An Improved Attack on the RSA Variant Based on Cubic Pell Equation

Rahmani, Mohammed; Nitaj, Abderrahmane; Tadmori, Abdelhamid; Ziane, Mhammed

doi:10.3390/cryptography9020040

This is an early access version, the complete PDF, HTML, and XML versions will be available soon.

Open AccessArticle

An Improved Attack on the RSA Variant Based on Cubic Pell Equation

¹

ACSA Laboratory, Department of Mathematics and Computer Science, Sciences Faculty, Mohammed First University, Oujda 60000, Morocco

²

LMNO, CNRS, UNICAEN, Caen Normandie University, 14000 Caen, France

³

Faculty of Sciences and Technology Al Hoceima, Abdelmalek Essaadi University, BP 34. Ajdir, Al Hoceima 32003, Morocco

^*

Author to whom correspondence should be addressed.

Cryptography 2025, 9(2), 40; https://doi.org/10.3390/cryptography9020040

Submission received: 25 April 2025 / Revised: 2 June 2025 / Accepted: 3 June 2025 / Published: 6 June 2025

Download Versions Notes

Abstract

In this paper, we present a novel method to solve trivariate polynomial modular equations of the form

x (y^{2} + A y + B) + z \equiv 0 (mod e) .

Our approach integrates Coppersmith’s method with lattice basis reduction to efficiently solve the former equation. Several variants of RSA are based on the cubic Pell equation

x^{3} + f y^{3} + f^{2} z^{3} - 3 f x y z \equiv 1 (mod N)

, where f is a cubic nonresidue modulus

N = p q

. In these variants, the public exponent e and the private exponent d satisfy

e d \equiv 1 (mod ψ (N))

with

ψ (N) = (p^{2} + p + 1) (q^{2} + q + 1)

. Moreover, d can be written in the form

d \equiv \frac{v_{0}}{z_{0}} (mod ψ (N))

with any

z_{0}

satisfying

gcd (z_{0}, ψ (N)) = 1

. In this paper, we apply our method to attack the variants when

d \equiv \frac{v_{0}}{z_{0}} (mod ψ (N))

and when

| z_{0} |

and

| v_{0} |

are suitably small. We also show that our method significantly improves the bounds of the private exponents d of the previous attacks on the variants, particularly in the scenario of small private exponents and in the scenarios where partial information about the primes is available.

Keywords: Coppersmith’s method; lattice basis reduction; RSA variants; factorization

Share and Cite

MDPI and ACS Style

Rahmani, M.; Nitaj, A.; Tadmori, A.; Ziane, M. An Improved Attack on the RSA Variant Based on Cubic Pell Equation. Cryptography 2025, 9, 40. https://doi.org/10.3390/cryptography9020040

AMA Style

Rahmani M, Nitaj A, Tadmori A, Ziane M. An Improved Attack on the RSA Variant Based on Cubic Pell Equation. Cryptography. 2025; 9(2):40. https://doi.org/10.3390/cryptography9020040

Chicago/Turabian Style

Rahmani, Mohammed, Abderrahmane Nitaj, Abdelhamid Tadmori, and Mhammed Ziane. 2025. "An Improved Attack on the RSA Variant Based on Cubic Pell Equation" Cryptography 9, no. 2: 40. https://doi.org/10.3390/cryptography9020040

APA Style

Rahmani, M., Nitaj, A., Tadmori, A., & Ziane, M. (2025). An Improved Attack on the RSA Variant Based on Cubic Pell Equation. Cryptography, 9(2), 40. https://doi.org/10.3390/cryptography9020040

Article Menu

An Improved Attack on the RSA Variant Based on Cubic Pell Equation

Abstract

Share and Cite

Article Metrics

Article Access Statistics

Further Information

Guidelines

MDPI Initiatives

Follow MDPI