Lecture: Attacks on RSA

Background Material



  1. Review RSA Public Key Cryptosystem
  2. Generating keys
    1. Prime number theorem and generating primes
    2. Avoid p-1 smooth
  3. Knowing phi(n) is equivalent to factor n.
  4. Knowing secret key is equivalent to factor n.
  5. Knowing part of p is enough to factor n.
  6. If the secret key is small it can be found via continued fractions
  7. Short plaintext messages can be found
  8. Optimal Asymmetric Encryption Padding (OAEP)

Slides and Worksheets

  1. dfactor.mw - Maple worksheet showing how to factor n=pq given the secret key (d,n).
  2. smallexponent.mw - Maple worksheet showing how to determine the secret key d given that it is small, i.e. less than 1/3n^(1/4).


  1. D. Boneh, "Twenty years of attacks on the RSA cryptosystem", Amer. Math. Soc. Notices, vol. 46, 1999.
  2. D. Coppersmith, "Small solutions to polynomial equations", J. Cryptology, vo. 10, 1997.
  3. D. Boneh, A. Joux, and P. Nguyen, "Why textbook ElGamal and RSA encryption are insecure", Advances in Cryptology - ASIACRYPT, '00, LNCS, Springer-Verlag, 2000.

Practice Assignment

  • Go through the Maple worksheets.
    Created: Feb. 8, 2016 (modified ) by jjohnson AT cs DOT drexel DOT edu