Research article

Concurrent factorization of RSA moduli via weak key equations

  • Received: 20 July 2024 Revised: 20 August 2024 Accepted: 27 August 2024 Published: 29 September 2024
  • MSC : 94A60, 11T71, 68P25

  • The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem's difficulty, which is computationally infeasible with large security parameters. However, this study revealed scenarios where an attacker can concurrently factorize multiple RSA moduli $ N_i = p_i q_i $ under specific conditions. The attack is feasible when the attacker possesses a set of RSA key pairs with certain flaws, allowing each $ N_i $ to be factored in polynomial time. We identified vulnerabilities in RSA keys that satisfy particular equations by applying Diophantine approximation and Coppersmith's lattice-based technique. For instance, the study demonstrates that if RSA public exponents $ e_i $ and moduli $ N_i $ adhere to $ e_i r - (N_i - p_i - q_i + u_i) s_i = t_i $, where $ r, s_i, u_i $, and $ t_i $ are small integers, then all $ N_i $ can be factorized simultaneously. Additionally, another vulnerability arises when RSA parameters satisfy $ e_i r_i - s(N_i - p_i - q_i + u_i) = t_i $, enabling concurrent factorization with small integers $ s, r_i, u_i $, and $ t_i $. This research expands the understanding of RSA security by identifying specific conditions under which RSA public-key pairs can be compromised. These findings are relevant to the broader field of cryptography and the ongoing efforts to secure communication systems against sophisticated adversaries.

    Citation: Wan Nur Aqlili Ruzai, You Ying, Khairun Nisak Muhammad, Muhammad Asyraf Asbullah, Muhammad Rezal Kamel Ariffin. Concurrent factorization of RSA moduli via weak key equations[J]. AIMS Mathematics, 2024, 9(10): 28211-28231. doi: 10.3934/math.20241368

    Related Papers:

  • The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem's difficulty, which is computationally infeasible with large security parameters. However, this study revealed scenarios where an attacker can concurrently factorize multiple RSA moduli $ N_i = p_i q_i $ under specific conditions. The attack is feasible when the attacker possesses a set of RSA key pairs with certain flaws, allowing each $ N_i $ to be factored in polynomial time. We identified vulnerabilities in RSA keys that satisfy particular equations by applying Diophantine approximation and Coppersmith's lattice-based technique. For instance, the study demonstrates that if RSA public exponents $ e_i $ and moduli $ N_i $ adhere to $ e_i r - (N_i - p_i - q_i + u_i) s_i = t_i $, where $ r, s_i, u_i $, and $ t_i $ are small integers, then all $ N_i $ can be factorized simultaneously. Additionally, another vulnerability arises when RSA parameters satisfy $ e_i r_i - s(N_i - p_i - q_i + u_i) = t_i $, enabling concurrent factorization with small integers $ s, r_i, u_i $, and $ t_i $. This research expands the understanding of RSA security by identifying specific conditions under which RSA public-key pairs can be compromised. These findings are relevant to the broader field of cryptography and the ongoing efforts to secure communication systems against sophisticated adversaries.



