Cryptanalysis of RSA with private key d less than N0.292
Authors: D. Boneh and G. Durfee
Abstract:
We show that if the private exponent d used in the RSA system
is less than N0.292 then the system is insecure. This is the
first improvement of an old result of Wiener showing that when
d < N0.25
RSA is insecure. We hope our approach can be used to eventually improve
the bound to d < N0.5.
Reference:
IEEE Transactions on Information Theory, Vol 46, No. 4, pp. 1339--1349,
July 2000
Extended abstract in proceedings of Eurocrypt 1998
Full paper: PostScript [first posted 10/2000 ]