Advances in Cryptology -- Proceedings of ASIACRYPT '98
(October 18--22, 1998, Beijing, P.R. China),
K. Ohta and D. Pei (Eds.),
vol. 1514 of
Lecture Notes in Computer Science,
Springer-Verlag
Pages 372--379.
Abstract:
At Crypto '95,
Béguin and Quisquater proposed an efficient server-aided RSA protocol which
was resistant against all known passive and active attacks. We present a very
effective lattice-based passive attack against this protocol. An
implementation is able to recover the secret factorization of an RSA-512 or
RSA-768 key in less than 5 minutes, once the card has produced about 50
signatures.