Improved cryptanalysis of RSA

Abstract

Let N = pq be an RSA modulus and e be a public exponent. Let j(N) = (p − 1)(q − 1) be the Euler’s totient function. The equation ex2 −j(N)y2 = z has infinitely many solutions in integers (x, y, z). We show that if x, y and z are suitably small, then one can factor the RSA modulus. Our bounds on the size of the solutions x, y, and z improve the existing bounds of some attacks on RSA such as Wiener’s continued fractions based attack, and Blömer-May’s lattice reduction based attack.