Article

Improved Cryptanalysis of the Multi-Power RSA Cryptosystem Variant

Authors:

Abderrahmane Nitaj,

Maher BoudabraAuthors Info & Claims

Progress in Cryptology - AFRICACRYPT 2023: 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19–21, 2023, Proceedings

Pages 252 - 269

https://doi.org/10.1007/978-3-031-37679-5_11

Published: 19 July 2023 Publication History

Abstract

The multi-power RSA cryptosystem is a variant of RSA where the modulus is in the form

N = p^{r} q^{s}

with

max (r, s) \geq 2

. In the multi-power RSA variant, the decryption phase is much faster than the standard RSA. While RSA has been intensively studied, the security of the multi-power RSA variant needs to be deeply investigated.

In this paper, we consider a multi-power RSA cryptosystem with a modulus

N = p^{r} q^{s}

, and propose a method to solve the modular polynomial equations of the form

F (x) \equiv 0 (mod W p^{u} q^{v})

where F(x) is a polynomial with integer coefficients, W is a positive integer, and u, v are integers satisfying

0 \leq u \leq r

,

0 \leq v \leq s

, and

s u - r v \neq 0

. Our method is based on Coppersmith’s method and lattice reduction techniques.

We show that the new results retrieve or supersede the former results. Moreover, we apply the new method to study various instances of the multi-power RSA cryptosystem, especially when the private exponent is small, when the prime factors have a specific form, and when the least significant or the most significant bits of the private exponent are known.

References

[1]

Alquié, D., Chassé, G., Nitaj, A.: Cryptanalysis of the multi-power RSA cryptosystem variant. In: Beresford, A.R., Patra, A., Bellini, E. (eds.) Cryptology and Network Security. CANS 2022. LNCS, vol. 13641, pp. 245–257. Springer, Cham (2022).

[2]

Blömer J and May A Cramer R A tool kit for finding small roots of bivariate polynomials over the integers Advances in Cryptology – EUROCRYPT 2005 2005 Heidelberg Springer 251-267

[3]

Boneh D Twenty years of attacks on the RSA cryptosystem Not. Amer. Math. Soc. 1999 46 2 203-213

[4]

Boudabra, M., Nitaj, A.: A new generalization of the KMOV cryptosystem. J. Appl. Math. Comput. 57(1-2), 229–245 (2017)

[5]

Boudabra, M., Nitaj, A.: A new public key cryptosystem based on Edwards curves. J. Appl. Math. Comput. 61, 431–450 (2019)

[6]

Coppersmith D Small solutions to polynomial equations, and low exponent RSA vulnerabilities J. Cryptol. 1997 10 4 233-260

[7]

The EPOC and the ESIGN Algorithms. IEEE P1363: Protocols from Other Families of Public-Key Algorithms (1998)

[8]

Hinek, M.: Cryptanalysis of RSA and Its Variants. Chapman & Hall/CRC, Cryptography and Network Security Series, Boca Raton (2009)

[9]

Howgrave-Graham N Darnell M Finding small roots of univariate modular equations revisited Crytography and Coding 1997 Heidelberg Springer 131-142

[10]

Kocher PC Koblitz N Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems Advances in Cryptology — CRYPTO ’96 1996 Heidelberg Springer 104-113

[11]

Koyama K, Maurer UM, Okamoto T, and Vanstone SA Feigenbaum J New public-key schemes based on elliptic curves over the ring

Z_{n}

Advances in Cryptology — CRYPTO ’91 1992 Heidelberg Springer 252-266

[12]

Lenstra AK, Lenstra HW, and Lovász L Factoring polynomials with rational coefficients Math. Ann. 1982 261 513-534

[13]

Lim S, Kim S, Yie I, and Lee H Roy B and Okamoto E A generalized Takagi-cryptosystem with a modulus of the form

p^{r} q^{s}

Progress in Cryptology —INDOCRYPT 2000 2000 Heidelberg Springer 283-294

[14]

Lu Y, Zhang R, Peng L, and Lin D Iwata T and Cheon JH Solving linear equations modulo unknown divisors: revisited Advances in Cryptology – ASIACRYPT 2015 2015 Heidelberg Springer 189-213

[15]

Lu, Y., Peng, L., Sarkar, S.: Cryptanalysis of an RSA variant with moduli

N = p^{r} q^{l}

. J. Math. Cryptol. 11(2), 117–130 (2017)

