TY - JOUR
T1 - On the uniformity of distribution of the decryption exponent in fixed encryption exponent RSA
AU - Shparlinski, Igor E.
PY - 2004/11/15
Y1 - 2004/11/15
N2 - Let us fix a security parameter n and a sufficiently large encryption exponent e. We show that for a random choice of the RSA modulus m = pq, where p and q are n-bit primes, the decryption exponent d, defined by ed ≡ 1 (mod φ(m)) is uniformly distributed modulo φ(m). It is known, due to recent work of Boneh, Durfee and Frankel, that additional information about some bits of d may turn out to be dramatic for the security of the whole cryptosystem. Our uniformity of distribution result implies that sufficiently long strings of the most and the least significant bits of d, which are vulnerable to such attacks, behave as random binary vectors.
AB - Let us fix a security parameter n and a sufficiently large encryption exponent e. We show that for a random choice of the RSA modulus m = pq, where p and q are n-bit primes, the decryption exponent d, defined by ed ≡ 1 (mod φ(m)) is uniformly distributed modulo φ(m). It is known, due to recent work of Boneh, Durfee and Frankel, that additional information about some bits of d may turn out to be dramatic for the security of the whole cryptosystem. Our uniformity of distribution result implies that sufficiently long strings of the most and the least significant bits of d, which are vulnerable to such attacks, behave as random binary vectors.
UR - http://www.scopus.com/inward/record.url?scp=4744365710&partnerID=8YFLogxK
U2 - 10.1016/j.ipl.2004.07.004
DO - 10.1016/j.ipl.2004.07.004
M3 - Article
AN - SCOPUS:4744365710
SN - 0020-0190
VL - 92
SP - 143
EP - 147
JO - Information Processing Letters
JF - Information Processing Letters
IS - 3
ER -