Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method
Thời gian: 09:00 đến 11:00 Ngày 21/06/2017
Địa điểm: C2-714, VIASM
Báo cáo viên: Bùi Kim Minh
Tóm tắt:It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p − 1 and q − 1. We call such an exponent d a small CRT-exponent. In this talk, we present Coppersmith’s lattice-based method to solve modular equations and obtain improvements from a novel lattice construction by exploiting useful algebraic structures of the CRT-RSA key generation. In addition, we give small d_q attacks on several variants of RSA.