Abstract
In typical RSA, it is impossible to create a key pair (e,d) such that both are simultaneously much shorter than φ (N). This is because if d is selected first, then e will be of the same order of magnitude as φ (N), and vice versa. At Asiacrypt’99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N 0.25 and N 0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bit-length \(\frac{1}{2}\log _{2}N+56\). The third RSA variant is constructed by such a method that allows a trade-off between the lengths of d and e. Unfortunately, at Asiacrypt’2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a trade-off between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolen-secret attack is presented.
Chapter PDF
Similar content being viewed by others
References
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)
Cavallar, S., Dodson, B., Lenstra, A.K., Lioen, W., Montgomery, P.L., Murphy, B., te Riele, H., Aardal, K., Gilchrist, J., Guillerm, G., Leyland, P., Marchand, J., Morain, F., Muffett, A., Putnam, C., Putnam, C., Zimmermann, P.: Factorization of 512-bit RSA key using the number field sieve. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1–18. Springer, Heidelberg (2000)
Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)
Durfee, G., Nguyên, P.Q.: Cryptanalysis of the RSA schemes with short secret exponent from asiacrypt ’99. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 14–29. Springer, Heidelberg (2000)
Herstein, I.N.: Topics in Algebra. Xerox Corporation (1975)
Hong, H.S., Lee, H.K., Lee, H.S., Lee, H.J.: The better bound of private key in RSA with unbalanced primes. Applied Mathematics and Computation 139, 351–362 (2003)
Joye, M., Quisquater, J.J., Yen, S.M., Yung, M.: Security paradoxes: how improving a cryptosystem may weaken it. In: Proceedings of the Ninth National Conference on Information Security, pp. 27–32 (1999)
Lenstra, A., Lenstra, H., Lovasz, L.: Factoring polynomial with rational coefficients. Mathematiche Annalen 261, 515–534 (1982)
Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annuals of Mathematics 126, 649–673 (1987)
Pinch, R.: Extending the Wiener attack to RSA-type cryptosystems. Electronics Letters 31, 1736–1738 (1995)
Pollard, J.: Theorems of factorization and primality testing. Proc. Cambridge Philos. Soc. 76, 521–528 (1974)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21, 120–126 (1987)
Rivest, R., Silverman, R.D.: Are strong primes needed for RSA? The 1997 RSA Laboratories Seminar series, Seminar Proceedings (1997)
Sakai, R., Morii, M., Kasahara, M.: New key generation algorithm for RSA cryptosystem. IEICE Transactions on Fundamentals E77-A, 89–97 (1994)
Sun, H.-M., Yang, W.-C., Laih, C.-S.: On the design of RSA with short secret exponent. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 150–164. Springer, Heidelberg (1999)
Sun, H.M., Yang, W.C., Laih, C.S.: On the design of RSA with short secretexponent. Journal of Inforamtion Science and Engineering 18(1), 1–18 (2002)
Verheul, E., van Tilborg, H.: Cryptanalysis of less short RSA secret exponents. Applicable Algebra in Engineering, Communication and Computing 8, 425–435 (1997)
de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering, Communication and Computing 13, 17–28 (2002)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, HM., Yang, CT. (2005). RSA with Balanced Short Exponents and Its Application to Entity Authentication. In: Vaudenay, S. (eds) Public Key Cryptography - PKC 2005. PKC 2005. Lecture Notes in Computer Science, vol 3386. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30580-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-30580-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24454-7
Online ISBN: 978-3-540-30580-4
eBook Packages: Computer ScienceComputer Science (R0)