Continued fractions and RSA with small secret exponent
Andrej Dujella
TL;DR
This paper generalizes classical results on continued fractions and applies them to improve Wiener's attack on RSA with small secret exponents, providing a more comprehensive understanding of the solutions and attack modifications.
Contribution
It extends Legendre's classical result to a broader class of inequalities and applies this to refine RSA attack strategies involving small secret exponents.
Findings
All solutions of |x - a/b| < c/b^2 are characterized via continued fraction convergents.
A modified attack on RSA with small secret exponents is proposed based on the new theoretical insights.
The results offer a deeper understanding of the structure of solutions relevant to cryptanalysis.
Abstract
Extending the classical Legendre's result, we describe all solutions of the inequality |x - a/b| < c/b^2 in terms of convergents of continued fraction expansion of x. Namely, we show that a/b = (rp_{m+1} +- sp_m) / (rq_{m+1} +- sq_m) for some nonnegative integers m,r,s such that rs < 2c. As an application of this result, we describe a modification of Verheul and van Tilborg variant of Wiener's attack on RSA cryptosystem with small secret exponent.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsChaos-based Image/Signal Encryption · Cryptography and Residue Arithmetic · Coding theory and cryptography