A new attack to RSA with small private exponent and partial information. (opens in new tab)

We give a new algorithm to attack RSA with small private exponent, when some partial information of $p + q$ is given. The algorithm is a very simple modification of original Wiener’s attack with continued fractions, and allows us to factor $n$ whenever $d<n^{(1+\delta)/2}$ if we know a $δ$-fraction of the most significant bits of $n$. The algorithm is unconditional, which is not the case in previous improvements that use Coppersmith method. As a simple example, our algorithm can be applied to...