Abstract
We report that Pretty Good Privacy (PGP) generates weak RSA-moduli which is vulnerable against P + l-factoring attack, because PGP's algorithm for generating prime numbers is designed only to produce a large prime number P so that P - 1 has a large prime factor. We count the number of weak keys in PGP via experimental computation with theoretical consideration. Our obtained results show that bad primes are generated in PGP and induced weak keys can be easily breakable via P + 1-factoring method. For example, in the case of RSA-key with 512-bit, we could attack
-
1.
0.3% users' systems with only 15 hours single PC-computation (very weak keys!!),
-
2.
2% users' systems with 50 days single PC-computation (weak keys!).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
D.Akins, M.Graff, A.K.Lenstra, and P.C.Leyland, “The magic words are squeamish ossifrage,” Lecture Notes in Computer Science 917, pp.263–277, 1995. (Advances in Cryptology — ASIACRYPT'94)
B.Dixon, A.K.Lenstra, “Massively parallel elliptic curve factoring” Lecture Notes in Computer Science 658, pp.183–193, 1993. (Advances in Cryptology — EUROCRYPT'92)
S.Garfinkel, “PGP:Pretty Good Privacy” O'Reilly & Associates, Inc., 1995.
J.Gordon, “Strong Primes are Easy to Find” Lecture Notes in Computer Science 208, pp.216–223, 1985. (Advances in Cryptology — EUROCRYPT'84)
J.Gordon, “Strong RSA keys” Electronics Letters, vol.20, No.12, pp.514–516, 1984.
“Intel Microprocessor Quick Reference Guide”, http://www.intel.com/pressroom/
D.E.Knuth and L.Trabb-Pardo, “Analysis of simple factorization algorithm,” TCS, Vol.3 (1976), pp.321–348
U.M.Maurer, “Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Prameters” J.Cryptology, vol.8, pp.123–155, 1995.
“Downloading PGP”, http://www.ifi.uio.no/pgp/
“PGP ATTACKS”, http://axion.physics.ubc.ca/pgp-attack.html
J.M.Pollard, “Theorems on Factorization and Primality Testing” Proc. Cambr. Philos. Soc, vol.76, pp.521–528, 1974.
J.M.Pollard, “Monte Carlo Methods for Factorization” BIT, vol.15, pp.331–334, 1975.
H.Riesel, “Prime Numbers and Computer Methods for Factorization” Birkhauser, 1994.
R.L.Rivest, A.Shamir, L.Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystem” Comm. ACM, vol.21, pp.120–126, 1978.
G.J.Simmons and M.J.Norris, “Preliminary comments on the M.I.T. public-key cryptosystem,” Cryptologia, 1 (1997), 406–414
J.S.Taylor, “Generating strong primes” Electronics Letters, vol.22, No.16, pp.875–877, 1986.
H.C.Williams, “A p+1 Method of Factoring” Mathematics of Computation, vol.39, No.159, pp.225–234, Jul. 1982.
A.Young,M.Yung, “The Dark Side of “Black-Box” Cryptography or: Should We Trust Capstone?” Lecture Notes in Computer Science 1109, pp.91–103,1996. (Advances in Cryptology — CRYPTO'96)
P.R.Zimmermann, “PGP Source Code and Internals” MIT Press, 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Sakai, Y., Sakurai, K., Ishizukal, H. (1997). On weak RSA-keys produced from pretty good privacy. In: Han, Y., Okamoto, T., Qing, S. (eds) Information and Communications Security. ICICS 1997. Lecture Notes in Computer Science, vol 1334. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028487
Download citation
DOI: https://doi.org/10.1007/BFb0028487
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63696-0
Online ISBN: 978-3-540-69628-5
eBook Packages: Springer Book Archive