Zhangjie Huang

Cryptanalysis of Dual RSA

In 2007, Sun et al. (IEEE Trans Inf Theory 53(8):2922–2933, 2007) presented new variants of RSA, called Dual RSA, whose key generation algorithm outputs two distinct RSA moduli having the same public and private exponents, with an advantage of reducing storage requirements for keys. These variants can be used in some applications like blind signatures and authentication/secrecy. In this paper, we give an improved analysis on Dual RSA and obtain that when the private exponent is smaller than

Further Improvement of Factoring RSA Moduli with Implicit Hint

N^{0.368}

Attacking RSA with a Composed Decryption Exponent Using Unravelled Linearization

N0.368, the Dual RSA can be broken, where N is an integer with the same bitlength as the modulus of Dual RSA. The point of our work is based on the observation that we can split the private exponent into two much smaller unknown variables and solve a related modular equation on the two unknown variables and other auxiliary variables by making use of lattice based methods. Moreover, we extend this method to analyze the common private exponent RSA scheme, a variant of Dual RSA, and obtain a better bound than previous analyses. While our analyses cannot be proven to work in general, since we rely on some unproven assumptions, our experimental results have shown they work in practice.

Modular Inversion Hidden Number Problem Revisited

In this paper, we analyze the security of two variants of the RSA public key cryptosystem where multiple encryption and decryption exponents are used with a common modulus. For the most well known variant, CRT-RSA, assume that n encryption and decryption exponents

Implicit Factorization of RSA Moduli Revisited Short Paper

e_l,d_{p_l},d_{q_l}

Solving a class of modular polynomial equations and its relation to modular inversion hidden number problem and inversive congruential generator

el,dpl,dql, where