Revisiting Wiener's attack - New weak keys in RSA

In this paper we revisit, Wiener's method (IEFF-IT, 1990) of continued fraction (CF) to find new weaknesses in RSA. We consider RSA with N = pq; q < p < 2q; public encryption exponent c and private decryption exponent d. Our motivation is to find out when RSA is insecure given d. is O(n(delta)), where we are mostly interested in the range 0.3 <= delta <= 0.5. We use both the upper and lower bounds on phi(N) and then try to find out what are the cases when t/d is a convergent in the CF expression of e/N - 3/root 2 root N + 1. First. we show that the RSA keys are weak when d = N-delta and delta < 3/4 - gamma - tau, where 2q - p = N-gamma and tau is small value based on certain parameters. This presents additional results over the work of de Weger (AAECC 2002). Further we show that, the RSA keys are weak when d < 1/2 N-delta and e is O(N3/2-2 delta) for delta <= 1/2. Using similar idea we also present new results over the work of Blomer and May (PKC 2004).