New Jochemsz–May Cryptanalytic Bound for RSA System Utilizing Common Modulus N = p 2 q.

This paper describes an attack on the Rivest, Shamir and Adleman (RSA) cryptosystem utilizing the modulus N = p 2 q where p and q are two large balanced primes. Let e 1 , e 2 < N γ be the integers such that d 1 , d 2 < N δ be their multiplicative inverses. Based on the two key equations e 1 d 1 − k 1 ϕ (N) = 1 and e 2 d 2 − k 2 ϕ (N) = 1 where ϕ (N) = p (p − 1) (q − 1) , our attack works when the primes share a known amount of least significant bits (LSBs) and the private exponents share an amount of most significant bits (MSBs). We apply the extended strategy of Jochemsz–May to find the small roots of an integer polynomial and show that N can be factored if δ < 11 10 + 9 4 α − 1 2 β − 1 2 γ − 1 30 180 γ + 990 α − 180 β + 64. Our attack improves the bounds of some previously proposed attacks that makes the RSA variant vulnerable. [ABSTRACT FROM AUTHOR]