Concurrent factorization of RSA moduli via weak key equations
The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem’s difficulty, which is computationally infeasible with large security para...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
American Institute of Mathematical Sciences
2024
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/114924/1/114924.pdf http://psasir.upm.edu.my/id/eprint/114924/ http://www.aimspress.com/article/doi/10.3934/math.20241368 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem’s difficulty, which is computationally infeasible with large security parameters. However, this study revealed scenarios where an attacker can concurrently factorize multiple RSA moduli Ni = piqi under specific conditions. The attack is feasible when the attacker possesses a set of RSA key pairs with certain flaws, allowing each Ni to be factored in polynomial time. We identified vulnerabilities in RSA keys that satisfy particular equations by applying Diophantine approximation and Coppersmith’s lattice-based technique. For instance, the study demonstrates that if RSA public exponents ei and moduli Ni adhere to eir − (Ni − pi − qi + ui)si = ti, where r, si, ui, and ti are small integers, then all Ni can be factorized simultaneously. Additionally, another vulnerability arises when RSA parameters satisfy eiri − s(Ni − pi − qi + ui) = ti, enabling concurrent factorization with small integers s, ri, ui, and ti. This research expands the understanding of RSA security by identifying specific conditions under which RSA public-key pairs can be compromised. These findings are relevant to the broader field of cryptography and the ongoing efforts to secure communication systems against sophisticated adversaries. |
|---|