IACR News item: 18 July 2014
Abderrahmane Nitaj, Muhammad Rezal Kamel Ariffin, Dieaa I. Nassr, and Hatem M. Bahig
ePrint ReportThe rst two attacks work when k RSA public keys (Ni, ei)
are such that there exist k relations of the shape eix-yi\\phi(Ni)=zi or of the shape eixi-y\\phi(Ni)=zi where Ni = piqi, \\phi(Ni)=(pi-1)(qi-1)
and the parameters x, xi, y, yi, zi are suitably small in terms of the prime factors of the moduli. We show that our attacks enable us to simultaneously factor the k RSA moduli Ni. The third attack works when the prime factors p and q of the modulus N = pq share an amount of their
least signicant bits (LSBs) in the presence of two decryption exponents
d1 and d2 sharing an amount of their most signicant bits (MSBs). The
three attacks improve the bounds of some former attacks that make RSA
insecure.
Additional news items may be found on the IACR news page.