Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Designs, Codes and Cryptography
Published in: Designs, Codes and Cryptography 1/2017

22-03-2016

Cryptanalysis of Dual RSA

Authors: Liqiang Peng, Lei Hu, Yao Lu, Jun Xu, Zhangjie Huang

Published in: Designs, Codes and Cryptography | Issue 1/2017

Login to get access

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In 2007, Sun et al. (IEEE Trans Inf Theory 53(8):2922–2933, 2007) presented new variants of RSA, called Dual RSA, whose key generation algorithm outputs two distinct RSA moduli having the same public and private exponents, with an advantage of reducing storage requirements for keys. These variants can be used in some applications like blind signatures and authentication/secrecy. In this paper, we give an improved analysis on Dual RSA and obtain that when the private exponent is smaller than \(N^{0.368}\), the Dual RSA can be broken, where N is an integer with the same bitlength as the modulus of Dual RSA. The point of our work is based on the observation that we can split the private exponent into two much smaller unknown variables and solve a related modular equation on the two unknown variables and other auxiliary variables by making use of lattice based methods. Moreover, we extend this method to analyze the common private exponent RSA scheme, a variant of Dual RSA, and obtain a better bound than previous analyses. While our analyses cannot be proven to work in general, since we rely on some unproven assumptions, our experimental results have shown they work in practice.
next article Direct constructions of large sets of Kirkman triple systems
Appendix
Available only for authorised users
Literature
1.
Boneh D., Durfee G.: Cryptanalysis of RSA with private key d less than N\({}^{\text{0.292 }}\). IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000).
2.
Bosma W., Cannon J.J., Playoust C.: The magma algebra system I: the user language. J. Symb. Comput. 24(3–4), 235–265 (1997).
3.
Coppersmith D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997).
4.
Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Smart N. (ed.) EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965, pp. 31–51. Springer, Heidelberg (2008).
5.
Herrmann M., May A.: Maximizing small root bounds by linearization and applications to small secret exponent RSA. In: Nguyen P.Q., Pointcheval D. (eds.) PKC 2010. Lecture Notes in Computer Science, vol. 6056, pp. 53–69. Springer, Heidelberg (2010)
6.
Hinek M.J.: On the security of some variants of RSA. Ph.D.thesis, University of Waterloo, Waterloo (2007).
7.
Hoffstein J., Pipher J., Silverman J.H.: An Inroduction to Mathematical Cryptography. Springer, Berlin (2008).
8.
Howgrave-Graham N.: Finding small roots of univariate modular equations revisited. In: Darnell M.J. (ed.) Cryptography and Coding 1997. Lecture Notes in Computer Science, vol. 1355, pp. 131–142. Springer, Heidelberg (1997).
9.
Jochemsz E., May A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai X., Chen K. (eds.) ASIACRYPT 2006. Lecture Notes in Computer Science, vol. 4284, pp. 267–282. Springer, Heidelberg (2006).
10.
Joye M.: RSA moduli with a predetermined portion: techniques and applications. In: Chen L., Mu Y., Susilo, W. (eds.) ISPEC 2008. Lecture Notes in Computer Science, vol. 4991, pp. 116–130. Springer, Heidelberg (2008).
11.
Kleinjung T., Aoki K., Franke J., Lenstra A.K., Thomé E., Bos J.W., Gaudry P., Kruppa A., Montgomery P.L., Osvik D.A., te Riele H.J.J., Timofeev A., Zimmermann P.: Factorization of a 768-bit RSA modulus. In: Rabin T. (ed.) CRYPTO 2010. Lecture Notes in Computer Science, vol. 6223, pp. 333–350. Springer, Heidelberg (2010).
12.
Lenstra A.K.: Generating RSA moduli with a predetermined portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. Lecture Notes in Computer Science, vol. 1514, pp. 1–10. Springer, Heidelberg (1998).
13.
Lenstra A.K., de Weger B.M.M.: Twin RSA. In: Dawson E., Vaudenay S. (eds.) Mycrypt 2005. Lecture Notes in Computer Science, vol. 3715, pp. 222–228. Springer, Heidelberg (2005).
14.
Lenstra A.K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).
15.
Lenstra A.K., Tromer E., Shamir A., Kortsmit W., Dodson B., Hughes J.P., Leyland P.C.: Factoring estimates for a 1024-bit RSA modulus. In: Laih C.S. (ed.) ASIACRYPT 2003. Lecture Notes in Computer Science, vol. 2894, pp. 55–74. Springer, Heidelberg (2003).
16.
Nguyen P.Q., Vallée B. (eds.): The LLL Algorithm—Survey and Applications. Series in Information Security and Cryptography. Springer, Heidelberg (2010).
17.
Peng L., Hu L., Xu J., Huang Z., Xie Y.: Further improvement of factoring RSA moduli with implicit hint. In: Pointcheval D., Vergnaud D. (eds.) AFRICACRYPT 2014. Lecture Notes in Computer Science, vol. 8469, pp. 165–177. Springer International Publishing, Switzerland (2014).
18.
Rivest R.L., Shamir A., Adleman L.M.: A method for obtaining digital signatures and public-key cryptosystems (reprint). Commun. ACM 26(1), 96–99 (1983).
19.
Sarkar S., Maitra S.: Cryptanalytic results on ’Dual CRT’ and ’Common Prime’ RSA. Des. Codes Cryptogr. 66(1–3), 157–174 (2013).
20.
Shparlinski I.: On RSA moduli with prescribed bit patterns. Des. Codes Cryptogr. 39(1), 113–122 (2006).
21.
Sun H., Wu M., Ting W., Hinek M.J.: Dual RSA and its security analysis. IEEE Trans. Inf. Theory 53(8), 2922–2933 (2007).
22.
Takagi T.: Fast RSA-type cryptosystem modulo p\({}^{\rm {k}}\)q. In: Krawczyk H. (ed.) CRYPTO 1998. Lecture Notes in Computer Science, vol. 1462, pp. 318–326. Springer, Heidelberg (1998).
23.
Takayasu A., Kunihiro N.: Better lattice constructions for solving multivariate linear equations modulo unknown divisors. IEICE Trans. 97-A(6), 1259–1272 (2014).
24.
Takayasu A., Kunihiro N.: Partial key exposure attacks on RSA: achieving the boneh-durfee bound. In: Joux A., Youssef A.M. (eds.) SAC 2014. Lecture Notes in Computer Science, vol. 8781, pp. 345–362. Springer International Publishing, Switzerland (2014).
25.
Vanstone S.A., Zuccherato R.J.: Short RSA keys and their generation. J. Cryptol. 8(2), 101–114 (1995).
26.
Wiener M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990).
Metadata
Title
Cryptanalysis of Dual RSA
Authors
Liqiang Peng
Lei Hu
Yao Lu
Jun Xu
Zhangjie Huang
Publication date
22-03-2016
Publisher
Springer US
Published in
Designs, Codes and Cryptography / Issue 1/2017
Print ISSN: 0925-1022
Electronic ISSN: 1573-7586
DOI
https://doi.org/10.1007/s10623-016-0196-5

Other articles of this Issue 1/2017

Designs, Codes and Cryptography 1/2017 Go to the issue

OriginalPaper

Asynchronous channel hopping systems from difference sets

OriginalPaper

On MDS convolutional codes over

OriginalPaper

Direct constructions of large sets of Kirkman triple systems

OriginalPaper

Three new classes of optimal frequency-hopping sequence sets

OriginalPaper

Complete weight enumerators of a class of linear codes

OriginalPaper

A case study in almost-perfect security for unconditionally secure communication

Premium Partner

    Image Credits