Journal ArticleDOI
Cryptanalysis of RSA with private key d less than N/sup 0.292/
Dan Boneh,G. Durfee +1 more
Reads0
Chats0
TLDR
This work shows that if the private exponent d used in the RSA (Rivest-Shamir-Adleman (1978) public-key cryptosystem is less than N/sup 0.292/ then the system is insecure.Abstract:
We show that if the private exponent d used in the RSA (Rivest-Shamir-Adleman (1978)) public-key cryptosystem is less than N/sup 0.292/ then the system is insecure. This is the first improvement over an old result of Wiener (1990) showing that when d is less than N/sup 0.25/ the RSA system is insecure. We hope our approach can be used to eventually improve the bound to d less than N/sup 0.5/.read more
Citations
More filters
Book
Modern Cryptography: Theory and Practice
TL;DR: This book explains why "textbook crypto" is only good in an ideal world where data are random and bad guys behave nicely, and reveals the general unfitness of "textbooks crypto" for the real world by demonstrating numerous attacks on such schemes, protocols and systems under various real-world application scenarios.
Book ChapterDOI
Predicting lattice reduction
Nicolas Gama,Phong Q. Nguyen +1 more
TL;DR: The goal of this paper is to provide an assessment of lattice reduction algorithms' behaviour based on extensive experiments performed with the NTL library, and to suggest several conjectures on the worst case and the actual behaviour of lattICE reduction algorithms.
Book ChapterDOI
The Two Faces of Lattices in Cryptology
TL;DR: This talk will try to survey the main examples of the two faces of lattices in cryptology, and find out whether public-key cryptosystems based on the hardness of lattice problems, and lattices play a crucial role in a few security proofs.
Book ChapterDOI
Approximate Integer Common Divisors
TL;DR: As an application of the partial approximate common divisor algorithm, it is shown that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time.
Book ChapterDOI
Floating-Point LLL revisited
Phong Q. Nguên,Damien Stehlé +1 more
TL;DR: The L2 algorithm as mentioned in this paper is a floating-point variant of L3 which can be computed in polynomial time O(d4n (d + log B) log B. This is the first L3 algorithm whose running time grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.
References
More filters
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
Factoring Polynomials with Rational Coefficients
TL;DR: This paper presents a polynomial-time algorithm to solve the following problem: given a non-zeroPolynomial fe Q(X) in one variable with rational coefficients, find the decomposition of f into irreducible factors in Q (X).
Factoring polynomials with rational coeficients
TL;DR: In this paper, a polynomial-time algorithm was proposed to decompose a primitive polynomials into irreducible factors in Z(X) if the greatest common divisor of its coefficients is 1.
Journal ArticleDOI
Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities
TL;DR: It is shown how to find sufficiently small integer solutions to a polynomial in a single variable modulo N, and to a Poole's inequality in two variables over the integers.
Journal ArticleDOI
Cryptanalysis of short RSA secret exponents
TL;DR: A cryptanalytic attack on the use of short RSA secret exponents is described, which poses no threat to the normal case of RSA where the secret exponent is approximately the same size as the modulus.