
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

ShortExponent RSA
HungMin SUN ChengTa YANG MuEn WU
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E92A
No.3
pp.912918 Publication Date: 2009/03/01
Online ISSN: 17451337
DOI: 10.1587/transfun.E92.A.912
Print ISSN: 09168508 Type of Manuscript: PAPER Category: Cryptography and Information Security Keyword: RSA, encryption, digital signature, publickey cryptosystem,
Full Text: PDF(216.8KB) >>Buy this Article
Summary:
In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a tradeoff between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.

