ZHOU Yi,SHEN Hai-bin,FAN Jun-feng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2006.06.015

2006-01-01

Abstract:RSA is a time-consumed algorithm and is always implemented by using Montgomery multiplication algorithm.The paper develops a two-stage Montgomery multiplication algorithm and presents a high speed scalable hardware implementation based on the algorithm described for the RSA computation.High-radix,2~(64) is used in the algorithm.Compared with other Montgomery multiplication algorithm,the performance of RSA algorithm is highly improved.In hardware area,based on three pipelined 64×64 bit multiplier,five pipelined process unit is designed.Its architecture gives enough freedom to select the operand length to be used.It can implement multi RSA operation such as 1 024 bit,2 048 bit.In the 1 024 bit condition,its encrypt speed can reach 8 800 times per second.The system simulation and tapeout is based on SIMC0.18 technology.

Hung-Min Sun,Mu-En Wu,Wei-Chi Ting,M. Jason Hinek

DOI: https://doi.org/10.1109/tit.2007.901248

IF: 2.5

2007-01-01

IEEE Transactions on Information Theory

Abstract:We present new variants of an RSA whose key generation algorithms output two distinct RSA key pairs having the same public and private exponents. This family of variants, called dual RSA, can be used in scenarios that require two instances of RSA with the advantage of reducing the storage requirements for the keys. Two applications for dual RSA, blind signatures and authentication/secrecy, are proposed. In addition, we also provide the security analysis of dual RSA. Compared to normal RSA, the security boundary should be raised when applying dual RSA to the types of small-d, small-e, and rebalanced-RSA.

Shixiong Wang,Minghao Sun

DOI: https://doi.org/10.3390/math12213411

IF: 2.4

2024-11-01

Mathematics

Abstract:Prime Power RSA is a variant of the RSA scheme due to Takagi with modulus N=prq for r⩾2, where p,q are of the same bit-size. In this paper, we concentrate on one type of Prime Power RSA which assumes e·d≡1modpr−1(p−1)(q−1). Two new attacks on this type of Prime Power RSA are presented when given two pairs of public and private exponents, namely, (e1,d1) and (e2,d2) with the same modulus N. Suppose that d1<Nβ1,d2<Nβ2. In 2015, Zheng and Hu showed that when β1β2<(r−1)3/(r+1)3, N may be factored in probabilistic polynomial time. The first attack of this paper shows that one can obtain the factorization of N in probabilistic polynomial time, provided that β1β2<r/(r+1)3. Later, in the second attack, we improve both the first attack and the attack of Zheng and Hu, and show that the condition β1β2<r(r−1)2/(r+1)3 already suffices to break the Prime Power RSA. By introducing multiple parameters, our lattice constructions take full advantage of known information, and obtain the best known attack. Specifically, we make full use of the information that pr is a divisor of N, while the attack of Zheng and Hu only assumes that pr−1 is a divisor of N. As a consequence, this method implies a better lattice construction, and thus improves the previous attack. The experiments which reach a better upper bound than before also verify it. Our approaches are based on Coppersmith's method for finding small roots of bivariate modular polynomial equations.

mathematics

Wan Nur Aqlili Ruzai,Muhammad Rezal Kamel Ariffin,Muhammad Asyraf Asbullah,Amir Hamzah Abd Ghafar

DOI: https://doi.org/10.1016/j.jksuci.2024.102074

IF: 9.006

2024-05-25

Journal of King Saud University - Computer and Information Sciences

Abstract:RSA stands as a widely adopted method within asymmetric cryptography, commonly applied for digital signature validation and message encryption. The security of RSA relies on the challenge of integer factorization, a problem considered either computationally infeasible or highly intricate, especially when dealing with sufficiently large security parameters. Effective exploits of the integer factorization problem in RSA can allow an adversary to assume the identity of the key holder and decrypt such confidential messages. The keys employed in secure hardware are particularly significant due to the typically greater value of the information they safeguard, such as in the context of securing payment transactions. In general, RSA faces various attacks exploiting weaknesses in its key equations. This paper introduces a new vulnerability that enables the concurrent factorization of multiple RSA moduli. By working with pairs (Ni,ei) and a fixed value y satisfying the Diophantine equation eixi2−y2φ(Ni)=zi , we successfully factorized these moduli simultaneously using the lattice basis reduction technique. Notably, our research expands the scope of RSA decryption exponents considered as insecure.

computer science, information systems

Majid Mumtaz,Ping Luo

DOI: https://doi.org/10.1109/icccs52626.2021.9449268

2021-01-01

Abstract:RSA public key cryptosystem is the “de-facto” standard, provides confidentiality and privacy security services over the internet. At Eurocrypt 1999, Boneh and Durfee proposed a polynomial time attacks on RSA small decryption key exponent. Their attacks worked by exploiting the lattice and sub lattice structure using lattice based Coppersmith's method to solve a modular polynomials, when d <; N 0.284 and d <; N 0.292 respectively. In this work, we propose a new attack on some special case of Boneh and Durfee's attack method with respect to large decryption exponent (i.e. d = N > e = N α , where α and ε are the encryption and decryption exponents respectively) for some α ≤ ε. The condition d > φ(N) - N ε satisfies our devised attack and the experimental outcome certifies that an RSA cryptosystem with large decryption exponent successfully revealed the weak keys through lattice basis reduction method.

