Shamir’s attack on RSA with low decryption exponent

E195493

Shamir’s attack on RSA with low decryption exponent is a cryptanalytic method that exploits unusually small private exponents in RSA to efficiently recover the secret key and break the encryption.

All labels observed (1)

How this entity was disambiguated

Statements (30)

Predicate Object
instanceOf attack on RSA
cryptanalytic attack
mathematical attack
appliesWhen RSA private exponent d is unusually small relative to modulus N
assumes RSA modulus is known
public exponent is known
basedOn Diophantine approximation techniques
lattice-based methods
complexity polynomial time under its parameter assumptions
countermeasure choose sufficiently large private exponent d
follow recommended RSA key-size and exponent guidelines
describedIn research on attacks against low-exponent RSA
developedBy Adi Shamir
exploits low RSA decryption exponent
small private exponent in RSA
field cryptanalysis
public-key cryptography
goal break RSA encryption
recover RSA private key
improvesOn Wiener’s attack on RSA
input RSA public key (N,e)
involves continued fractions and lattice techniques
number theory
output RSA private exponent d
factorization of RSA modulus N
relatedTo Wiener’s attack on RSA
riskFactorFor RSA implementations using small private exponents for efficiency
securityImplication RSA key generation must avoid low decryption exponents
RSA with very small private exponent is insecure
targets RSA
surface form: RSA cryptosystem

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Adi Shamir knownFor Shamir’s attack on RSA with low decryption exponent