Variant Of RSA Research Articles

An efficient RSA-based certificateless public key encryption scheme

In order to resolve the key escrow in identity-based scheme and the significant cost of using a PKI system in traditional public key scheme, the notion of certificateless public key cryptography (CL-PKC) was introduced. The first certificateless public key encryption scheme (CL-PKE) was proposed by Al-Riyami and Paterson, and then further schemes were developed. However, most of them are constructed from the bilinear pairing which is a time costing operation. In this paper, we construct an efficient CL-PKE scheme from RSA since RSA is the de facto Internet standard and is widely used in many applications. The security is based on Kilian–Petrank’s RSA assumption which is a variant of RSA.

A new public key scheme based on DRSA and generalized GDLP

In this paper, we propose a new public key scheme, which is a combination of RSA variant namely the DRSA and the generalization of generalized discrete logarithm problem (generalized GDLP). The security of this scheme depends equally on the integer factorization of [Formula: see text] and the discrete logarithm problem (DLP) on [Formula: see text], where [Formula: see text] is the product of two large primes and [Formula: see text] is the multiplicative group modulo [Formula: see text]. The scheme is a randomized algorithm. It is at least as secure as the DRSA and ElGamal schemes. We also compare the encryption–decryption performance of the proposed scheme with the RSA and DRSA schemes.

RSA-type Algebra Structures

RSA is a public key cryptosystem that is currently the most popularly used in information security. Development of RSA variants has attracted many researchers since its introduction in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman. In this paper, we propose an algebraic structure for RSA and show that the proposed structure covers all known RSA variants. The usefulness of the proposed structure is then proved by showing that, following the structure we can construct a RSA variant based on the Bergman ring. We compare the original RSA and its variants from the point of view of factoring the modulus to determine why the original RSA is widely used than its variants.

Cryptanalysis of Dual RSA

In 2007, Sun et al. (IEEE Trans Inf Theory 53(8):2922---2933, 2007) presented new variants of RSA, called Dual RSA, whose key generation algorithm outputs two distinct RSA moduli having the same pu...

Factoring multi power RSA moduli with a class of secret exponents

Abstract In this paper, we consider the RSA variant based on the key equation ed ≡ 1 (mod φ(N)) where N = prq, r ≥ 2. We show that if the secret exponent d is close to any multiple of the prime factor p or its powers, then it is possible to factor N in polynomial time in log N.

A new public key encryption scheme based on two cryptographic assumptions

In this paper we present a new cryptosystem which is a combination of RSA variant namely rebalanced RSA-CRT and general formulation of DGDLP. Its security is depend upon integer factorization problem and general formulation of DGDLP.

Cryptanalysis of Prime Power RSA with two private exponents

In this paper, we consider a variant of RSA schemes called Prime Power RSA with modulus N = prq for r ≥ 2, where p, q are of the same bit-size. May showed that when private exponent \(d < {N^{\frac{r}{{{{\left( {r + 1} \right)}^2}}}}}\) or \(d < {N^{{{\left( {\frac{{r - 1}}{{r + 1}}} \right)}^2}}}\), N can be factored in polynomial time in PKC 2004. Later in 2014, Sarkar improved the bound for r ≤ 5. We propose a new cryptanalytic method to attack this RSA variant when given two pairs of public and private exponents, namely (e1, d1) and (e2, d2) with the same modulus N. Suppose that we know d1 < Nδ1 and d2 < Nδ2. Our results show that when \({\delta _1}{\delta _2} < {\left( {\frac{{r - 1}}{{r + 1}}} \right)^3}\), Prime Power RSA is insecure.

Variant of RSA-Multi prime RSA

Variant of RSA - Multi prime RSA that is backwards compatible that is a system using multi prime RSA can interoperate with systems using standard RSA and this variant is used to speed up RSA decryption.

Small secret exponent attack on RSA variant with modulus $$N=p^rq$$ N = p r q

We consider an RSA variant with Modulus $$N=p^rq$$ N = p r q . This variant is known as Prime Power RSA. In PKC 2004, May proved when decryption exponent $$d<N^{ \frac{r}{(r+1)^2}}$$ d < N r ( r + 1 ) 2 or $$d< N^{\left( \frac{r-1}{r+1}\right) ^2}$$ d < N r - 1 r + 1 2 , one can factor $$N$$ N in polynomial time. In this paper, we improve this bound when $$r \le 5$$ r ≤ 5 . We provide detailed experimental results to justify our claim.

