Abstract
For a variant of RSA with modulus N = prq and ed Ξ 1 mod (p - 1)(q - 1), we show that d can be recovered if d < N(2-√2)/(r+1). (Note that φ(N) ≠ (p - 1)(q - 1).) Boneh-Durfee's result for the standard RSA is obtained as a special case for r = 1. Technically, we develop a method of a finding small root of a trivariate polynomial equation f(x, y, z) = x(y - 1)(z - 1) + 1 = 0 (mode) under the condition that yrz = N. Our result cannot be obtained from the generic method of Jochemsz-May.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Published version (
Free)
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
