• Title/Summary/Keyword: Prime Power RSA

Search Result 2, Processing Time 0.015 seconds

Key Recovery Algorithm from Randomly-Given Bits of Multi-Prime RSA and Prime Power RSA (비트 일부로부터 Multi-Prime RSA와 Prime Power RSA의 개인키를 복구하는 알고리즘)

  • Baek, Yoo-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.6
    • /
    • pp.1401-1411
    • /
    • 2016

  • The Multi-Prime RSA and the Prime Power RSA are the variants of the RSA cryptosystem, where the Multi-Prime RSA uses the modulus $N=p_1p_2{\cdots}p_r$ for distinct primes $p_1,p_2,{\cdots},p_r$ (r>2) and the Prime Power RSA uses the modulus $N=p^rq$ for two distinct primes p, q and a positive integer r(>1). This paper analyzes the security of these systems by using the technique given by Heninger and Shacham. More specifically, this paper shows that if the $2-2^{1/r}$ random portion of bits of $p_1,p_2,{\cdots},p_r$ is given, then $N=p_1p_2{\cdots}p_r$ can be factorized in the expected polynomial time and if the $2-{\sqrt{2}}$ random fraction of bits of p, q is given, then $N=p^rq$ can be factorized in the expected polynomial time. The analysis is then validated with experimental results for $N=p_1p_2p_3$, $N=p^2q$ and $N=p^3q$.

  • https://doi.org/10.13089/JKIISC.2016.26.6.1401 인용 PDF KSCI

Enhanced Equidistant Chosen Message Power Analysis of RSA-CRT Algorithm (RSA-CRT의 향상된 등간격 선택 평문 전력 분석)

  • Park, Jong-Yeon;Han, Dong-Guk;Yi, Ok-Yeon;Choi, Doo-Ho
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.48 no.2
    • /
    • pp.117-126
    • /
    • 2011

  • RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

  • PDF KSCI