This paper discusses the security provided by the RSA encryption system. An analysis of the difficulty degree is realized, in order to deduce the decryption exponent d (using only the public components m and e).
The main result of this paper is: if n is a security parameter, e is a sufficiently large encryption RSA exponent, p and q are two n-bit numbers chosen uniformly and randomly from a sufficiently large set of primes, and m=pq is the RSA modulus, then the decryption exponent d defined by ed=1 (mod phi(m)) is uniformly distributed modulo phi(m).
This uniformity of the distribution result implies that sufficiently long strings of the most and the least significant bits of d (vulnerable to attacks developed by Boneh, Durfee, and Frankel) behave as random binary vectors. This work continues a previously published paper by Shparlinski on a similar topic [1].