In order to allow for efficient use of extremely large moduli, Adi Shamir h
as proposed a variant of RSA in which one of the two prime factors is much
smaller than the other. This node points out that unless special precaution
s are taken, simple implementations of Shamir's idea are subject to protoco
l attacks that recover the secret keys. (C) 1998 Published by Elsevier Scie
nce B.V. All rights reserved.