Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:group:seminars:20060428 [2009/04/07 12:30]
admin
en:group:seminars:20060428 [2016/06/23 11:26]
Line 1: Line 1:
  
----- dataentry seminar ---- 
-date_dt : 2006-04-28 
-title : New Attacks on RSA with Small Secret CRT-Exponents 
-speaker : Dr Daniel Bleichenbacher 
-affiliation :  Bell Labs 
-time :  
-room :  
-table : seminars 
-=================== 
-template:​datatemplates:​seminar 
------------------------ 
- 
- 
-==== abstract ==== 
-It is well-known that there is an efficient method for 
-decrypting/​signing with RSA when the secret exponent d 
-is small modulo p-1 and q-1. We call such an exponent 
-d a small CRT-exponent. 
-It is one of the major open problems in attacking RSA 
-whether there exists a polynomial time attack for 
-small CRT-exponents,​ i.e. a result that can be 
-considered as an equivalent to the Wiener 
-and Boneh-Durfee bound for small d. 
-At Crypto 2002, May presented a partial solution in 
-the case of an RSA modulus N=pq with unbalanced 
-prime factors p and q. In this talk we present two 
-imporoved algorithms for breaking RSA with small 
-CRT-exponents.