Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method
  • Trang chủ
  • Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method

Better attacks on RSA with small CRT-exponents using Coppersmith’s lattice-based method

Thời gian: 09:00 đến 11:00 Ngày 21/06/2017

Địa điểm: C2-714, VIASM

Báo cáo viên: Bùi Kim Minh

Tóm tắt:

It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p − 1 and q − 1. We call such an exponent d a small CRT-exponent. In this talk, we present Coppersmith’s lattice-based method to solve modular equations and obtain improvements from a novel lattice construction by exploiting useful algebraic structures of the CRT-RSA key generation. In addition, we give small d_q attacks on several variants of RSA.