    加载中


    [1] A. Nitaj, M. R. K. Ariffin, N. N. H. Adenan, T. S. C. Lau, J. Chen, Security issues of novel RSA variant, IEEE Acce., 10 (2022), 53788–53796. https://doi.org/10.1109/ACCESS.2022.3175519 doi: 10.1109/ACCESS.2022.3175519
    [2] W. N. A. Ruzai, A. Nitaj, M. R. K. Ariffin, Z. Mahad, M. A. Asbullah, Increment of insecure RSA private exponent bound through perfect square RSA diophantine parameters cryptanalysis, Comput. Stand. Inter., 80 (2022), 103584. https://doi.org/10.1016/j.csi.2021.103584 doi: 10.1016/j.csi.2021.103584
    [3] R. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM., 21 (1978), 17–28.
    [4] T. R. Herman, L. Walter, D. Winter, Factoring with the quadratic sieve on large vector computers, J. Comput. Appl. Math., 27 (1989), 267–278. https://doi.org/10.1016/0377-0427(89)90370-1 doi: 10.1016/0377-0427(89)90370-1
    [5] A. H. A. Ghafar, M. R. K. Ariffin, S. M. Yasin, S. H. Sapar, Partial key attack given MSBs of CRT-RSA private keys, Mathematics, 8 (2020), 2188. https://doi.org/10.3390/math8122188 doi: 10.3390/math8122188
    [6] D. J. Bernstein, Y. A. Chang, C. M. Cheng, L. P. Chou, N. Heninger, T. Lange, et al., Factoring RSA keys from certified smart cards: Coppersmith in the wild, Adv. Crypt.-ASIACR., 2013,341–360. https://doi.org/10.1007/978-3-642-42045-0_18
    [7] M. Nemec, M. Sys, P. Svenda, D. Klinec, V. Matyas, The return of Coppersmith's attack: Practical factorization of widely used RSA moduli, Proc. 2017 ACM SIGSAC Conf. Comput. Commun. Secur., 2017, 1631–1648. https://doi.org/10.1145/3133956.3133969
    [8] H. Lin, X. Deng, F. Yu, Y. Sun, Grid multi-butterfly memristive neural network with three memristive systems: Modeling, dynamic analysis, and application in police IoT, IEEE Int. Things J., 2024. https://doi.org/10.1109/JIOT.2024.3409373
    [9] H. Lin, X. Deng, F. Yu, Y. Sun, Diversified butterfly attractors of memristive HNN with two memristive systems and application in IoMT for privacy protection, IEEE Trans. Comput.-Aided Design Int. Circu. Syst., 2024. https://doi.org/10.1109/TCAD.2024.3429410
    [10] F. Yu, S. Xu, Y. Lin, T. He, C. Wu, H. Lin, Design and analysis of a novel fractional-order system with hidden dynamics, hyperchaotic behavior and multi-scroll attractors, Mathematics, 12 (2024), 2227. https://doi.org/10.3390/math12142227 doi: 10.3390/math12142227
    [11] J. H. He, Q. Yang, C. H. He, A. A. Alsolami, Unlocking the plants' distribution in a fractal space, Fractals, 31 (2023), 2350102. https://doi.org/10.1142/S0218348X23501025 doi: 10.1142/S0218348X23501025
    [12] M. J. Wiener, Cryptanalysis of short RSA secret exponents, IEEE Trans. Inform. Theory, 36 (1990), 553–558. https://doi.org/10.1109/18.54902 doi: 10.1109/18.54902
    [13] A. Nitaj, Another generalization of Wiener's attack on RSA, Prog. Crypt.-AFRICACRYPT, 2008,174–190. https://doi.org/10.1007/978-3-540-68164-9_12
    [14] A. Nitaj, Diophantine and lattice cryptanalysis of the RSA cryptosystem, Artif. Intell. Evolut. Comput. Metah., 2013,139–168. https://doi.org/10.1007/978-3-642-29694-9_7
    [15] D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. Cryptology, 10 (1997), 233–260. https://doi.org/10.1007/s001459900030 doi: 10.1007/s001459900030
    [16] A. K. Lenstra, H. W. Lenstra, L. Lovász, Factoring polynomials with rational coefficients, Mathemat. Annalen, 261 (1982), 515–534. https://doi.org/10.1007/BF01457454 doi: 10.1007/BF01457454
    [17] A. Nitaj, M. R. K. Ariffin, D. I. Nassr, H. M. Bahig, New attacks on the RSA cryptosystem, in Prog. Crypt.-AFRICACRYPT, 2014,178–198. https://doi.org/10.1007/978-3-319-06734-6_12
    [18] J. Blömer, A. May, A generalized Wiener attack on RSA, Publ. Key Crypt.-PKC, 2004, 1–13. https://doi.org/10.1007/978-3-540-24632-9_1
    [19] M. R. K. Ariffin, S. I. Abubakar, F. Yunos, M. A. Asbullah, New cryptanalytic attack on RSA modulus $N = pq$ using small prime difference method, Cryptography, 3 (2019), 2. https://doi.org/10.3390/cryptography3010002 doi: 10.3390/cryptography3010002
    [20] M. J. Hinek, Cryptanalysis of RSA and its Variants, New York: Chapman and Hall/CRC, 2009. https://doi.org/10.1201/9781420075199
    [21] W. N. A. Ruzai, M. R. K. Ariffin, M. A. Asbullah, A. H. Abd Ghafar, New simultaneous Diophantine attacks on generalized RSA key equations, J. King Saud Univ.-Computer Inf. Sci., 36 (2024), 102074. https://doi.org/10.1016/j.jksuci.2024.102074 doi: 10.1016/j.jksuci.2024.102074
  • Reader Comments
  • © 2024 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(435) PDF downloads(50) Cited by(1)

Article outline

Figures and Tables

Tables(1)

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog