# Cryptanalysis of short RSA secret exponents

@article{Wiener1990CryptanalysisOS, title={Cryptanalysis of short RSA secret exponents}, author={Michael J. Wiener}, journal={IEEE Trans. Inf. Theory}, year={1990}, volume={36}, pages={553-558} }

A cryptanalytic attack on the use of short RSA secret exponents is described. The attack makes use of an algorithm based on continued fractions that finds the numerator and denominator of a fraction in polynomial time when a close enough estimate of the fraction is known. The public exponent e and the modulus pq can be used to create an estimate of a fraction that involves the secret exponent d. The algorithm based on continued fractions uses this estimate to discover sufficiently short secret…

## Tables from this paper

## 651 Citations

Cryptanalysis of ‘Less Short’ RSA Secret Exponents

- Mathematics, Computer ScienceApplicable Algebra in Engineering, Communication and Computing
- 1997

Here, it is described a general method to compute the CF-convergents of the continued fraction expansion of the same number as in Wiener up to the point where the denominator of the CF -convergent exceeds approximately n1/4.

New Attacks on RSA with Small Secret CRT-Exponents

- Computer Science, MathematicsPublic Key Cryptography
- 2006

The method can be used to attack two fast RSA variants recently proposed by Galbraith, Heneghan, McKee, and by Sun, Wu and also present a second result for balanced RSA primes in the case that the public exponent e is significantly smaller than N.

On the Design of RSA With Short Secret Exponent

- Computer Science, MathematicsJ. Inf. Sci. Eng.
- 2002

It is shown that it is possible to use a short secret exponent which is below these bounds while not compromising with the security of RSA provided that p and q are differing in size and are large enough to combat factoring algorithms.

A variant of Wiener’s attack on RSA

- Computer Science, MathematicsComputing
- 2009

A new variant of Wiener’s attack is proposed, which uses results on Diophantine approximations of the form |α − p/q| < c/q2, and “meet-in-the-middle” variant for testing the candidates (of the form rqm+1 + sqm) for the secret exponent.

A new attack on the RSA cryptosystem based on continued fractions

- Computer Science, Mathematics
- 2017

This paper presents a new improved attack on RSA based on Wiener's technique using continued fractions, which works for values of d of up to 270 bits compared to 255 bits for Wiener.

Extension of de Weger's Attack on RSA with Large Public Keys

- Computer Science, MathematicsSECRYPT
- 2012

The aim of this paper is to investigate for which values of the variables σ and∆ = |p−q|, RSA which uses public keys of the special structure E = e+σφ(N), wheree< φ( N), is insecure against cryptanalysis.

Cryptanalysis of RSA with constrained keys

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2006

It is shown that instances of RSA with even large private exponents can be efficiently broken if there exist positive integers X, Y such that |eY - XF(u)| and Y are suitably small where F is a function of publicly known expression.

Thirty Years of Attacks on the RSA Cryptosystem

- Computer Science, Mathematics
- 2011

A survey on RSA attacks is intended to cover the attacks enabled by the weak private exponent, the weak public exponent,The partial key exposure and the implementation details of RSA respectively.

Divide and capture: An improved cryptanalysis of the encryption standard algorithm RSA

- Computer Science, MathematicsComput. Stand. Interfaces
- 2021

Secret Exponent Attacks on RSA-type Schemes with Moduli N= prq

- Computer Science, MathematicsPublic Key Cryptography
- 2004

The results show that RSA-type schemes that use moduli of the form N=p r q are more susceptible to attacks that leak bits of the secret key than the original RSA scheme.

## References

SHOWING 1-10 OF 10 REFERENCES

A method for obtaining digital signatures and public-key cryptosystems

- Computer Science, MathematicsCACM
- 1978

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.

Fast decipherment algorithm for RSA public-key cryptosystem

- Computer Science, Mathematics
- 1982

A fast algorithm is presented for deciphering cryptograms involved in the public-key cryptosystem proposed by Rivest, Shamir and Adleman, based on the Chinese remainder theorem and on improved modular multiplication algorithms.

A $p+1$ method of factoring

- Mathematics
- 1982

Let N have a prime divisor p such that p + 1 has only small prime divisors. A method is described which will allow for the determination of p, given N. This method is analogous to the p — 1 method of…

The art of computer programming. Vol.2: Seminumerical algorithms

- Computer Science
- 1981

This professional art of computer programming volume 2 seminumerical algorithms 3rd edition that has actually been written by is one of the best seller books in the world and is never late to read.

The Art of Computer Programming

- Engineering, Physics
- 1968

The arrangement of this invention provides a strong vibration free hold-down mechanism while avoiding a large pressure drop to the flow of coolant fluid.

Theorems on factorization and primality testing

- Computer ScienceMathematical Proceedings of the Cambridge Philosophical Society
- 1974

This paper is concerned with the problem of obtaining theoretical estimates for the number of arithmetical operations required to factorize a large integer n or test it for primality and uses a multi-tape Turing machine for this purpose.

On Using RSA with Low Exponent in a Public Key Network

- Mathematics, Computer ScienceCRYPTO
- 1985

The problem of solving systems of equations Pi(x) ? 0 (mod ni) i = 1... k where Pi are polynomials of degree d and the ni are distinct relatively prime numbers is considered and it is shown that x can recover x in polynomial time provided ni ? 2k.

Art of Computer Programming Volume 2 / Seminumerical Algorithms

- Art of Computer Programming Volume 2 / Seminumerical Algorithms
- 1969

At? of Compiiter Programming Vol. Z/Semin~rmc~riccll algorithms

- At? of Compiiter Programming Vol. Z/Semin~rmc~riccll algorithms
- 1969

Art of Computer Programming Volume 2

- Seminumerical Algorithms, Addison Wesley,
- 1969