2009 | OriginalPaper | Chapter
Partial Key Exposure Attack on CRT-RSA
Authors : Santanu Sarkar, Subhamoy Maitra
Published in: Applied Cryptography and Network Security
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Consider CRT-RSA with
N
=
pq
,
q
<
p
< 2
q
, public encryption exponent
e
and private decryption exponents
d
p
,
d
q
. Jochemsz and May (Crypto 2007) presented that CRT-RSA is weak when
d
p
,
d
q
are smaller than
N
0.073
. As a follow-up work of that paper, we study the partial key exposure attack on CRT-RSA when some Most Significant Bits (MSBs) of
d
p
,
d
q
are exposed. Further, better results are obtained when a few MSBs of
p
(or
q
) are available too. We present theoretical results as well as experimental evidences to justify our claim. We also analyze the case when the decryption exponents are of different bit sizes and it is shown that CRT-RSA is more insecure in this case (than the case of
d
p
,
d
q
having the same bit size) considering the total bit size of
d
p
,
d
q
.