Generalised Cycling Attacks on RSA and Strong RSA Primes

@inproceedings{Gysin1999GeneralisedCA,
  title={Generalised Cycling Attacks on RSA and Strong RSA Primes},
  author={Marc Gysin and J. Seberry},
  booktitle={ACISP},
  year={1999}
}
Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence x0 = c mod n, xi+1 = xie mod n; i = 0, 1,... until gcd(xi+1 - x0, n) ≠ 1 or i or i > B, B a given boundary. If i ≤ B, there are two cases. Case 1: gcd(xi+1 -x0, n) = n. In this case xi = m and the secret message m can be recovered. Case 2: 1 ≠ gcd(xi+1 - x0; n) ≠ n. In this case, the RSA modulus n can be factorised. If i ≤ B, then Case 2 is much more likely to occur than Case 1. This attack is… Expand
Dual RSA and Its Security Analysis
A Note on Low Order Assumptions in RSA groups
The Million-Key Question - Investigating the Origins of RSA Public Keys
Small Values of the Carmichael Function and Cryptographic Applications
Optimal strong primes
The properties of RSA key generation process in software libraries

References

SHOWING 1-10 OF 20 REFERENCES
Factoring integers with elliptic curves
Some Considerations concerning the Selection of RSA Moduli
  • K. Huber
  • Mathematics, Computer Science
  • EUROCRYPT
  • 1991
A method for obtaining digital signatures and public-key cryptosystems
Some Remarks on Lucas-Based Cryptosystems
Elliptic curve cryptosystems
Minding your p's and q's
...
1
2
...