L. Sreenivasulu Reddy

DOI: https://doi.org/10.1080/09720529.2020.1734292

2020-05-07

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:The RSA public key cryptographic strength (either security of encryption and decryption schemes or efficiency of algorithms) depends upon the complexity in factorizing the largest integer into odd primes. For every chosen integer, the RSA's strength varies. RSA key generation space is the group of non-negative integers relatively prime to ϕ(n) and encryption, decryption spaces are both equal to the group of integers relatively prime to n. Operational time and data storage are two of its efficiency aspects. To reduce the operational time along with reduction data storage is a difficult task in RSA public key cryptography. In addition that the Security of RSA public key cryptography for an adversary with polynomial bounds computations is another biggest task. In this paper, we are going to propose a new kind of public key cryptographic system, nearly four times more efficient in data storage and operational time to that of RSA and probably one fourth of security complexity of RSA. This new crypto system is possible only based on one of the strong pseudo prime test :Rabin-Miller test. So, name it as RM-RSA. In this way,we are going to compare the efficiency of that RM-RSA and previously our proposed S-RSA in "Solovay-Strassen test in a RSA Pubic key Cryptosystem".

Santosh Kumar RPrakash KlncKrishna SrmDr. R. Santosh Kumar is an Associate Professor in the Department of Computer Science and Engineering at the Vasavi College of Engineering. His research interests are Cryptology,Machine Learning,and data science. He published nearly 15 articles in various International Journals. He is a member of IEI,CRSI,and IAENG. He has guided more than 20 undergraduate projects.Dr. KLNC Prakash received his Ph.D. from JNTU Hyderabad in 2020. His areas of interest are data mining,Machine learning and Neural Networks. He has published more than 15 international journals in the area of data mining and machine learning. He has guided more than 20 undergraduate projects.Dr. Sureddi R.M. Krishna received his Ph.D. from JNTU Hyderabad in 2017. His areas of interest include Network Security and Routing in Manet system. He has published in 20 international and 5 national level conferences. He has guided more than 14 undergraduate 10 post-graduate projects. He is an IEEE professional member,and a CSI and IFERP member. He is a Cisco Networking Instructor for various courses like CCNA,Python,Cyber Ops,etc.

DOI: https://doi.org/10.1080/01611194.2023.2271463

2024-01-06

Cryptologia

Abstract:Multi-prime RSA (MPRSA) is an extended version of RSA in which the modulus is the product of three or more distinct prime numbers. As with the RSA, this variant is also scrutinized for vulnerabilities. The main goal of the attacks on MPRSA is to test the strength of MPRSA compared to that of RSA to determine whether MPRSA can be used in place of RSA. We apply two famous attacks on RSA to MPRSA by constructing lattices using the Jochemsz and May approach. In comparison to RSA, MPRSA is less vulnerable to both attacks.

mathematics, applied,computer science, theory & methods,history & philosophy of science

M. Anwar,Mustafa Ismail,H.M. Bahig

2024-03-10

Abstract:In this paper, we present attacks on three types of RSA modulus when the least significant bits of the prime factors of RSA modulus satisfy some conditions. Let $p,$ and $q$ be primes of the form $p=a^{m_1}+r_p$ and $q=b^{m_2}+r_q$ respectively, where $a,b,m_{1},m_{2} \in \mathbb{Z^+}$ $r_p,$ and $ r_q$ are known. The first attack is when the RSA modulus is $N=pq$ where $m_1$ or $m_2$ is an even number. If $\left(r_{p}r_{q}\right)^\frac{1}{2}$ is sufficiently small, then $N$ can be factored in polynomial time. The second attack is when $N=p^{s}q,$ where $q>p$ and $s$ divides $m_2.$ If $r_pr_q$ is sufficiently small, then $N$ can be factored in polynomial time. The third attack is when $N=p^{s+l}q^{s},$ where $p>q,$ $s,l \in \mathbb{Z^+},$ $l < \frac{s}{2}$ and $s$ divides $m_1l.$ If $a^{m_1}>qa^{\frac{m_1l}{s}},$ and $lr^3_p$ is sufficiently small, then $N$ can be factored in polynomial time.

