## Abstract

We investigate the security of a variant of the RS A public-key cryptosystem called LSBS-RSA, in which the modulus primes share a large number of least-significant bits. We show that low public-exponent LSBS-RSA is inherently resistant to Partial Key Exposure (PKE) attacks in which least-significant bits of the secret exponent are revealed to the attacker, and in particular that the Boneh-Durfee-Frankel PKE attack [5] on low public-exponent RSA is less effective for LSBS-RSA systems than for standard RSA. On the other hand, we show that large public-exponent LSBS-RSA is more vulnerable to such attacks than standard RSA. An application to server-aided RSA signature generation is proposed.

Original language | English |
---|---|

Pages (from-to) | 179-200 |

Number of pages | 22 |

Journal | Applicable Algebra in Engineering, Communications and Computing |

Volume | 15 |

Issue number | 3-4 |

DOIs | |

Publication status | Published - Nov 2004 |

## Keywords

- Boneh-Durfee-Frankel Attack
- Communication Security
- Coppersmith Algorithm
- Cryptanalysis
- Least-Significant Bits
- Partial Key Exposure
- RSA Cryptosystem
- Server-Aided Signature Generation