RSA with balanced short exponents and its application to entity authentication

Hung Min Sun, Cheng Ta Yang

研究成果: Conference article同行評審

21 引文 斯高帕斯(Scopus)


In typical RSA, it is impossible to create a key pair (e, d) such that both are simultaneously much shorter than φ(N). This is because if d is selected first, then e will be of the same order of magnitude as φ(N), and vice versa. At Asiacrypt'99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N0.25 and N 0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bit-length 1/2 log2 N + 56. The third RSA variant is constructed by such a method that allows a trade-off between the lengths of d and e. Unfortunately, at Asiacrypt'2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a trade-off between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolen-secret attack is presented.

頁(從 - 到)199-215
期刊Lecture Notes in Computer Science
出版狀態Published - 2005
事件8th International Workshop on Theory and Practice in Public Key Cryptography, PKC 2005 - Les Diablerets, Switzerland
持續時間: 2005 1月 232005 1月 26

All Science Journal Classification (ASJC) codes

  • 理論電腦科學
  • 電腦科學(全部)


深入研究「RSA with balanced short exponents and its application to entity authentication」主題。共同形成了獨特的指紋。