2009 | OriginalPaper | Buchkapitel
Partial Key Exposure Attack on CRT-RSA
verfasst von : Santanu Sarkar, Subhamoy Maitra
Erschienen in: Applied Cryptography and Network Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Consider CRT-RSA with
N
=
pq
,
q
<
p
< 2
q
, public encryption exponent
e
and private decryption exponents
d
p
,
d
q
. Jochemsz and May (Crypto 2007) presented that CRT-RSA is weak when
d
p
,
d
q
are smaller than
N
0.073
. As a follow-up work of that paper, we study the partial key exposure attack on CRT-RSA when some Most Significant Bits (MSBs) of
d
p
,
d
q
are exposed. Further, better results are obtained when a few MSBs of
p
(or
q
) are available too. We present theoretical results as well as experimental evidences to justify our claim. We also analyze the case when the decryption exponents are of different bit sizes and it is shown that CRT-RSA is more insecure in this case (than the case of
d
p
,
d
q
having the same bit size) considering the total bit size of
d
p
,
d
q
.