Abstract

There are many partial key exposure attacks on RSA or its variants under the assumption that a portion of the bits of the decryption exponent d is exposed. Sarkar and Maitra presented a further attack when some bits of the private prime factor q in the modulus N = pq are simultaneously revealed and the total number of bits of q and d required to be known is reduced compared to previous partial key exposure attacks. In this paper, for both the standard RSA with moduli N = pq and the Takagi’s variant of RSA with moduli N = p 2 q, we propose partial key exposure attacks when most significant bits (MSBs) or least significant bits of q are exposed. Compared with previous results, our theoretical analysis and experimental results show a substantial improvement in reducing the number of known bits of the private key to factor N.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call