The search functionality is under construction.

The search functionality is under construction.

In some applications, a short private exponent *d* is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent *d* is selected first, the public exponent *e* should be of the same order of magnitude as φ(*N*). Sun et al. devised three RSA variants using unbalanced prime factors *p* and *q* to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes *p* and *q* are more insecure than the instances with balanced *p* and *q*. This investigation focuses on designing a new RSA variant with balanced *p* and *q*, and short exponents *d* and *e*, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which *p* and *q* are balanced, and a trade-off between the lengths of *d* and *e* is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E92-A No.3 pp.912-918

- Publication Date
- 2009/03/01

- Publicized

- Online ISSN
- 1745-1337

- DOI
- 10.1587/transfun.E92.A.912

- Type of Manuscript
- PAPER

- Category
- Cryptography and Information Security

The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.

Copy

Hung-Min SUN, Cheng-Ta YANG, Mu-En WU, "Short-Exponent RSA" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 3, pp. 912-918, March 2009, doi: 10.1587/transfun.E92.A.912.

Abstract: In some applications, a short private exponent *d* is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent *d* is selected first, the public exponent *e* should be of the same order of magnitude as φ(*N*). Sun et al. devised three RSA variants using unbalanced prime factors *p* and *q* to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes *p* and *q* are more insecure than the instances with balanced *p* and *q*. This investigation focuses on designing a new RSA variant with balanced *p* and *q*, and short exponents *d* and *e*, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which *p* and *q* are balanced, and a trade-off between the lengths of *d* and *e* is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.912/_p

Copy

@ARTICLE{e92-a_3_912,

author={Hung-Min SUN, Cheng-Ta YANG, Mu-En WU, },

journal={IEICE TRANSACTIONS on Fundamentals},

title={Short-Exponent RSA},

year={2009},

volume={E92-A},

number={3},

pages={912-918},

abstract={In some applications, a short private exponent *d* is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent *d* is selected first, the public exponent *e* should be of the same order of magnitude as φ(*N*). Sun et al. devised three RSA variants using unbalanced prime factors *p* and *q* to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes *p* and *q* are more insecure than the instances with balanced *p* and *q*. This investigation focuses on designing a new RSA variant with balanced *p* and *q*, and short exponents *d* and *e*, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which *p* and *q* are balanced, and a trade-off between the lengths of *d* and *e* is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.},

keywords={},

doi={10.1587/transfun.E92.A.912},

ISSN={1745-1337},

month={March},}

Copy

TY - JOUR

TI - Short-Exponent RSA

T2 - IEICE TRANSACTIONS on Fundamentals

SP - 912

EP - 918

AU - Hung-Min SUN

AU - Cheng-Ta YANG

AU - Mu-En WU

PY - 2009

DO - 10.1587/transfun.E92.A.912

JO - IEICE TRANSACTIONS on Fundamentals

SN - 1745-1337

VL - E92-A

IS - 3

JA - IEICE TRANSACTIONS on Fundamentals

Y1 - March 2009

AB - In some applications, a short private exponent *d* is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent *d* is selected first, the public exponent *e* should be of the same order of magnitude as φ(*N*). Sun et al. devised three RSA variants using unbalanced prime factors *p* and *q* to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes *p* and *q* are more insecure than the instances with balanced *p* and *q*. This investigation focuses on designing a new RSA variant with balanced *p* and *q*, and short exponents *d* and *e*, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which *p* and *q* are balanced, and a trade-off between the lengths of *d* and *e* is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

ER -