Abstract
In this paper, we propose two new attacks on RSA with modulus N = p2q using continued fractions. Our first attack is based on the RSA key equation ed – ϕ(N)k = 1 where ϕ(N) = p(p – 1)(q – 1). Assuming that and , we show that can be recovered among the convergents of the continued fraction expansion of . Our second attack is based on the equation eX – (N – (ap2 + bq2)) Y = Z where a,b are positive integers satisfying gcd(a,b) = 1, |ap2 – bq2| < N1/2 and ap2 + bq2 = N2/3+α with 0 < α < 1/3. Given the conditions , we show that one can factor N = p2q in polynomial time.
Export citation and abstract BibTeX RIS
Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.