. Furthermore, if the secret exponent is close to £f(N)/2, or even if it is close to some other critical value, it will be discovered.
| Previous | [1] | [2] | [3] | [4] | [5] | [6] | [7] | [8] |
Chien-Yuan Chen, Chin-Chen Chang* and Wei-Pang Yang
Institute of Computer and Information Science
National Chiao Tung University
Hsinchu, Taiwan 300, R.O.C.
*Institute of Computer Science and Information Engineering
National Chung Cheng University
Chiayi, Taiwan 621, R.O.C.
In this paper, we present a cryptanalytic attack on large RSA secret exponents. Let e and N denote the public exponent and the modulus of the RSA scheme, respectively. This attack uses the continued fraction algorithm to find an estimate of a fraction which involves the secret exponent d from a known close enough estimate of a fraction e/N. According to our proposed attack, the large secret exponent d can be discovered if e < N and . Furthermore, if the secret exponent is close to £f(N)/2, or even if it is close to some other critical value, it will be discovered.
Keywords: the RSA scheme, the continued fraction algorithm
Received July 22, 1994; revised August 4, 1995.
Communicated by C. L. Liu.