Conference Paper

A Generalization of de Weger's Method

DOI: 10.1109/IAS.2009.153 Conference: Proceedings of the Fifth International Conference on Information Assurance and Security, IAS 2009, Xi'An, China, 18-20 August 2009
Source: DBLP


This paper generalizes de Weger's method if the ratio of two RSA primes p/q is close to a simple fraction b/a. We can discover the secret exponent d < N3/4gamma from the convergents of e/(N+1-(a+b)/radic(ab) radicN) for |ap- bq| = Ngamma. Our method is thus reduced to de Weger's method if a=b=1. When b/a = 1/2, our method is reduced to Maitra and Sarkar's method.

  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we improve the range of weak keys of RSA cryptosystem for the Generalized Wiener's attack given by Blomer & May. We have shown that the range of weak keys can be extended by more than 8 times than the range given by Blomer & May. Further we have shown that for some special condition, N can be factored in (O poly(log N)) time.
    No preview · Article · Sep 2010
  • [Show abstract] [Hide abstract]
    ABSTRACT: In 2002, De Weger show that choosing an RSA modulus with a small difference of its prime factors yields improvements on the small private exponent attacks of Wiener and Boneh-Durfee. In this paper, we extend the Weger's bound of the Boneh-Durfee attack for the RSA modulus N = pq, when being close to with small integers a and b. We improve the bound of de Weger for the weaker and stronger results of Boneh-Durfee attack.
    No preview · Article · Nov 2011 · Communications in Computer and Information Science
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose two new attacks on RSA with modulus N = p2q using continued fractions. Our first attack is based on the RSA key equation ed - φ(N)k = 1 where φ(N) = p(p - 1)(q - 1). Assuming that and , we show that can be recovered among the convergents of the continued fraction expansion of . Our second attack is based on the equation eX - (N - (ap2 + bq2)) Y = Z where a,b are positive integers satisfying gcd(a,b) = 1, |ap2 - bq2| < N1/2 and ap2 + bq2 = N2/3+α with 0 < α < 1/3. Given the conditions , we show that one can factor N = p2q in polynomial time.
    No preview · Article · Jun 2015 · Journal of Physics Conference Series