首页 | 本学科首页   官方微博 | 高级检索  
     

运用格规约分析RSA解密指数安全性
引用本文:梁韬文, 王立斌. 运用格规约分析RSA解密指数安全性[J]. 华南师范大学学报(自然科学版), 2023, 55(5): 121-128. DOI: 10.6054/j.jscnun.2023071
作者姓名:梁韬文  王立斌
作者单位:1.华南师范大学计算机学院,广州 510631
基金项目:国家自然科学基金项目(62072207)
摘    要:

分析RSA算法的解密指数的安全性是业界关注的重点问题,目前多项研究给出了解密指数的不安全范围,其局限性均为仅使用基于连分数逼近的分析方法,且仅指出了解密指数与模数的关系。实际上,RSA算法的解密指数的安全性还与其所使用的素数和加密指数大小有关。为分析更广义的RSA算法的解密指数的安全范围,文章提出了一种运用格规约攻击小解密指数的攻击算法(LW):首先构造最短向量与解密指数相关的二维格,然后寻找该二维格中的最短向量,最终从最短向量中提取解密指数。分析LW算法攻击成功的条件可知:令Ned分别为RSA算法所使用的模数、加密指数、解密指数,pq(pq)为大素数,则当ped2N2时,使用LW算法可破解得解密指数。同时证明了LW算法与基于连分数逼近的攻击方法具有等价关系,即若满足连分数逼近方法的攻击条件,则使用LW算法也可攻击成功,反之亦然。最后,在3种基于连分数逼近的攻击算法的已知条件下使用LW算法,分别得到攻击成功时的广义解密指数不安全范围,分析结果展示了LW算法的通用性。



关 键 词:公钥密码算法  密码分析  格规约  连分数
收稿时间:2021-12-13

A method for obtaining digital signatures and public-key cryptosystems
LIANG Taowen, WANG Libin. Cryptanalysis of Decryption Exponent in RSA Using Lattice Reduction[J]. Journal of South China Normal University (Natural Science Edition), 2023, 55(5): 121-128. DOI: 10.6054/j.jscnun.2023071
Authors:LIANG Taowen  WANG Libin
Affiliation:1.School of Computer Science, South China Normal University, Guangzhou 510631, China
Abstract:Cryptanalysis of the RSA decryption exponent is a pivotal issue in public-key cryptography. Currently, many studies have given the insecure ranges of the decryption exponent, which are limited to only using the continued fraction approximation method and considering relationships between the decryption exponent and the modulus. In fact, the security of the RSA decryption exponent is also related to the encryption exponent and the primes. To propose a general security relation, the LW method, a new method to attack the RSA with small decryption exponent is given in this paper. This method first constructs a 2-dimensional lattice using the RSA public key, whose shortest vector is related to the decryption exponent. By finding the shortest vector of this lattice, the decryption exponent can be recovered. The analysis then shows that the LW method will succeed when ped2N2, where N,e,d are the module, the encryption exponent and the decryption exponent as well as p and q are the primespq of the RSA scheme. Such an attack has the same effect as attacks based on continued fraction approximation, i.e. if the continued fraction approximation succeeds, the LW method succeeds. The LW method is applied to the environment of three kinds of attacks based on the continued fraction approximation to get general insecure ranges of the decryption exponent, which shows that the LW method is general.
Keywords:public-key cryptography  cryptanalysis  lattice reduction  continued fraction
点击此处可从《华南师范大学学报(自然科学版)》浏览原始摘要信息
点击此处可从《华南师范大学学报(自然科学版)》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号