Abstract
We investigate the security of a variant of the RS A public-key cryptosystem called LSBS-RSA, in which the modulus primes share a large number of least-significant bits. We show that low public-exponent LSBS-RSA is inherently resistant to Partial Key Exposure (PKE) attacks in which least-significant bits of the secret exponent are revealed to the attacker, and in particular that the Boneh-Durfee-Frankel PKE attack [5] on low public-exponent RSA is less effective for LSBS-RSA systems than for standard RSA. On the other hand, we show that large public-exponent LSBS-RSA is more vulnerable to such attacks than standard RSA. An application to server-aided RSA signature generation is proposed.
Original language | English |
---|---|
Pages (from-to) | 179-200 |
Number of pages | 22 |
Journal | Applicable Algebra in Engineering, Communications and Computing |
Volume | 15 |
Issue number | 3-4 |
DOIs | |
Publication status | Published - Nov 2004 |
Keywords
- Boneh-Durfee-Frankel Attack
- Communication Security
- Coppersmith Algorithm
- Cryptanalysis
- Least-Significant Bits
- Partial Key Exposure
- RSA Cryptosystem
- Server-Aided Signature Generation