Improved RSA Encryption based Medical Image Compression using Fractional Fourier Transform and Modified SPIHT Encoding Scheme

Medical image data generally need a huge amount of resources for storage and transmission. In recent years, due to the extensive popularity of medical imaging applications in healthcare settings and the increased interest in telemedicine technologies, it is important to minimize both storage and transmission bandwidth necessities required for archival and communication of related data, preferably by employing compression techniques. The security of the compressed image has also become an essential part in medical image analysis. This research focuses on providing efficient compression of the DICOM images with better security and authentication. The DICOM images are encrypted using Improved RSA Variant for better overall performance. This approach uses efficient fractional Fourier Transform and Block based Pass-Parallel SPIHT for compressing the DICOM images. The performance of the proposed approach is compared with the existing approaches and is observed to provide better PSNR and lower MSR values.

Enhanced RSACRT for Energy Efficient Authentication to Wireless Sensor Networks Security

Problem statement: The Security in WSN has become a challenge because of its inherent limitations of resources imposed on the sensor nodes. Authentication and key management scheme allows WSNs to be used with confidence and maintains integrity of data in sensor networks. Approach: In the WSN limited resource scenario the generation of public key done and are randomly pre distributed while deploying the sensor nodes. Since the sensor nodes are limited by energy it needs to concentrate on fast decryption and verification of message. In order to enable the fast decryption we have proposed a novel method which uses three algorithms hybrid to achieve the increase in decryption speed which in turn reduces the energy used for computation and enhances its performance compared with the existing authentication using classical RSA algorithm. Results: The proposed Enhanced Variant of RSA with CRT using Garner’s algorithm to achieve fast decryption speed and provides better performance when compared to the existing RSA. The private key is generated and passed so that the receiver node need not generate it which consumes more computational cost, power and memory at the decryption stage. Also we have done the signing and verification which avoids the message spoofing attack and enable message confidentiality. Further the ERSACRT is designed to counter measure to few attacks possible on RSA. We implemented the ERSACRT in java and tested for system parameters like memory, time, speed and efficiency and compared with that of RSA. Conclusion/Recommendation: The proposed algorithm ERSACRT is efficient and secured along with improved counter measures for secured communication in WSN with reduced energy and computational time.

Cryptanalytic results on ‘Dual CRT’ and ‘Common Prime’ RSA

In this paper we study weaknesses of two variants of RSA: Dual RSA and Common Prime RSA. Several schemes under the framework of Dual RSA have been proposed by Sun et al. (IEEE Trans Inf Theory 53(8):2922---2933, 2007). We here concentrate on the Dual CRT-RSA scheme and present certain range of parameters where it is insecure. As a corollary of our work, we prove that the Dual Generalized Rebalanced-RSA (Scheme III of Sun et al.) can be efficiently broken for a significant region where the scheme has been claimed to be secure. Next we consider the Common Prime RSA as proposed by Wiener (IEEE Trans. Inf. Theory 36:553---558, 1990). We present new range of parameters in Common Prime RSA where it is not secure. We use lattice based techniques for the attacks.

Small Secret CRT-Exponent Attacks on Takagi's RSA

CRT-RSA is a variant of RSA, which uses integers d p = d mod (p - 1) and d q = d mod (q - 1) (CRT-exponents), where d, p, q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagi's RSA is a variant of CRT-RSA, whose public key N is of the form p r q for a given positive integer r. In this paper, we extend the May's method and the Bleichenbacher-May's method to Takagi's RSA, and we show that we obtain p in polynomial time if p < N 3/(4+2 √r(r+3)) by the extended May's method, and if p < N 6/(5r+√13r√2+48r) by the extended Bleichenbacher-May's method, when d q is arbitrary small. If r = 1, these upper bounds conform to May's and Bleichenbacher-May's results respectively. Moreover, we also show that the upper bound of p r increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice.

