Paper Info
Title
Implicit factorization of unbalanced RSA moduli.
Abstract
Let \(N_{1} = p_{1}q_{1}\) and \(N_{2} = p_{2}q_{2}\) be two RSA moduli, not necessarily of the same bit-size. In 2009, May and Ritzenhofen proposed a method to factor \(N_{1}\) and \(N_{2}\) given the implicit information that \(p_{1}\) and \(p_{2}\) share an amount of least significant bits. In this paper, we propose a generalization of their attack as follows: suppose that some unknown multiples \(a_{1}p_{1}\) and \(a_{2}p_{2}\) of the prime factors \(p_{1}\) and \(p_{2}\) share an amount of their Most Significant Bits (MSBs) or an amount of their Least Significant Bits (LSBs). Using a method based on the continued fraction algorithm, we propose a method that leads to the factorization of \(N_{1}\) and \(N_{2}\). Using simultaneous diophantine approximations and lattice reduction, we extend the method to factor \(k\ge 3\) RSA moduli \(N_{i}=p_{i}q_{i}, i=1,\ldots ,k\) given the implicit information that there exist unknown multiples \(a_{1}p_{1}, \ldots , a_kp_k\) sharing an amount of their MSBs or their LSBs. Also, this paper extends many previous works where similar results were obtained when the \(p_{i}\)’s share their MSBs or their LSBs.
Year
DOI
Venue
2014
10.1007/s12190-014-0806-1
IACR Cryptology ePrint Archive
Keywords
Field
DocType
94A60, 11Y05
Discrete mathematics,Factorization,Moduli,Prime factor,Diophantine equation,Lattice reduction,Mathematics
Journal
Volume
Issue
ISSN
2014
1-2
1865-2085
Citations 
PageRank 
References 
0
0.34
3
Authors
2
Name
Order
Citations
PageRank
Abderrahmane Nitaj17215.00
Muhammad Rezal Kamel Ariffin238.30