on this problem by using the lattice reduction technique. Our analysis shows that leaking partial most significant bits (MSBs) of p+q in RSA risks more than leaking partial MSBs of d. This result inspires us to further extend the boundary of the Boneh-Durfee attack to N0.284+Δ, where "Δ" is contributed by the capability of exhaustive search. Assume that doing an exhaustive search for 64 bits is feasible in the current computational environment, the boundary of the Boneh-Durfee attack should be raised to d
Titel: |
Cryptanalysis of Exhaustive Search on Attacking RSA
|
---|---|
Autor/in / Beteiligte Person: | Tso, Raylin ; Wu, Mu-En ; Sun, Hung-Min |
Link: | |
Quelle: | Network and System Security ISBN: 9783642346002 NSS; (2012) |
Veröffentlichung: | Springer Berlin Heidelberg, 2012 |
Medientyp: | unknown |
ISBN: | 978-3-642-34600-2 (print) |
DOI: | 10.1007/978-3-642-34601-9_28 |
Schlagwort: |
|
Sonstiges: |
|