Public Keys

  • Arjen K. Lenstra
  • James P. Hughes
  • Maxime Augier
  • Joppe W. Bos
  • Thorsten Kleinjung
  • Christophe Wachter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7417)


We performed a sanity check of public keys collected on the web and found that the vast majority works as intended. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that this is not always the case, resulting in public keys that offer no security. Our conclusion is that generating secure public keys in the real world is challenging. We did not study usage of public keys.


Sanity check public keys (batch) factoring discrete logarithm Euclidean algorithm seeding random number generators 


  1. 1.
    Cavallar, S., Dodson, B., Lenstra, A.K., Lioen, W., Montgomery, P.L., Murphy, B., te Riele, H., Aardal, K., Gilchrist, J., Guillerm, G., Leyland, P., Marchand, J., Morain, F., Muffett, A., Putnam, C., Putnam, C., Zimmermann, P.: Factorization of a 512-Bit RSA Modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1–18. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Certicom Research. Standards for efficient cryptography 2: Recommended elliptic curve domain parameters. Standard SEC2, Certicom (2000)Google Scholar
  3. 3.
    Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (2008)Google Scholar
  4. 4.
    Coppersmith, D.: Modifications to the number field sieve. Journal of Cryptology 6(3), 169–180 (1993)Google Scholar
  5. 5.
    Darkmirage. PS3 completely cracked (2011),
  6. 6.
    Desmedt, Y., Landrock, P., Lenstra, A.K., McCurley, K.S., Odlyzko, A.M., Rueppel, R.A., Smid, M.E.: The Eurocrypt’92 Controversial Issue: Trapdoor Primes and Moduli. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 194–199. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  7. 7.
    Electronic Frontier Foundation. EFF SSL Observatory (2010),
  8. 8.
    El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  9. 9.
    Free Software Foundation, Inc. GMP: The GNU Multiple Precision Arithmetic Library (2011),
  10. 10.
    Heninger, N.: New research: There’s no need to panic over factorable keys–just mind your Ps and Qs (2012),
  11. 11.
    Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, pp. 427–444. ACM (2011)Google Scholar
  12. 12.
    Johnson, D.B.: ECC, future resiliency and high security systems. Certicom Whitepaper (1999),
  13. 13.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Lenstra, A.K.: Generating RSA Moduli with a Predetermined Portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. Cryptology ePrint Archive, Report 2012/064 (2012),
  16. 16.
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Berlin (1993)Google Scholar
  17. 17.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126(3), 649–673 (1987)Google Scholar
  18. 18.
    Lochter, M., Merkle, J.: Elliptic curve cryptography (ECC) brainpool standard curves and curve generation. RFC 5639 (2010)Google Scholar
  19. 19.
    Loebenberger, D., Nüsken, M.: Analyzing Standards for RSA Integers. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 260–277. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Moore, H.D.: Debian OpenSSL Predictable PRNG Toys (2008),
  21. 21.
    Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. Journal of Cryptology 15(3), 151–176 (2002)Google Scholar
  22. 22.
    Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Design, Codes Cryptography 30(2), 201–217 (2003)Google Scholar
  23. 23.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)Google Scholar
  24. 24.
  25. 25.
    U.S. Department of Commerce/National Institute of Standards and Technology. Digital Signature Standard (DSS). FIPS-186-3 (2009),
  26. 26.
    Vratonjic, N., Freudiger, J., Bindschaedler, V., Hubaux, J.-P.: The inconvenient truth about web certificates. In: The Workshop on Economics of Information Security, WEIS (2011)Google Scholar
  27. 27.
    Wiener, M.J.: Personal communication (1992)Google Scholar
  28. 28.
    Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 debian OpenSSL vulnerability. In: Feldmann, A., Mathy, L. (eds.) Internet Measurement Conference, pp. 15–27. ACM (2009)Google Scholar
  29. 29.
    Zimmermann, P., et al.: GMP-ECM (elliptic curve method for integer factorization) (2012),

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  • Arjen K. Lenstra
    • 1
  • James P. Hughes
    • 2
  • Maxime Augier
    • 1
  • Joppe W. Bos
    • 1
  • Thorsten Kleinjung
    • 1
  • Christophe Wachter
    • 1
  1. 1.EPFL IC LACALLausanneSwitzerland
  2. 2.SelfPalo AltoUSA

Personalised recommendations