Number Theory

Majid Mumtaz,Ping Luo

DOI: https://doi.org/10.1504/ijics.2021.113168

2021-01-01

International Journal of Information and Computer Security

Abstract:In this study, we revisit the RSA public key cryptosystem in some special case of Boneh and Durfee's attack when the private key d assumes to be larger than the public key e . The attack in this study is the variation of an approach adopted by Luo et al. (2009) based on large decryption exponent. They had chosen a large private key ( d > e ) and found the weak keys in some specific range between N 0.258 ≤ e ≤ N 0.857 . We highlight the shortcomings and new improvements in our study with more refined bound analysis up to the range between N 0.104 ≤ e ≤ N 0.923 . Our experimental results revealed more refined bounds using lattice-based Coppersmith's method. In our experimental yield, we find the small roots of the devised polynomial, which helps to factorise the RSA modulus of size up to 1,024-bits. We also measure the probability of a specific range of weak keys, which further certify our results about weak keys in an RSA constrained secret key environment.

Akashdeep Bhardwaj,GVB Subrahmanyam,Vinay Avasthi,Hanumat Sastry

DOI: https://doi.org/10.48550/arXiv.1512.02006

2016-03-24

Abstract:In symmetric key cryptography the sender as well as the receiver possess a common key. Asymmetric key cryptography involves generation of two distinct keys which are used for encryption and decryption correspondingly. The sender converts the original message to cipher text using the public key while the receiver can decipher this using his private key. This is also called Public Key Cryptography. For every public key there can exist only one private key that can decipher the encrypted text. Security of RSA Algorithm can be compromised using mathematical attack, by guessing the factors of a large number. It may also be compromised if one can guess the private key. In accordance with the mathematical attack, we propose a secure algorithm in this paper. In this algorithm, we try to eliminate the distribution of n which is the large number whose factors if found compromises the RSA algorithm. We also present a comparative analysis of the proposed algorithm with the RSA algorithm.

Cryptography and Security

Mahadee Al Mobin,Md Kamrujjaman

2024-06-25

Abstract:Prime factorization has been a buzzing topic in the field of number theory since time unknown. However, in recent years, alternative avenues to tackle this problem are being explored by researchers because of its direct application in the arena of cryptography. One of such applications is the cryptanalysis of RSA numbers, which requires prime factorization of large semiprimes. Based on numerical experiments, this paper proposes a conjecture on the distribution of digits on prime of infinite length. This paper infuses the theoretical understanding of primes to optimize the search space of prime factors by shrinking it upto 98.15%, which, in terms of application, has shown 26.50% increase in the success rate and 41.91% decrease of the maximum number of generations required by the genetic algorithm used traditionally in the literature. This paper also introduces a variation of the genetic algorithm named Sieve Method that is fine-tuned for factorization of big semi-primes, which was able to factor numbers up to 23 decimal digits with 84% success rate. Our findings shows that sieve methods on average has achieved 321.89% increase in success rate and 64.06% decrement in the maximum number of generations required for the algorithm to converge compared to the existing literatures.

General Mathematics

Ping Luo,HaiJian Zhou,DaoShun Wang,YiQi Dai

DOI: https://doi.org/10.1007/s11432-009-0014-z

2009-01-01

Abstract:In this paper, we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e . When N 0.258 ⩽ e ⩽ N 0.854 , d > e and satisfies the given conditions, we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee’s researches on low private key RSA, and provides a new solution to finding weak keys in RSA cryptosystems.

Hung-Min Sun,Cheng-Ta Yang,Mu-En Wu

DOI: https://doi.org/10.1587/transfun.e92.a.912

2009-01-01

Abstract:In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However. in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order Of magnitude as phi(N). Sun et al. devised three RSA variants Using unbalanced prime factors p and q to lower the computational cost. Unfortunately. Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances With Unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the Security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, We provide the security analysis and feasibility analysis of the proposed schemes.

Hung-Min Sun,Mu-En Wu,Cheng-Ta Yang

DOI: https://doi.org/10.1587/transfun.e92.a.2326

2009-01-01

Abstract:This investigation proposes two methods for embedding backdoors in the RSA modulus N = pq rather than in the public exponent e. This strategy not only permits manufacturers to embed backdoors in an RSA system, but also allows users to choose any desired public exponent, such as e = 2(16) + 1, to ensure efficient encryption. This work utilizes lattice attack and exhaustive attack to embed backdoors in two proposed methods, called RSA(SBLT) and RSA(SBES), respectively. Both approaches involve straightforward steps, making their running time roughly the same as that of normal RSA key-generation time, implying that no one can detect the backdoor by observing time imparity.

