Learn More
In this work, we consider the problem of key cloning in attribute-based encryption schemes. We introduce a new type of attribute-based encryption scheme, called token-based attribute-based encryption, that provides strong deterrence for key cloning, in the sense that delegation of keys reveals some personal information about the user. We formalize the(More)
We present new variants of an RSA whose key generation algorithms output two distinct RSA key pairs having the same public and private exponents. This family of variants, called dual RSA, can be used in scenarios that require two instances of RSA with the advantage of reducing the storage requirements for the keys. Two applications for dual RSA, blind(More)
In this work we consider a variant of RSA whose public and private exponents can be chosen significantly smaller than in typical RSA. In particular, we show that it is possible to have private exponents smaller than N 1/4 which are resistant to all known small private exponent attacks. This allows for instances of RSA with short CRT-exponents and short(More)
In this work we collect the strongest known algebraic attacks on multi-prime RSA. These include factoring, small private exponent, small CRT exponent and partial key exposure attacks. Five of the attacks are new. A new variant of partial key exposure attacks is also introduced which applies only to multi-prime RSA with more than two primes.
In this work we reexamine two common modulus attacks on RSA. First, we show that Guo's continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a common modulus N and private exponents each smaller than N 0.33 the attack can factor the modulus about 93% of the time in practice. The success rate of(More)
At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomial-time partial key exposure attacks against RSA with public exponent e > N 1/2. Attacks for known most significant bits and known least significant bits were presented. In this work, we extend their attacks to multi-prime RSA. For(More)