Abstract
In some applications of RSA, it is desirable to have a short secret exponent d. Wiener [6], describes a technique to use continued fractions (CF) in a cryptanalytic attack on an RSA cryptosystem having a ‘short’ secret exponent. Let n=p¿·¿q be the modulus of the system. In the typical case that G=gcd(p-1,¿q-1) is small. Wiener’s method will give the secret exponent d when d does not exceed (approximately) n 1/4.
Here, we describe a general method to compute the CF-convergents of the continued fraction expansion of the same number as in Wiener (which has denominator d¿·¿G) up to the point where the denominator of the CF-convergent exceeds approximately n 1/4. When d
| Original language | English |
|---|---|
| Pages (from-to) | 425-435 |
| Number of pages | 11 |
| Journal | Applicable Algebra in Engineering, Communication and Computing |
| Volume | 8 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 1997 |