Hung-Min Sun,Cheng-Ta Yang

DOI: https://doi.org/10.1007/978-3-540-30580-4_14

2005-01-01

Abstract:In typical RSA, it is impossible to create a key pair (e,d) such that both are simultaneously much shorter than φ (N). This is because if d is selected first, then e will be of the same order of magnitude as φ (N), and vice versa. At Asiacrypt'99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N0.25 and N0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bit-length $\frac{1}{2}\log _{2}N+56$. The third RSA variant is constructed by such a method that allows a trade-off between the lengths of d and e. Unfortunately, at Asiacrypt'2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a trade-off between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolen-secret attack is presented.

Sapna Saxena,Bhanu Kapoor

DOI: https://doi.org/10.48550/arXiv.1503.03593

2015-03-12

Abstract:RSA is one of the most popular Public Key Cryptography based algorithm mainly used for digital signatures, encryption/decryption etc. It is based on the mathematical scheme of factorization of very large integers which is a compute-intensive process and takes very long time as well as power to perform. Several scientists are working throughout the world to increase the speedup and to decrease the power consumption of RSA algorithm while keeping the security of the algorithm intact. One popular technique which can be used to enhance the performance of RSA is parallel programming. In this paper we are presenting the survey of various parallel implementations of RSA algorithm involving variety of hardware and software implementations.

Cryptography and Security

Sonam Mahajan,Maninder Singh

DOI: https://doi.org/10.48550/arXiv.1407.1465

2014-07-06

Abstract:Modern-day computer security relies heavily on cryptography as a means to protect the data that we have become increasingly reliant on. The main research in computer security domain is how to enhance the speed of RSA algorithm. The computing capability of Graphic Processing Unit as a co-processor of the CPU can leverage massive-parallelism. This paper presents a novel algorithm for calculating modulo value that can process large power of numbers which otherwise are not supported by built-in data types. First the traditional algorithm is studied. Secondly, the parallelized RSA algorithm is designed using CUDA framework. Thirdly, the designed algorithm is realized for small prime numbers and large prime number . As a result the main fundamental problem of RSA algorithm such as speed and use of poor or small prime numbers that has led to significant security holes, despite the RSA algorithm's mathematical soundness can be alleviated by this algorithm.

Cryptography and Security

Ahmad Steef,M. N. Shamma,A. Alkhatib

DOI: https://doi.org/10.48550/arXiv.1707.04892

2017-07-16

Abstract:This paper presents a new probabilistic approach to embedding message text on an elliptic curve, by using the concept of the RSA Algorithm and its security, and such approach allows us discovering the message from the point, only according to the security of the RSA Algorithm. By mixing between the concept of this approach and the concept of EC-ELGamal Cryptographic System, we have built a cryptographic System and we named it 'EC-RSA-ELGamal'

Cryptography and Security

Hung-Min Sun,Mu-En Wu,Ron Steinfeld,Jian Guo,Huaxiong Wang

DOI: https://doi.org/10.1007/978-3-540-89641-8_4

2008-01-01

Abstract:LSBS-RSA denotes an RSA system with modulus primes, p and q , sharing a large number of least significant bits. In ISC 2007 , Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we further raise the security boundary of the Zhao-Qi attack by considering another polynomial. Our improvemet supports the result of analogue Fermat factoring on LSBS-RSA, which claims that p and q cannot share more than $\frac{n}{4}$ least significant bits, where n is the bit-length of pq . In conclusion, it is a trade-off between the number of sharing bits and the security level in LSBS-RSA. One should be more careful when using LSBS-RSA with short exponents.

Chunfu Zhang,Yanchun Liang,Adriano Tavares,Lidong Wang,Tiago Gomes,Sandro Pinto

DOI: https://doi.org/10.3390/sym16030263

2024-02-22

Symmetry

Abstract:Due to its very desirable properties, Chebyshev polynomials are often used in the design of public key cryptographic systems. This paper discretizes the Chebyshev mapping, generalizes the properties of Chebyshev polynomials, and proposes an improved public key encryption algorithm based on Chebyshev chaotic mapping and RSA, i.e., CRPKC−Ki. This algorithm introduces alternative multiplication coefficients Ki, the selection of which is determined by the size of TrTdxmodN=TdTrxmodN, and the specific value selection rules are shared secrets among participants, overcoming the shortcomings of previous schemes. In the key generation and encryption/decryption stages, more complex intermediate processes are used to achieve higher algorithm complexity, making the algorithm more robust against ordinary attacks. The algorithm is also compared with other RSA-based algorithms to demonstrate its effectiveness in terms of performance and security.

multidisciplinary sciences