Abstract
We present extremely simple ways of embedding a backdoor in the key generation scheme of RSA. Three of our schemes generate two genuinely random primes p and q of a given size, to obtain their public product n = pq. However they generate private/public exponents pairs (d, e) in such a way that appears very random while allowing the author of the scheme to easily factor n given only the public information (n, e). Our last scheme, similar to the PAP method of Young and Yung, but more secure, works for any public exponent e such as 3, 17, 65537 by revealing the factorization of n in its own representation. This suggests that nobody should rely on RSA key generation schemes provided by a third party.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Boneh and G. Durfee, Cryptanalysis of RSA with private key d less than n 0.292, Information Theory, IEEE Transactions on, 46 (2000), pp. 1339–1349. 405
D. Boneh, G. Durfee, and Y. Frankel, An attack on RSA given a small fraction of the private key bits, in Advances in Cryptology-AsiaCrypt’ 98, K. Ohta and D. Pei, eds., Berlin, 1998, Springer-Verlag, pp. 25–34. Lecture Notes in Computer Science Volume 1514. 405
D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known, in Advances in Cryptology-EuroCrypt’ 96, U. Maurer, ed., Berlin, 1996, Springer-Verlag, pp. 178–189. Lecture Notes in Computer Science Volume 1070. 405, 412
C. Crépeau and S. Wong, The RSA hidden small exponent method, in http://crypto.cs.mcgill.ca/~crepeau/RSA, 2001. 411
B. DE Weger, Cryptanalysis of RSA with small prime difference, Applicable Algebra in Engineering, Communication and Computing, 13 (2002), pp. 17–28. 406
M. Joye, P. Paillier, and S. Vaudenay, Efficient generation of prime numbers, in CHES 2000, Ç. K. Koç and C. Paar, eds., Berlin, 2000, Springer-Verlag, pp. 340–354. Lecture Notes in Computer Science Volume 1965. 405, 415
A. K. Lenstra, Generating RSA moduli with a predetermined portion, in Advances in Cryptology-AsiaCrypt’ 98, K. Ohta and D. Pei, eds., Berlin, 1998, Springer-Verlag, pp. 1–10. Lecture Notes in Computer Science Volume 1514. 406, 415
G. L. Miller, Riemann’s hypothesis and tests for primality, J. Comput. System Sci., 13 (1976), pp. 300–317. 405
R. L. Rivest and A. Shamir, Efficient factoring based on partial information., in Advances in Cryptology-EuroCrypt’ 85, F. Pichler, ed., Berlin, 1985, Springer-Verlag, pp. 31–34. Lecture Notes in Computer Science Volume 219. 405
R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. ACM, 21 (1978), pp. 120–126. 405
A. Slakmon, Sur des méthodes et algorithmes de factorisation et leur application en cryptologie, Master’s thesis, Université de Montréal, dépt. IRO, 2000. 406
S. Vaudenay, Private e-mail communication., 2 may 2001. 411
M. Wiener, Cryptanalysis of short RSA secret exponents, Information Theory, IEEE Transactions on, 36 (1990), pp. 553–558. 405
A. Young and M. Yung, The dark side of “black-box” cryptography, or: Should we trust Capstone?, in Advances in Cryptology-Crypto’ 96, N. Koblitz, ed., Berlin, 1996, Springer-Verlag, pp. 89–103. Lecture Notes in Computer Science Volume 1109. 406, 412, 413
—,Kleptography: Using cryptography against cryptography, in Advances in Cryptology-EuroCrypt’ 97, W. Fumy, ed., Berlin, 1997, Springer-Verlag, pp. 62–74. Lecture Notes in Computer Science Volume 1233. 406
—,The prevalence of kleptographic attacks on discrete-log based cryptosystems, in Advances in Cryptology-Crypto’ 97, B. Kaliski, ed., Berlin, 1997, Springer-Verlag, pp. 264–276. Lecture Notes in Computer Science Volume 1294. 406
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crépeau, C., Slakmon, A. (2003). Simple Backdoors for RSA Key Generation. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_28
Download citation
DOI: https://doi.org/10.1007/3-540-36563-X_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00847-7
Online ISBN: 978-3-540-36563-1
eBook Packages: Springer Book Archive