Wiener’s attack on RSA
E831738
Wiener’s attack on RSA is a cryptanalytic method that efficiently recovers the private key when the RSA decryption exponent is unusually small, exploiting properties of continued fractions.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Wiener’s attack on RSA canonical | 2 |
How this entity was disambiguated
This entity first appeared as the object of triple T9958083 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Wiener’s attack on RSA Context triple: [Shamir’s attack on RSA with low decryption exponent, relatedTo, Wiener’s attack on RSA]
-
A.
Shamir’s attack on RSA with low decryption exponent
Shamir’s attack on RSA with low decryption exponent is a cryptanalytic method that exploits unusually small private exponents in RSA to efficiently recover the secret key and break the encryption.
-
B.
Merkle–Hellman knapsack cryptosystem
The Merkle–Hellman knapsack cryptosystem is an early public-key encryption scheme based on the subset sum (knapsack) problem, historically significant as one of the first practical public-key systems though later found to be insecure.
-
C.
Lenstra elliptic-curve factorization method
The Lenstra elliptic-curve factorization method is an integer factorization algorithm that uses properties of elliptic curves over finite fields to efficiently find nontrivial factors of large numbers, especially those with relatively small prime divisors.
-
D.
New Directions in Cryptography
New Directions in Cryptography is a landmark 1976 paper that introduced the concepts of public-key cryptography and digital signatures, fundamentally reshaping modern cryptography and secure communications.
-
E.
Blum–Blum–Shub pseudorandom number generator
The Blum–Blum–Shub pseudorandom number generator is a cryptographically secure generator based on the hardness of factoring large composite numbers, widely studied in theoretical computer science and cryptography.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Wiener’s attack on RSA Target entity description: Wiener’s attack on RSA is a cryptanalytic method that efficiently recovers the private key when the RSA decryption exponent is unusually small, exploiting properties of continued fractions.
-
A.
Shamir’s attack on RSA with low decryption exponent
Shamir’s attack on RSA with low decryption exponent is a cryptanalytic method that exploits unusually small private exponents in RSA to efficiently recover the secret key and break the encryption.
-
B.
Merkle–Hellman knapsack cryptosystem
The Merkle–Hellman knapsack cryptosystem is an early public-key encryption scheme based on the subset sum (knapsack) problem, historically significant as one of the first practical public-key systems though later found to be insecure.
-
C.
Lenstra elliptic-curve factorization method
The Lenstra elliptic-curve factorization method is an integer factorization algorithm that uses properties of elliptic curves over finite fields to efficiently find nontrivial factors of large numbers, especially those with relatively small prime divisors.
-
D.
New Directions in Cryptography
New Directions in Cryptography is a landmark 1976 paper that introduced the concepts of public-key cryptography and digital signatures, fundamentally reshaping modern cryptography and secure communications.
-
E.
Blum–Blum–Shub pseudorandom number generator
The Blum–Blum–Shub pseudorandom number generator is a cryptographically secure generator based on the hardness of factoring large composite numbers, widely studied in theoretical computer science and cryptography.
- F. None of above. chosen
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf | cryptanalytic attack ⓘ |
| alsoKnownAs | Wiener’s small private exponent attack NERFINISHED ⓘ |
| appliesTo | RSA cryptosystem NERFINISHED ⓘ |
| assumes |
gcd(e,φ(n)) = 1
ⓘ
n = p*q with large primes p and q ⓘ standard RSA key generation ⓘ |
| author | Michael J. Wiener NERFINISHED ⓘ |
| basedOn |
Diophantine approximation
ⓘ
properties of continued fractions ⓘ |
| category |
attacks on public-key cryptosystems
ⓘ
number-theoretic cryptanalysis ⓘ |
| complexity |
efficient
ⓘ
polynomial time ⓘ |
| conditionOn |
d < n^0.25 / 3
ⓘ
d is unusually small ⓘ |
| countermeasure |
avoid small private exponents in RSA key generation
ⓘ
choose d sufficiently large ⓘ |
| exploits | small private exponent ⓘ |
| field |
cryptanalysis
ⓘ
cryptography ⓘ |
| influenced | subsequent small-exponent attacks on RSA ⓘ |
| input | public key (n,e) ⓘ |
| methodStep |
compute continued fraction expansion of e/n
ⓘ
enumerate convergents k_i/d_i of e/n ⓘ recover φ(n) and then d ⓘ test convergents as candidates for k/φ(n) ⓘ |
| motivated | RSA key generation guidelines to avoid small d ⓘ |
| namedAfter | Michael J. Wiener NERFINISHED ⓘ |
| output |
factorization of n in some variants
ⓘ
private exponent d ⓘ |
| publishedIn | Information and Computation NERFINISHED ⓘ |
| recovers |
RSA private key (n,d)
ⓘ
private exponent d ⓘ |
| relatedTo |
Boneh–Durfee attack
NERFINISHED
ⓘ
Coppersmith’s method NERFINISHED ⓘ small private exponent attacks ⓘ |
| requires |
public exponent e
ⓘ
public modulus n ⓘ |
| securityImplication | RSA implementations must avoid small d ⓘ |
| targets |
RSA decryption exponent
ⓘ
RSA private key ⓘ |
| threatens | RSA with small private exponent NERFINISHED ⓘ |
| uses |
continued fractions
ⓘ
convergents of continued fractions ⓘ |
| vulnerableParameter | RSA private exponent d ⓘ |
| worksWhen | d is less than approximately n^0.25 ⓘ |
| yearProposed | 1990 ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Wiener’s attack on RSA Description of subject: Wiener’s attack on RSA is a cryptanalytic method that efficiently recovers the private key when the RSA decryption exponent is unusually small, exploiting properties of continued fractions.
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.