In this paper we revisit Wiener's method (IEEE-IT 1990) of continued fraction (CF) to find new weaknesses in RSA. We consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. Our motivation is to find out when RSA is insecure given d is O(N δ), where we are mostly interested in the range 0.3 ≤ δ ≤ 0.5. Given ρ (1… (More)
The 32-bit MAC of Grain-128a is a linear combination of the first 64 and then the alternative keystream bits. In this paper we describe a successful differential fault attack on Grain-128a, in which we recover the secret key by observing the correct and faulty MACs of certain chosen messages. The attack works due to certain properties of the Boolean… (More)
Design of secure lightweight stream ciphers is an important area in cryptographic hardware & embedded systems and a very recent design by Armknecht and Mikhalev (FSE 2015) has received serious attention that uses shorter internal state and still claims to resist the time-memory-data-tradeoff (TMDTO) attacks. An instantiation of this design paradigm is the… (More)
The Modular Inversion Hidden Number Problem (MIHNP) was introduced by Boneh, Halevi and Howgrave-Graham in Asiacrypt 2001 (BHH'01). They provided two heuris-tics-in Method I, two-third of the output bits are required to solve the problem, whereas the more efficient heuristic (Method II) requires only one-third of the bits of the output. After more than a… (More)
We consider an RSA variant with Modulus N = p 2 q. This variant is known as Prime Power RSA. In PKC 2004 May proved when decryption exponent d < N 0.22 , one can factor N in polynomial time. In this paper, we improve this bound upto N 0.395. We provide detailed experimental results to justify our claim.
—Sensor networks aim at monitoring their surroundings for event detection and object tracking. But due to failure or death of sensors, false signal can be transmitted. In this paper, we consider the problem of fault detection in wireless sensor network (WSN), in particular, addressing both the noise-related measurement error and sensor fault simultaneously… (More)
We consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. Boneh and Durfee (Eurocrypt 1999, IEEE-IT 2000) used Coppersmith's method (Journal of Cryptology, 1997) to factorize N using e when d < N 0.292 , the theoretical bound. Related works have also been presented by Blömer and May (CaLC 2001). However, the… (More)