4 research outputs found
On the Efficiency of Fast RSA Variants in Modern Mobile Phones
Modern mobile phones are increasingly being used for more services that
require modern security mechanisms such as the public key cryptosystem RSA. It
is, however, well known that public key cryptography demands considerable
computing resources and that RSA encryption is much faster than RSA decryption.
It is consequently an interesting question if RSA as a whole can be executed
efficiently on modern mobile phones. In this paper, we explore the efficiency
on modern mobile phones of variants of the RSA cryptosystem, covering CRT,
MultiPrime RSA, MultiPower RSA, Rebalanced RSA and R Prime RSA by comparing the
encryption and decryption time using a simple Java implementation and a typical
RSA setup.Comment: 5 pages IEEE format, International Journal of Computer Science and
Information Security, IJCSIS December 2009, ISSN 1947 5500,
http://sites.google.com/site/ijcsis
On the Security of Some Variants of RSA
The RSA cryptosystem, named after its inventors, Rivest, Shamir and Adleman, is the most widely known and widely used public-key cryptosystem in the world today. Compared to other public-key cryptosystems, such as
elliptic curve cryptography, RSA requires longer keylengths and is computationally more expensive. In order to address these shortcomings, many variants of RSA have been proposed over the years. While the security
of RSA has been well studied since it was proposed in 1977, many of these variants have not. In this thesis, we investigate the security of five of these variants of RSA. In particular, we provide detailed analyses of the best known algebraic attacks (including some new attacks) on instances of
RSA with certain special private exponents, multiple instances of RSA sharing a common small private exponent, Multi-prime RSA, Common Prime RSA and Dual RSA
Small CRT-Exponent RSA Revisited
Since May (Crypto\u2702) revealed the vulnerability of the small CRT-exponent RSA using Coppersmith\u27s lattice-based method, several papers have studied the problem and two major improvements have been made. (1) Bleichenbacher and May (PKC\u2706) proposed an attack for small when the prime factor is significantly smaller than the other prime factor ; the attack works for . (2) Jochemsz and May (Crypto\u2707) proposed an attack for small and when the prime factors and are balanced; the attack works for . Even a decade has passed since their proposals, the above two attacks are still considered as the state-of-the-art, and no improvements have been made thus far.
A novel technique seems to be required for further improvements since it seems that the attacks have been studied with all the applicable techniques for Coppersmith\u27s methods proposed by Durfee-Nguyen (Asiacrypt\u2700), Jochemsz-May (Asiacrypt\u2706), and Herrmann-May (Asiacrypt\u2709, PKC\u2710). In this paper, we propose two improved attacks on the small CRT-exponent RSA: a small attack for (an improvement of Bleichenbacher-May\u27s) and a small and attack for (an improvement of Jochemsz-May\u27s).
The latter result is also an improvement of our result in the proceeding version (Eurocrypt \u2717); . We use Coppersmith\u27s lattice-based method to solve modular equations and obtain the improvements from a novel lattice construction by exploiting useful algebraic structures of the CRT-RSA key generation equation. We explicitly show proofs of our attacks and verify the validities by computer experiments. In addition to the two main attacks, we also propose small attacks on several variants of RSA