An Improved Attack on the RSA Variant Based on Cubic Pell Equation
Abstract
1. Introduction
2. Preliminaries
2.1. The Cubic Pell Curve
2.2. Useful Lemmas
2.3. RSA Variants with the Key Equation
2.4. Lattice Basis Reduction
2.5. Coppersmith’s Method
- 1.
- ;
- 2.
- ;
- 3.
- For each , .
3. Solving the Trivariate Polynomial Equation
3.1. Solving the Equation
3.2. A Numerical Example
4. Comparison with the Method of Feng et al. [10]
5. Application of the New Method
6. Comparison with the Former Attacks
6.1. Comparison with the Attack of Zheng et al. [17]
6.2. Comparison with the Attack of Feng et al. [10]
7. Experimental Results
7.1. A Detailed Example for Theorem 4 with the Equation
7.2. Experiments for Theorem 4 for Large Public Keys
- stands for the number of bits of x.
- is a parameter satisfies .
- is the parameter for which .
- is defined by .
- is a parameter such that .
- is the parameter defined by .
- stands for the number of known bits of p.
- m and t are parameters for constructing the lattice with dimension .
- Time is specified for the time in seconds required to perform both the LLL algorithm and the Gröbner basis method.
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
RSA | Rivest, Shamir, Adleman |
LLL | Lenstra, Lenstra, and Lovász |
CNRST | Centre National de la Recherche Scientifique et Technique |
Euler’s totient function | |
cubic totient function |
References
- Rivest, R.; Shamir, A.; Adleman, L. A Method for Obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21, 120–126. [Google Scholar] [CrossRef]
- Wiener, M. Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 1990, 36, 553–558. [Google Scholar] [CrossRef]
- Boneh, D.; Durfee, G. Cryptanalysis of RSA with private key d less than N0.292. In Advances in Cryptology—Eurocrypt’99; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 1999; Volume 1592, pp. 1–11. [Google Scholar]
- Coppersmith, D. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 1997, 10, 233–260. [Google Scholar] [CrossRef]
- Murru, N.; Saettone, F.M. A Novel RSA-Like Cryptosystem Based on a Generalization of the Rédei Rational Functions. In Number-Theoretic Methods in Cryptology; Kaczorowski, J., Pieprzyk, J., Pomykala, J., Eds.; NuTMiC 2017; Lecture Notes in Computer Science; Springer: Cham, Switzerland, 2018; Volume 10737, pp. 91–103. [Google Scholar]
- Castagnos, G. An efficient probabilistic public-key cryptosystem over quadratic fields quotients. Finite Fields Their Appl. 2007, 13, 563–576. [Google Scholar] [CrossRef]
- Elkamchouchi, H.; Elshenawy, K.; Shaban, H. Extended RSA cryptosystem and digital signature schemes in the domain of Gaussian integers. In Proceedings of the 8th International Conference on Communication Systems, ICCS 2002, Singapore, 28 November 2002; IEEE: Piscataway, NJ, USA, 2002; Volume 1, pp. 91–95. [Google Scholar]
- Kuwakado, H.; Koyama, K.; Tsuruoka, Y. A New RSA-Type Scheme Based on Singular Cubic Curves with equation y2 ≡ x3 + bx2 (mod N). IEICE Trans. Fundam. 1995, 78, 27–33. [Google Scholar]
- Said, M.R.M.; Loxton, J. A cubic analogue of the RSA cryptosystem. Bull. Aust. Math. Soc. 2003, 68, 21–38. [Google Scholar] [CrossRef]
- Feng, Y.; Nitaj, A.; Pan, Y. Partial prime factor exposure attacks on some RSA variants. Theor. Comput. Sci. 2024, 999, 114549. [Google Scholar] [CrossRef]
- Nitaj, A. Another generalization of Wiener’s attack on RSA. In Africacrypt 2008; Vaudenay, S., Ed.; LNCS; Springer: Berlin/Heidelberg, Germany, 2008; Volume 5023, pp. 174–190. [Google Scholar]
- Lenstra, A.K.; Lenstra, H.W.; Lovász, L. Factoring polynomials with rational coefficients. Math. Ann. 1982, 261, 513–534. [Google Scholar] [CrossRef]
- May, A. New RSA Vulnerabilities Using Lattice Reduction Methods. PhD Thesis, University of Paderborn, Paderborn, Germany, 2003. [Google Scholar]
- Howgrave-Graham, N. Finding small roots of univariate modular equations revisited. In Proceedings of the IMA International Conference on Cryptography and Coding, Cirencester, UK, 17–19 December 1997; LNCS. Springer: Berlin/Heidelberg, Germany, 1997; Volume 1355, pp. 131–142. [Google Scholar]
- Jochemsz, E.; May, A. A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In Proceedings of the ASIACRYPT 2006, Shanghai, China, 3–7 December 2006; LNCS. Springer: Berlin/Heidelberg, Germany, 2006; Volume 4284, pp. 267–282. [Google Scholar]
- Peng, L.; Hu, L.; Lu, Y.; Wei, H. An improved analysis on three variants of the RSA cryptosystem. In Proceedings of the International Conference on Information Security and Cryptology, Beijing, China, 4–6 November 2016; Springer: Berlin/Heidelberg, Germany, 2016; Volume 10143, pp. 140–149. [Google Scholar]
- Zheng, M.; Kunihiro, N.; Yao, Y. Cryptanalysis of the RSA variant based on cubic Pell equation. Theor. Comput. Sci. 2021, 889, 135–144. [Google Scholar] [CrossRef]
- HPC-MARWAN, National Center for Scientific and Technical Research (CNRST), Rabat, Morocco. Available online: http://hpc.marwan.ma/index.php/en/ (accessed on 5 May 2025).
