Abstract RSA is a well known standard algorithm used by modern computers to encrypt and decrypt messages. In some applications, to save the decryption time, it is desirable to have a short secret key d compared to the modulus N. The first significant attack that breaks RSA with short secret key given by Wiener in 1990 is based on the continued fraction technique and it works with d 1 18 4 N . 25 . A decade later, in 2000, Boneh and Durfee presented an improved attack based on lattice technique which works with d d t ( 2 2 + 8 / 3 ) N . 75 / e , where e is the public exponent and t is a chosen parameter, our attack can break the RSA with the running time of O(tlog (N)). Our attack is especially well suited for the case where e is much smaller than N. When e ≈ N, the Boneh–Durfee attack outperforms ours. As a result, we could simultaneously run both attacks, our new attack and the classical Boneh–Durfee attack as a backup.

中文翻译：

---

分割和捕获：加密标准算法 RSA 的改进密码分析

摘要 RSA 是现代计算机用来加密和解密消息的众所周知的标准算法。在一些应用中，为了节省解密时间，需要有一个与模数 N 相比的短密钥 d。 1990 年 Wiener 给出的第一个使用短密钥破解 RSA 的重大攻击是基于连分数技术和它适用于 d 1 18 4 N 。25 . 十年后的 2000 年，Boneh 和 Durfee 提出了一种基于点阵技术的改进攻击，该攻击与 ddt (2 2 + 8 / 3 ) N 一起使用。75 / e ，其中 e 是公共指数，t 是选定参数，我们的攻击可以用 O(tlog (N)) 的运行时间破坏 RSA。我们的攻击特别适合 e 远小于 N 的情况。当 e ≈ N 时，Boneh-Durfee 攻击优于我们的攻击。因此，