# #StackBounty: #rsa Security of RSA variants with \$e=n-2\$ and \$e=n\$

### Bounty: 500

RSA as defined by PKCS#1v2.2 allows public exponent $$e=n-2$$. And textbook RSA was born with $$e=n$$ (see second bullet here).

Are these variants essentially as secure as (textbook) RSA with fixed $$e$$? With random $$e$$? Can we reduce the security of one to the security of the other, or of another variant of RSA?

Note: as in RSA with fixed $$e$$, we choose $$p$$ and $$q$$ large random distinct secret primes. And further:

• for $$e=n-2$$, it must hold $$gcd[q-2,p-1]=1$$ and $$gcd[p-2,q-1]=1$$ ;
• for $$e=n$$, if must hold $$min(p,q)$$ does not divide $$max(p,q)-1$$.

Get this bounty!!!

This site uses Akismet to reduce spam. Learn how your comment data is processed.