Improved Cryptanalysis of the Multi-Power RSA Cryptosystem Variant.

The multi-power RSA cryptosystem is a variant of RSA where the modulus is in the form N = p r q s with max ( r , s ) ≥ 2 . In the multi-power RSA variant, the decryption phase is much faster than the standard RSA. While RSA has been intensively studied, the security of the multi-power RSA variant needs to be deeply investigated. In this paper, we consider a multi-power RSA cryptosystem with a modulus N = p r q s , and propose a method to solve the modular polynomial equations of the form F ( x ) ≡ 0 mod W p u q v where F ( x ) is a polynomial with integer coefficients, W is a positive integer, and u , v are integers satisfying 0 ≤ u ≤ r , 0 ≤ v ≤ s , and s u - r v ≠ 0 . Our method is based on Coppersmith’s method and lattice reduction techniques. We show that the new results retrieve or supersede the former results. Moreover, we apply the new method to study various instances of the multi-power RSA cryptosystem, especially when the private exponent is small, when the prime factors have a specific form, and when the least significant or the most significant bits of the private exponent are known.