On the Improvement of Wiener Attack on RSA with Small Private Exponent

Abstract EN

RSA system is based on the hardness of the integer factorization problem (IFP).

Given an RSA modulus N = p q , it is difficult to determine the prime factors p and q efficiently.

One of the most famous short exponent attacks on RSA is the Wiener attack.

In 1997, Verheul and van Tilborg use an exhaustive search to extend the boundary of the Wiener attack.

Their result shows that the cost of exhaustive search is 2 r + 8 bits when extending the Weiner's boundary r bits.

In this paper, we first reduce the cost of exhaustive search from 2 r + 8 bits to 2 r + 2 bits.

Then, we propose a method named EPF.

With EPF, the cost of exhaustive search is further reduced to 2 r - 6 bits when we extend Weiner's boundary r bits.

It means that our result is 214 times faster than Verheul and van Tilborg's result.

Besides, the security boundary is extended 7 bits.