Abstract
Asymmetric key cryptosystem is a vital element in securing our communication in cyberspace. It encrypts our transmitting data and authenticates the originality and integrity of the data. The Rivest–Shamir–Adleman (RSA) cryptosystem is highly regarded as one of the most deployed public-key cryptosystem today. Previous attacks on the cryptosystem focus on the effort to weaken the hardness of integer factorization problem, embedded in the RSA modulus, N = p q . The adversary used several assumptions to enable the attacks. For examples, p and q which satisfy Pollard’s weak primes structures and partial knowledge of least significant bits (LSBs) of p and q can cause N to be factored in polynomial time, thus breaking the security of RSA. In this paper, we heavily utilized both assumptions. First, we assume that p and q satisfy specific structures where p = a m + r p and q = b m + r q for a , b are positive integers and m is a positive even number. Second, we assume that the bits of r p and r q are the known LSBs of p and q respectively. In our analysis, we have successfully factored N in polynomial time using both assumptions. We also counted the number of primes that are affected by our attack. Based on the result, it may poses a great danger to the users of RSA if no countermeasure being developed to resist our attack.
Highlights
One of the earliest asymmetric key cryptosystems is the Rivest–Shamir–Adleman (RSA)cryptosystem, introduced by Rivest, Shamir and Adleman in 1978 [1]
least significant bits (LSBs) are required in our attack to factor N in polynomial time given that the RSA primes satisfy specified structures
Throughout this paper, we focus on the RSA primes in the forms of p = am + r p and q = bm + rq
Summary
One of the earliest asymmetric key cryptosystems is the Rivest–Shamir–Adleman (RSA). cryptosystem, introduced by Rivest, Shamir and Adleman in 1978 [1]. Pollard showed that if p − 1 or q − 1 are constituted of small primes, there is a factoring algorithm to factor N = pq in polynomial time Another method in attacking RSA assumes that several bits of p and q are known by the adversary and this weakens the hardness of factoring. We show that only a small amount of LSBs are required in our attack to factor N in polynomial time given that the RSA primes satisfy specified structures. We show the abundance of primes that can satisfy the structures and no proper checking mechanism has been done in any standard RSA libraries to hinder the usage of such primes This shows the risks inherent in the existing method to generate RSA keys may produces RSA modulus that falls under our attack
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
