Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method
  • Home
  • Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method

Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method

Time: 09:00 to  11:00 Ngày 21/06/2017

Venue/Location: C2-714, VIASM

Speaker: Bùi Kim Minh

Content:

It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p − 1 and q − 1. We call such an exponent d a small CRT-exponent. In this talk, we present Coppersmith’s lattice-based method to solve modular equations and obtain improvements from a novel lattice construction by exploiting useful algebraic structures of the CRT-RSA key generation. In addition, we give small d_q attacks on several variants of RSA.