Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method
Time: 09:00 to 11:00 Ngày 21/06/2017
Venue/Location: C2-714, VIASM
Speaker: Bùi Kim Minh
Content:It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p − 1 and q − 1. We call such an exponent d a small CRT-exponent. In this talk, we present Coppersmith’s lattice-based method to solve modular equations and obtain improvements from a novel lattice construction by exploiting useful algebraic structures of the CRT-RSA key generation. In addition, we give small d_q attacks on several variants of RSA.