Twenty years of attacks on the RSA cryptosystem

Authors: D. Boneh

Two decades of research led to a number fascinating attacks on RSA. We survey several attacks and classify them into four categories: elementary attacks, attacks on low private exponent, attacks on low public exponent, and attacks on the implementation of RSA. We hope to illustrate some of the pitfalls security engineers should avoid when designing new systems.

Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999

Full paper: ps, pdf         [first posted 11/1998 ]

Related papers: See also a brief survey paper by Burt Kaliski and Matt Robshaw in CryptoBytes Vol. 1, No. 3, 1995.