• Bulletin of the Korean Mathematical Society
• /
• v.46 no.4
• /
• pp.721-741
• /
• 2009

Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We first study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. The basic lattice based technique is similar to that of Ernst et al. in Eurocrypt 2005. However, our idea of guessing a few MSBs of the secret prime p substantially reduces the requirement of MSBs or LSBs of d for the key exposure attack. Further, we consider the RSA variant proposed by Sun and Yang in PKC 2005 and show that the partial key exposure attack works significantly on this variant.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.135-140
• /
• 2004

In Crypto 2002 May analyzed the relation between the size of two primes and private key in unbalanced RSA with small CRT exponent. Also in Crypto 2003 he showed that if $N^{1}$4/ amount of most significant bits(least significant bits) of $d_{p}$ is exposed in balanced RSA with CRT, N can be factored. To prove this he used Howgrave-Graham's Theorem. In this paper we show that if $N^{1}$4/ amount of $d_{p}$ , p is smaller than q, and bigger than $N^{0.382}$ to avoid May's attack, is exposed in unbalanced RSA with small CRT exponent, it is enough to expose $d_{p}$ . We use Coppersmith's theorem with unbalanced primes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1109-1122
• /
• 2016

Certificateless public key cryptography is a technique that can solve the certificate management problem of a public key cryptosystem and clear the key escrow issue of ID-based cryptography using the public key in user ID. Although the studies were actively in progress, many existing schemes have been designed without taking into account the safety of the secret value with the decryption key exposure attacks. If previous secret values and decryption keys are exposed after replacing public key, a valid private key can be calculated by obtaining the partial private key corresponding to user's ID. In this paper, we propose a new security model which ensures the security against the key exposure attacks and show that several certificateless public key encryption schemes are insecure in the proposed security model. In addition, we design a certificateless public key encryption scheme to be secure in the proposed security model and prove it based on the DBDH(Decisional Bilinear Diffie-Hellman) assumption.