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
0 | ★ | ★ | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
★ | 0 | ★ | 0 | 0 | ★ | 0 | 0 | 0 | 0 | 0 | ||
0 | 0 | 0 | ★ | ★ | 0 | 0 | 0 | 0 | 0 | 0 | ||
0 | ★ | 0 | 0 | ★ | 0 | 0 | ★ | 0 | 0 | 0 | ||
0 | ★ | 0 | ★ | ★ | 0 | 0 | ★ | ★ | 0 | 0 | ||
0 | ★ | ★ | 0 | ★ | ★ | 0 | ★ | ★ | ★ | 0 | ||
★ | ★ | ★ | 0 | 0 | ★ | ★ | ★ | ★ | ★ | ★ |
nb (N) | nb (e) | nbk (p) | m | t | Time (s) | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
700 | 1399 | 0.35657 | 2.000 | 1.9993 | 0.390 | 0.49676 | 50 | 4 | 2 | 65 | 13.48 |
800 | 1598 | 0.36285 | 1.994 | 1.9996 | 0.390 | 0.49710 | 88 | 4 | 2 | 65 | 16.59 |
899 | 1798 | 0.37716 | 1.999 | 1.9991 | 0.390 | 0.49734 | 138 | 4 | 2 | 65 | 18.47 |
1000 | 1999 | 0.36942 | 1.998 | 1.9988 | 0.390 | 0.49558 | 250 | 4 | 2 | 65 | 22.04 |
1299 | 2598 | 0.34597 | 2.000 | 2.0000 | 0.390 | 0.49879 | 177 | 4 | 2 | 65 | 35.99 |
1499 | 2996 | 0.37337 | 1.999 | 1.9992 | 0.390 | 0.49986 | 250 | 4 | 2 | 65 | 42.20 |
1999 | 3997 | 0.34999 | 1.999 | 1.9993 | 0.390 | 0.49904 | 270 | 3 | 3 | 52 | 09.06 |
2499 | 4997 | 0.36788 | 2.000 | 1.9997 | 0.390 | 0.49948 | 282 | 3 | 3 | 52 | 12.59 |
3000 | 5999 | 0.36650 | 2.000 | 1.9998 | 0.390 | 0.49895 | 532 | 3 | 3 | 52 | 17.37 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Rahmani, M.; Nitaj, A.; Tadmori, A.; Ziane, M. An Improved Attack on the RSA Variant Based on Cubic Pell Equation. Cryptography 2025, 9, 40. https://doi.org/10.3390/cryptography9020040
Rahmani M, Nitaj A, Tadmori A, Ziane M. An Improved Attack on the RSA Variant Based on Cubic Pell Equation. Cryptography. 2025; 9(2):40. https://doi.org/10.3390/cryptography9020040
Chicago/Turabian StyleRahmani, Mohammed, Abderrahmane Nitaj, Abdelhamid Tadmori, and Mhammed Ziane. 2025. "An Improved Attack on the RSA Variant Based on Cubic Pell Equation" Cryptography 9, no. 2: 40. https://doi.org/10.3390/cryptography9020040
APA StyleRahmani, M., Nitaj, A., Tadmori, A., & Ziane, M. (2025). An Improved Attack on the RSA Variant Based on Cubic Pell Equation. Cryptography, 9(2), 40. https://doi.org/10.3390/cryptography9020040