Analyzing Standards for RSA Integers

  • Daniel Loebenberger
  • Michael Nüsken
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6737)


The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSIX9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a “secure” RSA modulus it does not matter how exactly one generates RSA integers. In this work we show that this is indeed the case to a large extend: First, we give a theoretical framework that will enable us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define (up to an error of very small order) and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.


RSA integer output entropy reduction. ANSI X9.44 FIPS 186-3 IEEE 1363-2000 ISO/IEC 18033-2 NESSIE PKCS#1 


  1. 1.
    Accredited Standards Committee X9, ANSI X9.44-2007: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry: Transport of Symmetric Algorithm Keys Using RSA. Technical report, American National Standards Institute, American Bankers Association (2007)Google Scholar
  2. 2.
    Brandt, J., Damgård, I.B.: On generation of probable primes by incremental search. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 358–370. Springer, Heidelberg (1992), CrossRefGoogle Scholar
  3. 3.
    Cocks, C.C.: A note on ’non-secret encryption’. CESG Memo (1973) (last download May 12, 2009)
  4. 4.
    Cox, M.J., Engelschall, R., Henson, S., Laurie, B.: OpenSSL 0.9.8j. Open source implementation (2009), Refer to, (last download April 21, 2009)
  5. 5.
    Decker, A., Moree, P.: Counting RSA-integers. Results in Mathematics 52, 35–39 (2008), MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Ellis, J.H.: The possibility of secure non-secret digital encryption (1970), (last download May 12, 2009)
  7. 7.
    Free Software Foundation, GNU Crypto. Open source implementation (2009), Refer to gnu-crypto-2.0.1.tar.bz2 (last download April 21, 2009)
  8. 8.
    Goldreich, O.: Foundations of Cryptography: Basic Tools, vol. 1. Cambridge University Press, Cambridge (2001) ISBN 0-521-79172-3CrossRefzbMATHGoogle Scholar
  9. 9.
    IEEE working group 2000. IEEE 1363-2000: Standard Specifications For Public Key Cryptography. IEEE standard, IEEE, New York, NY 10017,
  10. 10.
    Information Technology Laboratory, FIPS 186-3: Digital Signature Standard (DSS). Technical report, National Institute of Standards and Technology (2009)Google Scholar
  11. 11.
    International Organization for Standards, ISO/IEC 18033-2, Encryption algorithms — Part 2: Asymmetric ciphers. Technical report, International Organization for Standards (2006)Google Scholar
  12. 12.
    Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 (2003), RFC 3447
  13. 13.
    Joye, M., Paillier, P.: Fast generation of prime numbers on portable devices: An update. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 160–173. Springer, Heidelberg (2006) ISBN 978-3-540-46559-1. ISSN 0302-9743, CrossRefGoogle Scholar
  14. 14.
    Knuth, D.E.: The Art of Computer Programming, Seminumerical Algorithms, 3rd edn., vol. 2. Addison-Wesley, Reading (1998) ISBN 0-201-89684-2, 1st edn. (1969)zbMATHGoogle Scholar
  15. 15.
    Loebenberger, D., Nüsken, M.: Coarse-grained integers. e-print arXiv:1003.2165v1 (2010),
  16. 16.
    Loebenberger, D., Nüsken, M.: Analyzing standards for RSA integers – extended version. e-print arXiv:1104.4356v2 (2011),
  17. 17.
    Maurer, U.M.: Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters. Journal of Cryptology 8(3), 123–155 (1995), MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    NESSIE working group, NESSIE D20 - NESSIE security report. Technical report, NESSIE (2003)Google Scholar
  19. 19.
    von Neumann, J.: Various techniques used in connection with random digits. Monte Carlo methods. National Bureau of Standards, Applied Mathematics Series, vol. 12, pp. 36–38 (1951)Google Scholar
  20. 20.
    de Raadt, T., Provos, N., Friedl, M., Beck, B., Campbell, A., Song, D.: OpenSSH 2.1.1. Open source implementation (2009),, Refer to openssh-2.1.1p4.tar.gz (last download April 21,2009)
  21. 21.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Technical Report MIT/LCS/TM-82, Massachusetts Institute of Technology, Laboratory for Computer Science, Cambridge, Massachusetts (1977)Google Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    RSA Laboratories :RSAES-OAEP Encryption Scheme. Algorithm specification and supporting documentation, RSA Security Inc., Bedford, MA 01730 USA (2000),
  24. 24.
    Skala, M., Roth, M., Hernaeus, N., Guyomarch, R., Koch, W.: GnuPG. Open source implementation (2009), Refer to gnupg-2.0.9.tar.bz2 (last download April 21, 2009)
  25. 25.
    Wohlmacher, P.: Bekanntmachung zur elektronischen Signatur nach dem Signaturgesetz und der Signaturverordnung (Übersicht über geeignete Algorithmen). Bundesanzeiger 13, 346–350 (2009), Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Daniel Loebenberger
    • 1
  • Michael Nüsken
    • 1
  1. 1.b-it, University of BonnGermany

Personalised recommendations