Abstract
Recently, Zheng and Hu SCIENCE CHINA Information Sciences 5811:1---8, 2015 proposed a cryptanalysis of Prime Power RSA with two private exponents, namely, for a Prime Power RSA modulus $$N=p^rq r>1$$, there are two pairs of public and private exponents. According to their work, when the two private exponents are small enough, this variant of RSA is insecure and one can factor $$N=p^rq$$ efficiently. Moreover, in C2SI 2015, Nitaj and Rachidi considered the implicit factorization problem. They showed that for two Prime Power RSA moduli $$N_1=p_1^rq_1$$ and $$N_2=p_2^rq_2$$, when $$p_1$$ and $$p_2$$ share a suitable amount of most significant bits, one can factor $$N_1$$ and $$N_2$$ in polynomial time. In this paper, we revisit these two works. More specifically, for Zheng-Hu's work, by solving two modular univariate linear equations and modifying the Zheng-Hu's selection of polynomials to construct lattice, we can further improve their result. For Nitaj-Rachidi's work, based on an observation that a desired solution of a modular equation is a factor of Prime Power RSA modulus, we can also improve Nitaj-Rachidi's bound. Our improved attacks are verified by experiments.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
