Short-Exponent RSA

Hung-Min SUN  Cheng-Ta YANG  Mu-En WU  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E92-A   No.3   pp.912-918
Publication Date: 2009/03/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E92.A.912
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Cryptography and Information Security
RSA,  encryption,  digital signature,  public-key cryptosystem,  

Full Text: PDF(216.8KB)>>
Buy this Article

In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfortunately, Durfee & Nguyen broke the illustrated instances of the first and third variants by solving small roots to trivariate modular polynomial equations. They also indicated that the instances with unbalanced primes p and q are more insecure than the instances with balanced p and q. This investigation focuses on designing a new RSA variant with balanced p and q, and short exponents d and e, to improve the security of an RSA variant against the Durfee & Nguyen's attack, and the other existing attacks. Furthermore, the proposed variant (Scheme A) is also extended to another RSA variant (Scheme B) in which p and q are balanced, and a trade-off between the lengths of d and e is enable. In addition, we provide the security analysis and feasibility analysis of the proposed schemes.