Author
Listed:
- Amir Hamzah Abd Ghafar
(Institute for Mathematical Research, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
Department of Mathematics, Faculty of Science, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia)
- Muhammad Rezal Kamel Ariffin
(Institute for Mathematical Research, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
Department of Mathematics, Faculty of Science, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia)
- Sharifah Md Yasin
(Institute for Mathematical Research, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
Department of Computer Science, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia)
- Siti Hasana Sapar
(Institute for Mathematical Research, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
Department of Mathematics, Faculty of Science, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia)
Abstract
The CRT-RSA cryptosystem is the most widely adopted RSA variant in digital applications. It exploits the properties of the Chinese remainder theorem (CRT) to elegantly reduce the size of the private keys. This significantly increases the efficiency of the RSA decryption algorithm. Nevertheless, an attack on RSA may also be applied to this RSA variant. One of the attacks is called partially known private key attack, that relies on the assumption that the adversary has knowledge of partial bits regarding RSA private keys. In this paper, we mount this type of attack on CRT-RSA. By using partial most significant bits (MSBs) of one of the RSA primes, p or q and its corresponding private exponent, d , we obtain an RSA intermediate. The intermediate is derived from p − 1 and RSA public key, e . The analytical and novel reason on the success of our attack is that once the adversary has obtained the parameters: approximation of private exponent d ˜ p , approximation of p , p ˜ and the public exponent e where d ˜ p , p ˜ , e = N α / 2 where 0 < α ≤ 1 / 4 such that | d p − d ˜ p | , | p − p ˜ | < N 1 − α 2 and has determined the largest prime of p − 1 e , it will enable the adversary to factor the RSA modulus N = p q . Although the parameter space to find the prime factor is large, we show that one can adjust its “success appetite” by applying prime-counting function properties. By comparing our method with contemporary partial key attacks on CRT-RSA, upon determining a suitable predetermined “success appetite” value, we found out that our method required fewer bits of the private keys in order to factor N .
Suggested Citation
Amir Hamzah Abd Ghafar & Muhammad Rezal Kamel Ariffin & Sharifah Md Yasin & Siti Hasana Sapar, 2020.
"Partial Key Attack Given MSBs of CRT-RSA Private Keys,"
Mathematics, MDPI, vol. 8(12), pages 1-20, December.
Handle:
RePEc:gam:jmathe:v:8:y:2020:i:12:p:2188-:d:458907
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:8:y:2020:i:12:p:2188-:d:458907. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.