Notes on Small Private Key Attacks on Common Prime RSA
Mengce Zheng
TL;DR
This paper analyzes lattice-based small private key attacks on common prime RSA and identifies critical flaws in the prior Mumtaz-Luo analysis. It provides corrected parameter handling and derives refined bounds on the private exponent $\delta$ as a function of $\gamma$, using a trivariate polynomial $f$ and a lattice-based solving framework with Howgrave-Graham's lemma, including explicit bounds $\delta<\gamma+1-\frac{\sqrt{4 \gamma^2+20 \gamma+13}}{4}$ for $0<\gamma\leq\frac{3}{10}$ and $\delta<\frac{4\gamma+1}{11}$ for $\frac{3}{10}<\gamma<\frac{1}{2}$. The authors outline a practical attack procedure to recover $(d, ak, bk)$ and hence $p$, $q$, $g$ and factor $N$, supported by numerical experiments that show feasibility with larger lattice dimensions. The work tightens the security assessment of common prime RSA in IoT/constrained settings by clarifying secure and insecure parameter regimes and highlighting where previous analyses may fail. Overall, the results demonstrate actionable risks for small private-key configurations and provide a more reliable framework for evaluating common prime RSA security.
Abstract
We point out critical deficiencies in lattice-based cryptanalysis of common prime RSA presented in ``Remarks on the cryptanalysis of common prime RSA for IoT constrained low power devices'' [Information Sciences, 538 (2020) 54--68]. To rectify these flaws, we carefully scrutinize the relevant parameters involved in the analysis during solving a specific trivariate integer polynomial equation. Additionally, we offer a synthesized attack illustration of small private key attacks on common prime RSA.