Common modulus attacks on small private exponent RSA and some fast variants (in practice)

In this work we re-examine two common modulus attacks on RSA. First, we show that Guo's continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a commonmodulus N and private exponents each smaller than N 0.33 , the attack can factor the modulus about 93% of the time in practice. The success rate of the attack can be increased up to almost 100% by including a relatively small exhaustive search. Next, we consider Howgrave-Graham and Seifert's lattice-based attack and show that a second necessary condition for the attack exists that limits the bounds (beyond the original bounds) once n ≥ 7 instances of RSA are used. In particular, by construction, the attack is limited to private exponents at most N 0.5– ε , given sufficiently many instances, instead of the original bound of N 1– ε . In addition, we also consider the effectiveness of the attacks when mounted against multi-prime RSA and Takagi's variant of RSA. For multi-prime RSA, we show three (or more) instances with a common modulus and private exponents smaller than N 1/3– ε is unsafe. For Takagi's scheme, we show that three or more instances with a common modulus N = p t q is unsafe when all the private exponents are smaller than N 2/(3( t +1))– ε . The results, for both variants, is obtained using Guo's method and are almost always successful with the inclusion of a small exhaustive search. When only two instances are available, Howgrave-Graham and Seifert's attack can be successfully mounted on multiprime RSA, with r primes in the modulus, when the private exponents are both smaller than N (3+ r )/7 r – ε .

PARTIAL KEY EXPOSURE ATTACKS ON RSA AND ITS VARIANT BY GUESSING A FEW BITS OF ONE OF THE PRIME FACTORS

Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We first study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. The basic lattice based technique is similar to that of Ernst et al. in Eurocrypt 2005. However, our idea of guessing a few MSBs of the secret prime p substantially reduces the requirement of MSBs or LSBs of d for the key exposure attack. Further, we consider the RSA variant proposed by Sun and Yang in PKC 2005 and show that the partial key exposure attack works significantly on this variant.

Trading decryption for speeding encryption in Rebalanced-RSA

In 1982, Quisquater and Couvreur proposed an RSA variant, called RSA-CRT, based on the Chinese Remainder Theorem to speed up RSA decryption. In 1990, Wiener suggested another RSA variant, called Rebalanced-RSA, which further speeds up RSA decryption by shifting decryption costs to encryption costs. However, this approach essentially maximizes the encryption time since the public exponent e is generally about the same order of magnitude as the RSA modulus. In this paper, we introduce two variants of Rebalanced-RSA in which the public exponent e is much smaller than the modulus, thus reducing the encryption costs, while still maintaining low decryption costs. For a 1024-bit RSA modulus, our first variant (Scheme A) offers encryption times that are at least 2.6 times faster than that in the original Rebalanced-RSA, while the second variant (Scheme B) offers encryption times at least 3 times faster. In both variants, the decrease in encryption costs is obtained at the expense of slightly increased decryption costs and increased key generation costs. Thus, the variants proposed here are best suited for applications which require low costs in encryption and decryption.

Short-Exponent RSA

In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

Small Secret Key Attack on a Takagi's Variant of RSA

For a variant of RSA with modulus N = prq and ed ≡ 1 (mod(p-1)(q-1)), we show that d is to be recovered if d < N(2-√2)/(r+1). (Note that φ(N) ≠ (p-1)(q-1).) Boneh-Durfee's result for the standard RSA is obtained as a special case for r=1. Technically, we develop a method for finding a small root of a trivariate polynomial equation f(x, y, z)=x(y-1)(z-1)+1 ≡ 0 (mod e) under the condition that yrz=N. Our result cannot be obtained from the generic method of Jochemsz-May.

Attacks on Shamir's ‘RSA for paranoids’

In order to allow for efficient use of extremely large moduli, Adi Shamir has proposed a variant of RSA in which one of the two prime factors is much smaller than the other. This note points out that unless special precautions are taken, simple implementations of Shamir's idea are subject to protocol attacks that recover the secret keys.

RNS-modulo reduction upon a restricted base value set and its applicability to RSA cryptography

For a modulo reduction scheme in RNS a set of restricted base values is proposed. In RNS, additions and multiplications can be computed in parallel, avoiding carry propagation delays. This advantage enables the implementation of scalable, parallel arithmetic units for computations in very large finite fields. For such a long integer arithmetic unit certain selection criteria for the base value set have been worked out, targeted to optimise the modulo reduction operation on the RNS digit level. As public key cryptography heavily depends on arithmetic in large finite fields, a parallelisable RSA variant is shown as a sample application.