Twenty years of attacks on the RSA cryptosystemAuthors: D. Boneh
Two decades of research led to a number fascinating attacks on RSA. We survey several attacks and classify them into four categories: elementary attacks, attacks on low private exponent, attacks on low public exponent, and attacks on the implementation of RSA. We hope to illustrate some of the pitfalls security engineers should avoid when designing new systems.
Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999
Related papers: See also a brief survey paper by Burt Kaliski and Matt Robshaw in CryptoBytes Vol. 1, No. 3, 1995.