Previous Article in Journal
Radio Number Associated with Zero Divisor Graph
Previous Article in Special Issue
Compiled Constructions towards Post-Quantum Group Key Exchange: A Design from Kyber

Article

# Partial Key Attack Given MSBs of CRT-RSA Private Keys

by 1,3 and
1
Institute for Mathematical Research, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
2
Department of Mathematics, Faculty of Science, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
3
Department of Computer Science, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia (UPM), Serdang 43400, Selangor Darul Ehsan, Malaysia
*
Author to whom correspondence should be addressed.
Mathematics 2020, 8(12), 2188; https://doi.org/10.3390/math8122188
Received: 27 October 2020 / Revised: 20 November 2020 / Accepted: 22 November 2020 / Published: 9 December 2020
(This article belongs to the Special Issue Mathematics Cryptography and Information Security)
The CRT-RSA cryptosystem is the most widely adopted RSA variant in digital applications. It exploits the properties of the Chinese remainder theorem (CRT) to elegantly reduce the size of the private keys. This significantly increases the efficiency of the RSA decryption algorithm. Nevertheless, an attack on RSA may also be applied to this RSA variant. One of the attacks is called partially known private key attack, that relies on the assumption that the adversary has knowledge of partial bits regarding RSA private keys. In this paper, we mount this type of attack on CRT-RSA. By using partial most significant bits (MSBs) of one of the RSA primes, p or q and its corresponding private exponent, d, we obtain an RSA intermediate. The intermediate is derived from $p−1$ and RSA public key, e. The analytical and novel reason on the success of our attack is that once the adversary has obtained the parameters: approximation of private exponent $d˜p$, approximation of p, $p˜$ and the public exponent e where $d˜p,p˜,e=Nα/2$ where $0<α≤1/4$ such that $|dp−d˜p|,|p−p˜| and has determined the largest prime of $p−1e$, it will enable the adversary to factor the RSA modulus $N=pq$. Although the parameter space to find the prime factor is large, we show that one can adjust its “success appetite” by applying prime-counting function properties. By comparing our method with contemporary partial key attacks on CRT-RSA, upon determining a suitable predetermined “success appetite” value, we found out that our method required fewer bits of the private keys in order to factor N. View Full-Text
Show Figures

Figure 1

MDPI and ACS Style

Abd Ghafar, A.H.; Kamel Ariffin, M.R.; Md Yasin, S.; Sapar, S.H. Partial Key Attack Given MSBs of CRT-RSA Private Keys. Mathematics 2020, 8, 2188. https://doi.org/10.3390/math8122188

AMA Style

Abd Ghafar AH, Kamel Ariffin MR, Md Yasin S, Sapar SH. Partial Key Attack Given MSBs of CRT-RSA Private Keys. Mathematics. 2020; 8(12):2188. https://doi.org/10.3390/math8122188

Chicago/Turabian Style

Abd Ghafar, Amir H., Muhammad R. Kamel Ariffin, Sharifah Md Yasin, and Siti H. Sapar 2020. "Partial Key Attack Given MSBs of CRT-RSA Private Keys" Mathematics 8, no. 12: 2188. https://doi.org/10.3390/math8122188

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

1