{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T00:03:39Z","timestamp":1769299419144,"version":"3.49.0"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030920616","type":"print"},{"value":"9783030920623","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-92062-3_4","type":"book-chapter","created":{"date-parts":[[2021,11,30]],"date-time":"2021-11-30T19:21:35Z","timestamp":1638300095000},"page":"99-129","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Partial Key Exposure Attack on\u00a0Short Secret Exponent CRT-RSA"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5965-5675","authenticated-orcid":false,"given":"Alexander","family":"May","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3066-0133","authenticated-orcid":false,"given":"Julian","family":"Nowakowski","sequence":"additional","affiliation":[]},{"given":"Santanu","family":"Sarkar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,12,1]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-642-00468-1_3","volume-title":"Public Key Cryptography \u2013 PKC 2009","author":"Y Aono","year":"2009","unstructured":"Aono, Y.: A new lattice construction for partial key exposure attack for RSA. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 34\u201353. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00468-1_3"},{"key":"4_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-642-42045-0_18","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"DJ Bernstein","year":"2013","unstructured":"Bernstein, D.J., et al.: Factoring RSA keys from certified smart cards: coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 341\u2013360. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42045-0_18"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11745853_1","volume-title":"Public Key Cryptography - PKC 2006","author":"D Bleichenbacher","year":"2006","unstructured":"Bleichenbacher, D., May, A.: New attacks on RSA with small secret CRT-exponents. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 1\u201313. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11745853_1"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-540-45146-4_2","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"J Bl\u00f6mer","year":"2003","unstructured":"Bl\u00f6mer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27\u201343. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_2"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key $$d$$ less than $$N^{0.292}$$. IEEE Trans. Inf. Theory 46(4), 1339\u20131349 (2000)","DOI":"10.1109\/18.850673"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/3-540-68339-9_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"D Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178\u2013189. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_16"},{"issue":"4","key":"4_CR7","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997)","journal-title":"J. Cryptol."},{"issue":"1","key":"4_CR8","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/s00145-006-0433-6","volume":"20","author":"JS Coron","year":"2007","unstructured":"Coron, J.S., May, A.: Deterministic polynomial-time equivalence of computing the RSA secret key and factoring. J. Cryptol. 20(1), 39\u201350 (2007)","journal-title":"J. Cryptol."},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/11426639_22","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"M Ernst","year":"2005","unstructured":"Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371\u2013386. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_22"},{"key":"4_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/11506157_24","volume-title":"Information Security and Privacy","author":"SD Galbraith","year":"2005","unstructured":"Galbraith, S.D., Heneghan, C., McKee, J.F.: Tunable balancing of RSA. In: Boyd, C., Gonz\u00e1lez Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 280\u2013292. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11506157_24"},{"key":"4_CR11","unstructured":"Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: 21st USENIX Security Symposium USENIX Security 12, pp. 205\u2013220 (2012)"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-10366-7_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Herrmann","year":"2009","unstructured":"Herrmann, M., May, A.: Attacking power generators using unravelled linearization: when do we output too much? In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 487\u2013504. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_29"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/978-3-642-13013-7_4","volume-title":"Public Key Cryptography \u2013 PKC 2010","author":"M Herrmann","year":"2010","unstructured":"Herrmann, M., May, A.: Maximizing small root bounds by linearization and applications to small secret exponent RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 53\u201369. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13013-7_4"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/BFb0024458","volume-title":"Crytography and Coding","author":"N Howgrave-Graham","year":"1997","unstructured":"Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131\u2013142. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0024458"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-540-74143-5_22","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"E Jochemsz","year":"2007","unstructured":"Jochemsz, E., May, A.: A polynomial time attack on RSA with private CRT-exponents smaller than N0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395\u2013411. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_22"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-642-28496-0_16","volume-title":"Selected Areas in Cryptography","author":"N Kunihiro","year":"2012","unstructured":"Kunihiro, N., Shinohara, N., Izu, T.: A unified framework for small secret exponent attack on RSA. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 260\u2013277. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28496-0_16"},{"key":"4_CR17","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"AK Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra, H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 515\u2013534 (1982)","journal-title":"Mathematische Annalen"},{"key":"4_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/978-3-319-07536-5_10","volume-title":"Applied Cryptography and Network Security","author":"Y Lu","year":"2014","unstructured":"Lu, Y., Zhang, R., Lin, D.: New partial key exposure attacks on CRT-RSA with large public exponents. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 151\u2013162. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-07536-5_10"},{"issue":"2","key":"4_CR19","doi-asserted-by":"publisher","first-page":"122","DOI":"10.14429\/dsj.62.1716","volume":"62","author":"S Maitra","year":"2012","unstructured":"Maitra, S., Sarkar, S.: On deterministic polynomial-time equivalence of computing the CRT-RSA secret keys and factoring. Def. Sci. J. 62(2), 122\u2013126 (2012)","journal-title":"Def. Sci. J."},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/3-540-45708-9_16","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"A May","year":"2002","unstructured":"May, A.: Cryptanalysis of unbalanced RSA with small CRT-exponent. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 242\u2013256. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_16"},{"key":"4_CR21","unstructured":"May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003)"},{"key":"4_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/978-3-540-28628-8_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A May","year":"2004","unstructured":"May, A.: Computing the RSA secret key is deterministic polynomial time equivalent to factoring. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 213\u2013219. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_13"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Nemec, M., Sys, M., Svenda, P., Klinec, D., Matyas, V.: The return of Coppersmith\u2019s attack: Practical factorization of widely used RSA moduli. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1631\u20131648 (2017)","DOI":"10.1145\/3133956.3133969"},{"key":"4_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-319-13051-4_21","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"A Takayasu","year":"2014","unstructured":"Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA: achieving the Boneh-Durfee bound. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 345\u2013362. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13051-4_21"},{"key":"4_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"518","DOI":"10.1007\/978-3-319-28166-7_25","volume-title":"Applied Cryptography and Network Security","author":"A Takayasu","year":"2015","unstructured":"Takayasu, A., Kunihiro, N.: Partial key exposure attacks on CRT-RSA: better cryptanalysis to full size encryption exponents. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 518\u2013537. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-28166-7_25"},{"key":"4_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-662-49387-8_4","volume-title":"Public-Key Cryptography \u2013 PKC 2016","author":"A Takayasu","year":"2016","unstructured":"Takayasu, A., Kunihiro, N.: How to generalize RSA cryptanalyses. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 67\u201397. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49387-8_4"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-319-56614-6_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"A Takayasu","year":"2017","unstructured":"Takayasu, A., Lu, Y., Peng, L.: Small CRT-exponent RSA revisited. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 130\u2013159. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_5"},{"issue":"4","key":"4_CR28","doi-asserted-by":"publisher","first-page":"1337","DOI":"10.1007\/s00145-018-9282-3","volume":"32","author":"A Takayasu","year":"2019","unstructured":"Takayasu, A., Lu, Y., Peng, L.: Small CRT-exponent RSA revisited. J. Cryptol. 32(4), 1337\u20131382 (2019)","journal-title":"J. Cryptol."},{"issue":"3","key":"4_CR29","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1109\/18.54902","volume":"36","author":"MJ Wiener","year":"1990","unstructured":"Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. theory 36(3), 553\u2013558 (1990)","journal-title":"IEEE Trans. Inf. theory"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-92062-3_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:10:37Z","timestamp":1732925437000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-92062-3_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030920616","9783030920623"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-92062-3_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 December 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"341","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"95","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.21","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.61","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held online due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}