The Wiener attack on RSA revisited: A quest for the exact bound

The Wiener attack on RSA revisited: A quest for the exact bound

Since Wiener pointed out that the RSA can be broken if the private exponent d is relatively small compared to the modulus N (using the continued fraction technique), it has been a general belief that the Wiener attack works for. On the contrary, in this work, we give an example where the Wiener atta...

Full description

Saved in:
Bibliographic Details
Main Authors: SUSILO, Willy, TONIEN, Joseph, YANG, Guomin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
RSA
Continued fractions
Wiener technique
Small secret exponent
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/7408
https://ink.library.smu.edu.sg/context/sis_research/article/8411/viewcontent/The_Wiener_Attack_on_RSA_Revisited.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Since Wiener pointed out that the RSA can be broken if the private exponent d is relatively small compared to the modulus N (using the continued fraction technique), it has been a general belief that the Wiener attack works for. On the contrary, in this work, we give an example where the Wiener attack fails with, thus, showing that the bound is not accurate as it has been thought of. By using the classical Legendre Theorem on continued fractions, in 1999 Boneh provided the first rigorous proof which showed that the Wiener attack works for. However, the question remains whether is the best bound for the Wiener attack. Additionally, the question whether another rigorous proof for a better bound exists remains an elusive research problem. In this paper, we attempt to answer the aforementioned problems by improving Boneh’s bound after the two decades of research. By a new proof, we show that the Wiener continued fraction technique works for a wider range, namely, for. Our new analysis is supported by an experimental result where it is shown that the Wiener attack can successfully perform the factorization on the RSA modulus N and determine a private key d where.

Similar Items