An Extension of the Wiener Attack via Estimating the Prime-Factors of RSA Modulus

碩士 === 國立清華大學 === 資訊系統與應用研究所 === 95 === In the RSA system, balanced modulus N denotes a product of two large prime numbers p and q, where q < p < 2q. Since Integer-Factorization is difficult, p and q are simply estimated as sqrt(N). In the Wiener attack, 2*sqrt(N) is adopted to be the estimati...

Full description

Bibliographic Details
Main Authors: Chiuan-Tung Chen, 陳宣同
Other Authors: Hung-Min Sun
Format: Others
Language:en_US
Published: 2007
Online Access:http://ndltd.ncl.edu.tw/handle/55542877738635045942
Description
Summary:碩士 === 國立清華大學 === 資訊系統與應用研究所 === 95 === In the RSA system, balanced modulus N denotes a product of two large prime numbers p and q, where q < p < 2q. Since Integer-Factorization is difficult, p and q are simply estimated as sqrt(N). In the Wiener attack, 2*sqrt(N) is adopted to be the estimation of p + q in order to raise the security boundary of private-exponent d. This work proposes a novel approach, called EPF, to determine the appropriate prime-factors of N. The estimated values are called “EPFs of N”, and are denoted as pE and qE. Thus pE and qE can be adopted to estimate p + q more accurately than by simply adopting 2*sqrt(N). In addition, we show that the Verheul and Tilborg’s extension of the Wiener attack can be considered to be brute-guessing for the MSBs of p + q. Comparing with their work, EPF can extend the Wiener attack to reduce the cost of exhaustive-searching for 2r + 8 bits down to 2r - 2 bits, where r depends on N and the private key d. The security boundary of private-exponent d can be raised 5 bits again over Verheul and Tilborg’s result.