Published: 1998-09-30

Remarks to short RSA public exponents

Otokar Grošek , Karol Nemoga , Ladislav Satko

Abstract

In this paper we discuss pertinent questions closely related to well known RSA cryptosystem [5]. From practical point of view it is reasonable to use as a public exponent an integer s = 2k+1, i.e., so called short exponent, with the lowest possible binary weight. The most common are for k = 1 and k = 24, the two Fermat primes. In this paper we prove two theorems which give a percentage of acceptable public exponents s = 2k+1, 1 ≤ k ≤ 1023 to two randomly selected primes of 512 bits each. In fact, our results are valid for arbitrary set of exponents s. We also present results of our experiments. In our simulation, for all such acceptable public exponents, the corresponding secret exponent t had a weight within the range of 451-567. Thus, although it is recommended in [8] not to use short public exponents, by our observation to use the attack based on continuos fractions is infeasible.

Download files

Citation rules

Grošek, O., Nemoga, K., & Satko, L. (1998). Remarks to short RSA public exponents. Annales Mathematicae Silesianae, 12, 65–74. Retrieved from https://journals.us.edu.pl/index.php/AMSIL/article/view/14164
Domyślna okładka

Vol. 12 (1998)
Published: 1998-09-30


ISSN: 0860-2107
eISSN: 2391-4238
Ikona DOI 10.1515/amsil

Publisher
University of Silesia Press

This website uses cookies for proper operation, in order to use the portal fully you must accept cookies.