{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:29:18Z","timestamp":1760146158594,"version":"build-2065373602"},"reference-count":23,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,10,6]],"date-time":"2024-10-06T00:00:00Z","timestamp":1728172800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>In 2022, Cotan and Te\u015feleanu presented a variant of the RSA cryptosystem where the modulus is of the form N=pq, and the private and the public exponents satisfy ed\u22611(mod\u03c8n(N)) with n\u22652, and \u03c8n(N)=pn\u22121qn\u22121(p\u22121)(q\u22121). This variant of RSA was recently cryptanalyzed by Nitaj, Adenan, and Ariffin at Africacrypt 2024. In this paper, we push further the cryptanalysis of the scheme of Cotan and Te\u015feleanu by presenting a method to solve the equation xH(y)+c\u22610(mode) where c is a constant that is independent of x and y. This enables us to propose more attacks on the scheme, including a partial key exposure attack, an attack when the most significant bits of one of the prime factors are known, and an attack when the least significant bits of one of the prime factors are known.<\/jats:p>","DOI":"10.3390\/cryptography8040044","type":"journal-article","created":{"date-parts":[[2024,10,7]],"date-time":"2024-10-07T07:30:18Z","timestamp":1728286218000},"page":"44","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Partial Exposure Attacks on a New RSA Variant"],"prefix":"10.3390","volume":"8","author":[{"given":"Mohammed","family":"Rahmani","sequence":"first","affiliation":[{"name":"ACSA Laboratory, Department of Mathematics and Computer Science, Sciences Faculty, Mohammed First University, Oujda 60000, Morocco"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0372-1757","authenticated-orcid":false,"given":"Abderrahmane","family":"Nitaj","sequence":"additional","affiliation":[{"name":"LMNO, CNRS, UNICAEN, Caen Normandie University, 14000 Caen, France"}]},{"given":"Mhammed","family":"Ziane","sequence":"additional","affiliation":[{"name":"ACSA Laboratory, Department of Mathematics and Computer Science, Sciences Faculty, Mohammed First University, Oujda 60000, Morocco"}]}],"member":"1968","published-online":{"date-parts":[[2024,10,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","article-title":"A Method for Obtaining digital signatures and public-key cryptosystems","volume":"21","author":"Rivest","year":"1978","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"553","DOI":"10.1109\/18.54902","article-title":"Cryptanalysis of short RSA secret exponents","volume":"36","author":"Wiener","year":"1990","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/3-540-48910-X_1","article-title":"Cryptanalysis of RSA with private key d less than N0.292","volume":"Volume 1592","author":"Boneh","year":"1999","journal-title":"Advances in Cryptology-Eurocrypt\u201999, Lecture Notes in Computer Science"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"905","DOI":"10.1049\/el:19820617","article-title":"Fast decipherment algorithm for RSA public-key cryptosystem","volume":"18","author":"Quisquater","year":"1982","journal-title":"Electron. Lett."},{"key":"ref_5","first-page":"252","article-title":"New public-key schemes based on elliptic curves over the ring Zn","volume":"Volume 576","author":"Koyama","year":"1991","journal-title":"Advances in Cryptology\u2014CRYPTO 1991, Lecture Notes in Computer Science"},{"key":"ref_6","unstructured":"Collins, T., Hopkins, D., Langford, S., and Sabin, M. (1997). Public Key Cryptographic Apparatus and Method. (5,848,159), US Patent."},{"key":"ref_7","first-page":"94","article-title":"A fast RSA-type public-key primitive modulo pkq using Hensel lifting","volume":"87","author":"Takagi","year":"2004","journal-title":"IEICE Trans."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Kaczorowski, J., Pieprzyk, J., and Pomykala, J. (2018). A Novel RSA-Like Cryptosystem Based on a Generalization of the R\u00e9dei Rational Functions. Number-Theoretic Methods in Cryptology. NuTMiC 2017. Lecture Notes in Computer Science, Springer.","DOI":"10.1007\/978-3-319-76620-1"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"114549","DOI":"10.1016\/j.tcs.2024.114549","article-title":"Partial prime factor exposure attacks on some RSA variants","volume":"Volume 999","author":"Feng","year":"2024","journal-title":"Theoretical Computer Science"},{"key":"ref_10","first-page":"151","article-title":"Classical Attacks on a Variant of the RSA Cryptosystem","volume":"Volume 12912","author":"Nitaj","year":"2021","journal-title":"LATINCRYPT 2021. Lecture Notes in Computer Science"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Susilo, W., Chen, X., Guo, F., Zhang, Y., and Intan, R. (2022). Further Cryptanalysis of a Type of RSA Variants. Information Security. ISC 2022. Lecture Notes in Computer Science, Springer.","DOI":"10.1007\/978-3-031-22390-7"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1016\/j.tcs.2021.08.001","article-title":"Cryptanalysis of the RSA variant based on cubic Pell equation","volume":"889","author":"Zheng","year":"2021","journal-title":"Theor. Comput. Sci."},{"key":"ref_13","first-page":"589","article-title":"Continued fractions applied to a family of RSA-like cryptosystems","volume":"Volume 13620","author":"Su","year":"2022","journal-title":"Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Vaudenay, S., and Petit, C. (2024). Cryptanalysis of a New Variant of the RSA Cryptosystem. Progress in Cryptology\u2014AFRICACRYPT 2024. AFRICACRYPT 2024. Lecture Notes in Computer Science, Springer.","DOI":"10.1007\/978-3-031-64381-1"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"513","DOI":"10.1007\/BF01457454","article-title":"Factoring polynomials with rational coefficients","volume":"261","author":"Lenstra","year":"1982","journal-title":"Math. Ann."},{"key":"ref_16","unstructured":"May, A. (2003). New RSA Vulnerabilities Using Lattice Reduction Methods. [Ph.D. Thesis, University of Paderborn]."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"233","DOI":"10.1007\/s001459900030","article-title":"Small solutions to polynomial equations, and low exponent RSA vulnerabilities","volume":"10","author":"Coppersmith","year":"1997","journal-title":"J. Cryptol."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Howgrave-Graham, N. (1997). Finding small roots of univariate modular equations revisited. Cryptography and Coding, LNCS 1355, Springer.","DOI":"10.1007\/BFb0024458"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Jochemsz, E., and May, A. (2006). A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. ASIACRYPT 2006, LNCS 4284, Springer.","DOI":"10.1007\/11935230_18"},{"key":"ref_20","first-page":"140","article-title":"An improved analysis on three variants of the RSA cryptosystem","volume":"Volume 10143","author":"Peng","year":"2016","journal-title":"Proceedings of the International Conference on Information Security and Cryptology"},{"key":"ref_21","unstructured":"Gollmann, D., and Freiling, F.C. (2012). On Optimal Bounds of Small Inverse Problems and Approximate GCD Problems with Higher Degree. Information Security. ISC 2012. Lecture Notes in Computer Science, Springer."},{"key":"ref_22","unstructured":"Pointcheval, D., and Vergnaud, D. (2014). New attacks on the RSA cryptosystem. AFRICACRYPT 2014, LNCS 8469, Springer."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"179200","DOI":"10.1007\/s00200-004-0164-6","article-title":"On the Security of RSA with Primes Sharing Least-Significant Bits","volume":"15","author":"Steinfeld","year":"2004","journal-title":"Appl. Algebra Eng. Commun. Comput."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/4\/44\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:11:43Z","timestamp":1760112703000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/4\/44"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,6]]},"references-count":23,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["cryptography8040044"],"URL":"https:\/\/doi.org\/10.3390\/cryptography8040044","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2024,10,6]]}}}