In this work, we consider the problem of key cloning in attribute-based encryption schemes. We introduce a new type of attribute-based encryption scheme, called token-based attribute-based encryption, that provides strong deterrence for key cloning, in the sense that delegation of keys reveals some personal information about the user. We formalize the… (More)
In this work, we give a partial overview of lattice attacks in cryptography. While different kinds of attacks are considered, the emphasis of this work is given to attacks that are based on Coppersmith's results for solving low degree multivariate modular equations and bivariate integer equations.
We give a bound on the Euclidean norm of factors of multivariate polynomials. The result is a simple extension of the bivariate case given by Coron, which is an extension of the univariate case given by Mignotte. We use the result to correct a proof by Ernst et al., regarding computing small integer solutions of certain trivariate poly-nomials.
We present new variants of an RSA whose key generation algorithms output two distinct RSA key pairs having the same public and private exponents. This family of variants, called dual RSA, can be used in scenarios that require two instances of RSA with the advantage of reducing the storage requirements for the keys. Two applications for dual RSA, blind… (More)
In 1982, Quisquater & Couvreur proposed a variant of RSA based on the Chinese Remainder Theorem, called RSA-CRT, to speed up RSA decryption. In 1990, Wiener suggested another variant, called Rebalanced RSA-CRT, which further speeds up RSA decryption by shifting decryption costs to encryption costs. However, this approach essentially maximizes the encryption… (More)
In this work we consider a variant of RSA whose public and private exponents can be chosen significantly smaller than in typical RSA. In particular, we show that it is possible to have private exponents smaller than N 1/4 which are resistant to all known small private exponent attacks. This allows for instances of RSA with short CRT-exponents and short… (More)
In this work we collect the strongest known algebraic attacks on multi-prime RSA. These include factoring, small private exponent, small CRT exponent and partial key exposure attacks. Five of the attacks are new. A new variant of partial key exposure attacks is also introduced which applies only to multi-prime RSA with more than two primes.
In this work we reexamine two common modulus attacks on RSA. First, we show that Guo's continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a common modulus N and private exponents each smaller than N 0.33 the attack can factor the modulus about 93% of the time in practice. The success rate of… (More)
At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomial-time partial key exposure attacks against RSA with public exponent e > N 1/2. Attacks for known most significant bits and known least significant bits were presented. In this work, we extend their attacks to multi-prime RSA. For… (More)