• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권9호
• /
• pp.3841-3857
• /
• 2020

RSA is one of the best well-known public key cryptosystems. This methodology is widely used at present because there is not any algorithm which can break this system that has all strong parameters within polynomial time. However, it may be easily broken when at least one parameter is weak. In fact, many weak parameters are already found and are solved by some algorithms. Some examples of weak parameters consist of a small private key, a large private key, a small prime factor and a small result of the difference between two prime factors. In this paper, the new weakness of RSA is proposed. Assuming Euler's totient value, Φ (n), can be rewritten as Φ (n) = ad + b, where d is the private key and a, b ∈ ℤ, if a divides both of Φ (n) and b and the new exponent for the decryption equation is a small integer, this condition is assigned as the new weakness for breaking RSA. Firstly, the specific algorithm which is created for this weakness directly is proposed. Secondly, two equations are presented to find a, b and d. In fact, one of two equations must be implemented to find a and b at first. After that, the other equation is chosen to find d. The experimental results show that if this weakness has happened and the new exponent is small, original plaintext, m, will be recovered very fast. Furthermore, number of steps to recover d are very small when a is large. However, if a is too large, d may not be recovered because m which must be always written as m = h^a is higher than modulus.

• 한국컴퓨터정보학회논문지
• /
• 제20권8호
• /
• pp.29-33
• /
• 2015

This paper proposes a discrete logarithm algorithm that remarkably reduces the execution time of Pollard's Rho algorithm. Pollard's Rho algorithm computes congruence or collision of ${\alpha}^a{\beta}^b{\equiv}{\alpha}^A{\beta}^B$ (modp) from the initial value a = b = 0, only to derive ${\gamma}$ from $(a+b{\gamma})=(A+B{\gamma})$, ${\gamma}(B-b)=(a-A)$. The basic Pollard's Rho algorithm computes $x_i=(x_{i-1})^2,{\alpha}x_{i-1},{\beta}x_{i-1}$ given ${\alpha}^a{\beta}^b{\equiv}x$(modp), and the general algorithm computes $x_i=(x_{i-1})^2$, $Mx_{i-1}$, $Nx_{i-1}$ for randomly selected $M={\alpha}^m$, $N={\beta}^n$. This paper proposes 4-model Pollard Rho algorithm that seeks ${\beta}_{\gamma}={\alpha}^{\gamma},{\beta}_{\gamma}={\alpha}^{(p-1)/2+{\gamma}}$, and ${\beta}_{{\gamma}^{-1}}={\alpha}^{(p-1)-{\gamma}}$) from $m=n={\lceil}{\sqrt{n}{\rceil}$, (a,b) = (0,0), (1,1). The proposed algorithm has proven to improve the performance of the (0,0)-basic Pollard's Rho algorithm by 71.70%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권6호
• /
• pp.2074-2093
• /
• 2022

RSA is known as one of the best techniques for securing secret information across an unsecured network. The private key which is one of private parameters is the aim for attackers. However, it is exceedingly impossible to derive this value without disclosing all unknown parameters. In fact, many methods to recover the private key were proposed, the performance of each algorithm is acceptable for the different cases. For example, Wiener's attack is extremely efficient when the private key is very small. On the other hand, Fermat's factoring can quickly break RSA when the difference between two large prime factors of the modulus is relatively small. In general, if all private parameters are not disclosed, attackers will be able to confirm that the private key is unquestionably inside the scope [3, n - 2], where n is the modulus. However, this scope has already been reduced by increasing the greatest lower bound to [d_il, n - 2], where d_il ≥ 3. The aim of this paper is to decrease the least upper bound to narrow the scope that the private key will remain within this boundary. After finishing the proposed method, the new scope of the private key can be allocated as [d_il, d_ir], where d_ir ≤ n - 2. In fact, if the private key is extremely close to the new greatest lower bound, it can be retrieved quickly by performing a brute force attack, in which d_ir is decreased until it is equal to the private key. The experimental results indicate that the proposed method is extremely effective when the difference between prime factors is close to each other and one of two following requirement holds: the first condition is that the multiplier of Euler totient function is very close to the public key's small value whereas the second condition is that the public key should be large whenever the multiplier is far enough.

• 한국컴퓨터정보학회논문지
• /
• 제18권8호
• /
• pp.87-93
• /
• 2013

최단 보폭-최장 보폭 알고리즘은 n을 $m={\lceil}\sqrt{n}{\rceil}$개의 원소를 가진 m개의 블록으로 분할하고 첫 번째 블록의 m개에 대해 $a^x$ (mod n) 값을 저장한다. 다음으로 m개의 블록에 대한 mod n을 계산하여 첫 번째 블록의 원소 값을 검색하여 일치하는 블록을 찾는 방법이다. 본 논문에서는 첫 번째로, $a^{{\phi}(n)/2}{\equiv}1(mod\;n)$과 $a^x(mod\;n){\equiv}a^{{\phi}(n)+x}$ (mod n)의 특징을 적용하여 m개의 원소를 가진 ${\lceil}m/2{\rceil}$개의 블록으로 분할하는 방법을 적용하여 최장보폭의 수행횟수를 50% 감소시켰다. 두 번째로, ${\lceil}m/2{\rceil}$개의 최단 보폭을 먼저 수행하여 저장하고, 첫 번째 블록의 m개 원소를 수행하는 최단 보폭을 수행하는 방법으로 최단 보폭-최장 보폭 알고리즘을 역으로 수행하는 방법을 제안하였다. 이 알고리즘은 최단 보폭-최장 보폭 알고리즘의 m개 저장과 검색을 ${\lceil}m/2{\rceil}$개로 50% 감소시키는 특징이 있다.