The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dalam sesetengah aplikasi, eksponen peribadi pendek d dipilih untuk menambah baik proses penyahsulitan atau tandatangan untuk sistem kriptografi kunci awam RSA. Walau bagaimanapun, dalam RSA biasa, jika eksponen persendirian d dipilih dahulu, eksponen awam e hendaklah sama tertib magnitud dengan φ(N). Sun et al. mencipta tiga varian RSA menggunakan faktor perdana yang tidak seimbang p and q untuk mengurangkan kos pengiraan. Malangnya, Durfee & Nguyen memecahkan contoh yang digambarkan bagi varian pertama dan ketiga dengan menyelesaikan punca kecil kepada trivariate persamaan polinomial modular. Mereka juga menunjukkan bahawa kejadian dengan bilangan prima tidak seimbang p and q adalah lebih tidak selamat daripada keadaan dengan seimbang p and q. Siasatan ini menumpukan pada mereka bentuk varian RSA baharu dengan seimbang p and q, dan eksponen pendek d and e, untuk meningkatkan keselamatan varian RSA terhadap serangan Durfee & Nguyen, dan serangan lain yang sedia ada. Tambahan pula, varian yang dicadangkan (Skim A) juga diperluaskan kepada varian RSA yang lain (Skim B) di mana p and q adalah seimbang, dan pertukaran antara panjang d and e adalah membolehkan. Di samping itu, kami menyediakan analisis keselamatan dan analisis kebolehlaksanaan skim yang dicadangkan.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Hung-Min SUN, Cheng-Ta YANG, Mu-En WU, "Short-Exponent RSA" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 3, pp. 912-918, March 2009, doi: 10.1587/transfun.E92.A.912.
Abstract: In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.912/_p
Salinan
@ARTICLE{e92-a_3_912,
author={Hung-Min SUN, Cheng-Ta YANG, Mu-En WU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Short-Exponent RSA},
year={2009},
volume={E92-A},
number={3},
pages={912-918},
abstract={In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.},
keywords={},
doi={10.1587/transfun.E92.A.912},
ISSN={1745-1337},
month={March},}
Salinan
TY - JOUR
TI - Short-Exponent RSA
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 912
EP - 918
AU - Hung-Min SUN
AU - Cheng-Ta YANG
AU - Mu-En WU
PY - 2009
DO - 10.1587/transfun.E92.A.912
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2009
AB - In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.
ER -