Cryptanalysis of RSA with private key d less than N^0.292

Authors: D. Boneh and G. Durfee

Abstract:
We show that if the private exponent d used in the RSA system is less than N^0.292 then the system is insecure. This is the first improvement of an old result of Wiener showing that when d < N^0.25 RSA is insecure. We hope our approach can be used to eventually improve the bound to d < N^0.5.

Reference:
IEEE Transactions on Information Theory, Vol 46, No. 4, pp. 1339--1349, July 2000
Extended abstract in proceedings of Eurocrypt 1998

Full paper: PostScript [first posted 10/2000 ]

Dan's publications, Dan's home page

Publications

Cryptanalysis of RSA with private key d less than N0.292

Cryptanalysis of RSA with private key d less than N^0.292