MDPI - Publisher of Open Access Journals

16 pages, 321 KB

Open AccessArticle

An Improved Attack on the RSA Variant Based on Cubic Pell Equation

by Mohammed Rahmani, Abderrahmane Nitaj, Abdelhamid Tadmori and Mhammed Ziane

Cryptography 2025, 9(2), 40; https://doi.org/10.3390/cryptography9020040 - 6 Jun 2025

Cited by 2 | Viewed by 2057

In this paper, we present a novel method to solve trivariate polynomial modular equations of the form

x (y^{2} + A y + B) + z \equiv 0 (mod e) .

Our approach integrates Coppersmith’s method [...] Read more.

In this paper, we present a novel method to solve trivariate polynomial modular equations of the form

x (y^{2} + A y + B) + z \equiv 0 (mod e) .

Our approach integrates Coppersmith’s method with lattice basis reduction to efficiently solve the former equation. Several variants of RSA are based on the cubic Pell equation

x^{3} + f y^{3} + f^{2} z^{3} - 3 f x y z \equiv 1 (mod N)

, where f is a cubic nonresidue modulus

N = p q

. In these variants, the public exponent e and the private exponent d satisfy

e d \equiv 1 (mod ψ (N))

with

ψ (N) = (p^{2} + p + 1) (q^{2} + q + 1)

. Moreover, d can be written in the form

d \equiv \frac{v_{0}}{z_{0}} (mod ψ (N))

with any

z_{0}

satisfying

gcd (z_{0}, ψ (N)) = 1

. In this paper, we apply our method to attack the variants when

d \equiv \frac{v_{0}}{z_{0}} (mod ψ (N))

and when

| z_{0} |

and

| v_{0} |

are suitably small. We also show that our method significantly improves the bounds of the private exponents d of the previous attacks on the variants, particularly in the scenario of small private exponents and in the scenarios where partial information about the primes is available. Full article

12 pages, 305 KB

Open AccessArticle

Cryptanalysis of RSA-Variant Cryptosystem Generated by Potential Rogue CA Methodology

by Zahari Mahad, Muhammad Rezal Kamel Ariffin, Amir Hamzah Abd. Ghafar and Nur Raidah Salim

Symmetry 2022, 14(8), 1498; https://doi.org/10.3390/sym14081498 - 22 Jul 2022

Cited by 4 | Viewed by 2149

Abstract

Rogue certificate authorities (RCA) are third-party entities that intentionally produce key pairs that satisfy publicly known security requirements but contain weaknesses only known to the RCA. This work analyses the Murru–Saettone RSA variant scheme that obtains its key pair from a potential RCA [...] Read more.

x^{3} + r y^{3} + r^{2} z^{3} - 3 r x y z = 1

. The public, e, and private, d key generation process uses the secret parameter

ψ = (p^{2} + p + 1) (q^{2} + q + 1)

in place of the standard Euler–phi function

ϕ (N) = (p - 1) (q - 1)

, where

e d \equiv 1 (mod ψ)

. We prove that, upon obtaining an approximation of

ψ

, we are able to identify the provided key pair that was maliciously provided even if the private key d size is approximate to

ψ

. In fact, we are able to factor the modulus

N = p q

. Full article

(This article belongs to the Special Issue Advances in Multidisciplinary Exploration for Symmetric Key Cryptography and Blockchain Technology)

Search Results (2)

Further Information

Guidelines

MDPI Initiatives

Follow MDPI

Saved Queries

Search Filter Reset All

Years

Feature Papers

Subjects

Journals

Article Types

Countries / Regions

Search Results (2)

Further Information

Guidelines

MDPI Initiatives

Follow MDPI