[16]

May, A.: New RSA Vulnerabilities Using Lattice Reduction Methods, Ph.D. thesis, University of Paderborn (2003). http://www.cits.rub.de/imperia/md/content/may/paper/bp.ps

[17]

May A Bao F, Deng R, and Zhou J Secret exponent attacks on RSA-type schemes with moduli

N = p^{r} q

Public Key Cryptography – PKC 2004 2004 Heidelberg Springer 218-230

[18]

Nitaj, A., Susilo, W., Tonien, J.: A generalized attack on the multi-prime power RSA. In: Batina, L., Daemen, J. (eds.) Progress in Cryptology – AFRICACRYPT 2022. AFRICACRYPT 2022. LNCS, vol. 13503, pp. 537–549. Springer, Cham (2022).

[19]

Okamoto T and Uchiyama S Nyberg K A new public-key cryptosystem as secure as factoring Advances in Cryptology — EUROCRYPT’98 1998 Heidelberg Springer 308-318

[20]

Okamoto, T., Uchiyama, U., Fujisaki, E.: EPOC: efficient probabilistic public-key encryption (1998)

[21]

Rivest R, Shamir A, and Adleman L A Method for obtaining digital signatures and public-key cryptosystems Commun. ACM 1978 21 2 120-126

[22]

Schmidt-Samoa, K.: A new Rabin-type trapdoor permutation equivalent to factoring. Electron. Notes Theor. Comput. Sci. 157(3), 79–94. Elsevier (2006). https://eprint.iacr.org/2005/278.pdf

[23]

Takagi, T.: Fast RSA-type cryptosystem modulo

p^{k} q

. In: Krawczyk, H. (eds.) Advances in Cryptology – CRYPTO ’98. CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Berlin, Heidelberg (1998).

[24]

Wiener M Cryptanalysis of short RSA secret exponents IEEE Trans. Inf. Theory 1990 36 553-558

Recommendations

Cryptanalysis of the Multi-Power RSA Cryptosystem Variant
Cryptology and Network Security
Abstract
We study the Multi-Power variant of the RSA cryptosystem where the modulus is of the form $N = p^{r} q^{s}$ with $gcd (r, s) = 1$ . We present a method to solve the linear equation $a_{1} x_{1} + a_{2} x_{2} \equiv 0 (mod p^{u} q^{v})$ where $u < r$ , $v < s$ , and $a_{1}$ , $a_{2}$ are two integers satisfying $gcd (a_{1} a_{2},...$
Cryptanalysis of a New Variant of the RSA Cryptosystem
Progress in Cryptology - AFRICACRYPT 2024
Abstract
Let $N = p q$ be an RSA modulus which is the product of two balanced prime factors. In 2018, Murru and Saettone presented a variant of the RSA cryptosystem based on a cubic Pell equation in which the public exponent e and the private exponent d satisfy ... $(\frac{(^{}) (^{})}{})$ $(\frac{(^{}) (^{})}{})$ $^{}$ $^{\frac{}{}}$ $^{\frac{}{}}$ $^{}$
A Generalized Attack on the Multi-prime Power RSA
Progress in Cryptology - AFRICACRYPT 2022
Abstract
The Multi-Prime Power RSA is an efficient variant of the RSA cryptosystem with a modulus of the form $N = p^{r} q^{s}$ and $r > s \geq 2$ . It can be used with a public exponent e and a private exponent d satisfying $e \equiv \frac{1}{d} (mod p^{r - 1} q^{s - 1} (p - 1) (q - 1))$ . In 2017, Lu, Peng and ... $^{}^{}$ $^{\frac{}{^{}}}$ $\frac{_{}}{_{}}^{}^{}$ $_{}^{}$ $_{}^{}$ $^{}^{}$ $\frac{}{^{}} \sqrt{} \frac{}{}$

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Progress in Cryptology - AFRICACRYPT 2023: 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19–21, 2023, Proceedings

Jul 2023

517 pages

ISBN:978-3-031-37678-8

DOI:10.1007/978-3-031-37679-5

Editors:
Nadia El Mrabet
EMSE, Saint-Étienne, France
,
Luca De Feo
IBM Research Europe, Rüschlikon, Switzerland
,
Sylvain Duquesne
Université de Rennes 1, Rennes Cedex, France

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 July 2023

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents