The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem's difficulty, which is computationally infeasible with large security parameters. However, this study revealed scenarios where an attacker can concurrently factorize multiple RSA moduli $ N_i = p_i q_i $ under specific conditions. The attack is feasible when the attacker possesses a set of RSA key pairs with certain flaws, allowing each $ N_i $ to be factored in polynomial time. We identified vulnerabilities in RSA keys that satisfy particular equations by applying Diophantine approximation and Coppersmith's lattice-based technique. For instance, the study demonstrates that if RSA public exponents $ e_i $ and moduli $ N_i $ adhere to $ e_i r - (N_i - p_i - q_i + u_i) s_i = t_i $, where $ r, s_i, u_i $, and $ t_i $ are small integers, then all $ N_i $ can be factorized simultaneously. Additionally, another vulnerability arises when RSA parameters satisfy $ e_i r_i - s(N_i - p_i - q_i + u_i) = t_i $, enabling concurrent factorization with small integers $ s, r_i, u_i $, and $ t_i $. This research expands the understanding of RSA security by identifying specific conditions under which RSA public-key pairs can be compromised. These findings are relevant to the broader field of cryptography and the ongoing efforts to secure communication systems against sophisticated adversaries.
Citation: Wan Nur Aqlili Ruzai, You Ying, Khairun Nisak Muhammad, Muhammad Asyraf Asbullah, Muhammad Rezal Kamel Ariffin. Concurrent factorization of RSA moduli via weak key equations[J]. AIMS Mathematics, 2024, 9(10): 28211-28231. doi: 10.3934/math.20241368
The Rivest-Shamir-Adleman (RSA) algorithm is a widely utilized technique in asymmetric cryptography, primarily for verifying digital signatures and encrypting messages. Its security relies on the integer factorization problem's difficulty, which is computationally infeasible with large security parameters. However, this study revealed scenarios where an attacker can concurrently factorize multiple RSA moduli $ N_i = p_i q_i $ under specific conditions. The attack is feasible when the attacker possesses a set of RSA key pairs with certain flaws, allowing each $ N_i $ to be factored in polynomial time. We identified vulnerabilities in RSA keys that satisfy particular equations by applying Diophantine approximation and Coppersmith's lattice-based technique. For instance, the study demonstrates that if RSA public exponents $ e_i $ and moduli $ N_i $ adhere to $ e_i r - (N_i - p_i - q_i + u_i) s_i = t_i $, where $ r, s_i, u_i $, and $ t_i $ are small integers, then all $ N_i $ can be factorized simultaneously. Additionally, another vulnerability arises when RSA parameters satisfy $ e_i r_i - s(N_i - p_i - q_i + u_i) = t_i $, enabling concurrent factorization with small integers $ s, r_i, u_i $, and $ t_i $. This research expands the understanding of RSA security by identifying specific conditions under which RSA public-key pairs can be compromised. These findings are relevant to the broader field of cryptography and the ongoing efforts to secure communication systems against sophisticated adversaries.
| [1] |
A. Nitaj, M. R. K. Ariffin, N. N. H. Adenan, T. S. C. Lau, J. Chen, Security issues of novel RSA variant, IEEE Acce., 10 (2022), 53788–53796. https://doi.org/10.1109/ACCESS.2022.3175519 doi: 10.1109/ACCESS.2022.3175519
|
| [2] |
W. N. A. Ruzai, A. Nitaj, M. R. K. Ariffin, Z. Mahad, M. A. Asbullah, Increment of insecure RSA private exponent bound through perfect square RSA diophantine parameters cryptanalysis, Comput. Stand. Inter., 80 (2022), 103584. https://doi.org/10.1016/j.csi.2021.103584 doi: 10.1016/j.csi.2021.103584
|
| [3] | R. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM., 21 (1978), 17–28. |
| [4] |
T. R. Herman, L. Walter, D. Winter, Factoring with the quadratic sieve on large vector computers, J. Comput. Appl. Math., 27 (1989), 267–278. https://doi.org/10.1016/0377-0427(89)90370-1 doi: 10.1016/0377-0427(89)90370-1
|
| [5] |
A. H. A. Ghafar, M. R. K. Ariffin, S. M. Yasin, S. H. Sapar, Partial key attack given MSBs of CRT-RSA private keys, Mathematics, 8 (2020), 2188. https://doi.org/10.3390/math8122188 doi: 10.3390/math8122188
|
| [6] | D. J. Bernstein, Y. A. Chang, C. M. Cheng, L. P. Chou, N. Heninger, T. Lange, et al., Factoring RSA keys from certified smart cards: Coppersmith in the wild, Adv. Crypt.-ASIACR., 2013,341–360. https://doi.org/10.1007/978-3-642-42045-0_18 |
| [7] | M. Nemec, M. Sys, P. Svenda, D. Klinec, V. Matyas, The return of Coppersmith's attack: Practical factorization of widely used RSA moduli, Proc. 2017 ACM SIGSAC Conf. Comput. Commun. Secur., 2017, 1631–1648. https://doi.org/10.1145/3133956.3133969 |
| [8] | H. Lin, X. Deng, F. Yu, Y. Sun, Grid multi-butterfly memristive neural network with three memristive systems: Modeling, dynamic analysis, and application in police IoT, IEEE Int. Things J., 2024. https://doi.org/10.1109/JIOT.2024.3409373 |
| [9] | H. Lin, X. Deng, F. Yu, Y. Sun, Diversified butterfly attractors of memristive HNN with two memristive systems and application in IoMT for privacy protection, IEEE Trans. Comput.-Aided Design Int. Circu. Syst., 2024. https://doi.org/10.1109/TCAD.2024.3429410 |
| [10] |
F. Yu, S. Xu, Y. Lin, T. He, C. Wu, H. Lin, Design and analysis of a novel fractional-order system with hidden dynamics, hyperchaotic behavior and multi-scroll attractors, Mathematics, 12 (2024), 2227. https://doi.org/10.3390/math12142227 doi: 10.3390/math12142227
|
| [11] |
J. H. He, Q. Yang, C. H. He, A. A. Alsolami, Unlocking the plants' distribution in a fractal space, Fractals, 31 (2023), 2350102. https://doi.org/10.1142/S0218348X23501025 doi: 10.1142/S0218348X23501025
|
| [12] |
M. J. Wiener, Cryptanalysis of short RSA secret exponents, IEEE Trans. Inform. Theory, 36 (1990), 553–558. https://doi.org/10.1109/18.54902 doi: 10.1109/18.54902
|
| [13] | A. Nitaj, Another generalization of Wiener's attack on RSA, Prog. Crypt.-AFRICACRYPT, 2008,174–190. https://doi.org/10.1007/978-3-540-68164-9_12 |
| [14] | A. Nitaj, Diophantine and lattice cryptanalysis of the RSA cryptosystem, Artif. Intell. Evolut. Comput. Metah., 2013,139–168. https://doi.org/10.1007/978-3-642-29694-9_7 |
| [15] |
D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. Cryptology, 10 (1997), 233–260. https://doi.org/10.1007/s001459900030 doi: 10.1007/s001459900030
|
| [16] |
A. K. Lenstra, H. W. Lenstra, L. Lovász, Factoring polynomials with rational coefficients, Mathemat. Annalen, 261 (1982), 515–534. https://doi.org/10.1007/BF01457454 doi: 10.1007/BF01457454
|
| [17] | A. Nitaj, M. R. K. Ariffin, D. I. Nassr, H. M. Bahig, New attacks on the RSA cryptosystem, in Prog. Crypt.-AFRICACRYPT, 2014,178–198. https://doi.org/10.1007/978-3-319-06734-6_12 |
| [18] | J. Blömer, A. May, A generalized Wiener attack on RSA, Publ. Key Crypt.-PKC, 2004, 1–13. https://doi.org/10.1007/978-3-540-24632-9_1 |
| [19] |
M. R. K. Ariffin, S. I. Abubakar, F. Yunos, M. A. Asbullah, New cryptanalytic attack on RSA modulus $N = pq$ using small prime difference method, Cryptography, 3 (2019), 2. https://doi.org/10.3390/cryptography3010002 doi: 10.3390/cryptography3010002
|
| [20] | M. J. Hinek, Cryptanalysis of RSA and its Variants, New York: Chapman and Hall/CRC, 2009. https://doi.org/10.1201/9781420075199 |
| [21] |
W. N. A. Ruzai, M. R. K. Ariffin, M. A. Asbullah, A. H. Abd Ghafar, New simultaneous Diophantine attacks on generalized RSA key equations, J. King Saud Univ.-Computer Inf. Sci., 36 (2024), 102074. https://doi.org/10.1016/j.jksuci.2024.102074 doi: 10.1016/j.jksuci.2024.102074
|
Wan Nur Aqlili Ruzai, You Ying, Khairun Nisak Muhammad, Muhammad Asyraf Asbullah, Muhammad Rezal Kamel Ariffin. Concurrent factorization of RSA moduli via weak key equations[J]. AIMS Mathematics, 2024, 9(10): 28211-28231. doi: 10.3934/math.20241368
DownLoad: