Short-Exponent RSA

Hung-Min SUN; Cheng-Ta YANG; Mu-En WU

doi:10.1587/transfun.E92.A.912

Short-Exponent RSA

Hung-Min SUN, Cheng-Ta YANG, Mu-En WU

Full Text Views

0

Cite this

Summary :

In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

Publication: IEICE TRANSACTIONS on Fundamentals Vol.E92-A No.3 pp.912-918

Publication Date: 2009/03/01

Publicized

Online ISSN: 1745-1337

DOI: 10.1587/transfun.E92.A.912

Type of Manuscript: PAPER

Category: Cryptography and Information Security

Cite this

Copy

Hung-Min SUN, Cheng-Ta YANG, Mu-En WU, "Short-Exponent RSA" in IEICE TRANSACTIONS on Fundamentals, vol. E92-A, no. 3, pp. 912-918, March 2009, doi: 10.1587/transfun.E92.A.912.
Abstract: In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.912/_p

Copy

@ARTICLE{e92-a_3_912,
author={Hung-Min SUN, Cheng-Ta YANG, Mu-En WU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Short-Exponent RSA},
year={2009},
volume={E92-A},
number={3},
pages={912-918},
abstract={In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.},
keywords={},
doi={10.1587/transfun.E92.A.912},
ISSN={1745-1337},
month={March},}

Copy

TY - JOUR
TI - Short-Exponent RSA
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 912
EP - 918
AU - Hung-Min SUN
AU - Cheng-Ta YANG
AU - Mu-En WU
PY - 2009
DO - 10.1587/transfun.E92.A.912
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2009
AB - In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.
ER -