Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2003: Topics in Cryptology — CT-RSA 2003 pp 403–416Cite as

Simple Backdoors for RSA Key Generation

Part of the Lecture Notes in Computer Science book series (LNCS,volume 2612)

Abstract

We present extremely simple ways of embedding a backdoor in the key generation scheme of RSA. Three of our schemes generate two genuinely random primes p and q of a given size, to obtain their public product n = pq. However they generate private/public exponents pairs (d, e) in such a way that appears very random while allowing the author of the scheme to easily factor n given only the public information (n, e). Our last scheme, similar to the PAP method of Young and Yung, but more secure, works for any public exponent e such as 3, 17, 65537 by revealing the factorization of n in its own representation. This suggests that nobody should rely on RSA key generation schemes provided by a third party.

Keywords

  • Digital Signature Scheme
  • Public Exponent
  • Original Loop
  • Time Poly
  • Subliminal Channel

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Boneh and G. Durfee, Cryptanalysis of RSA with private key d less than n 0.292, Information Theory, IEEE Transactions on, 46 (2000), pp. 1339–1349. 405

    CrossRef  MATH  MathSciNet  Google Scholar 

  2. D. Boneh, G. Durfee, and Y. Frankel, An attack on RSA given a small fraction of the private key bits, in Advances in Cryptology-AsiaCrypt’ 98, K. Ohta and D. Pei, eds., Berlin, 1998, Springer-Verlag, pp. 25–34. Lecture Notes in Computer Science Volume 1514. 405

    CrossRef  Google Scholar 

  3. D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known, in Advances in Cryptology-EuroCrypt’ 96, U. Maurer, ed., Berlin, 1996, Springer-Verlag, pp. 178–189. Lecture Notes in Computer Science Volume 1070. 405, 412

    Google Scholar 

  4. C. Crépeau and S. Wong, The RSA hidden small exponent method, in http://crypto.cs.mcgill.ca/~crepeau/RSA, 2001. 411

  5. B. DE Weger, Cryptanalysis of RSA with small prime difference, Applicable Algebra in Engineering, Communication and Computing, 13 (2002), pp. 17–28. 406

    CrossRef  MATH  MathSciNet  Google Scholar 

  6. M. Joye, P. Paillier, and S. Vaudenay, Efficient generation of prime numbers, in CHES 2000, Ç. K. Koç and C. Paar, eds., Berlin, 2000, Springer-Verlag, pp. 340–354. Lecture Notes in Computer Science Volume 1965. 405, 415

    Google Scholar 

  7. A. K. Lenstra, Generating RSA moduli with a predetermined portion, in Advances in Cryptology-AsiaCrypt’ 98, K. Ohta and D. Pei, eds., Berlin, 1998, Springer-Verlag, pp. 1–10. Lecture Notes in Computer Science Volume 1514. 406, 415

    CrossRef  Google Scholar 

  8. G. L. Miller, Riemann’s hypothesis and tests for primality, J. Comput. System Sci., 13 (1976), pp. 300–317. 405

    MATH  MathSciNet  Google Scholar 

  9. R. L. Rivest and A. Shamir, Efficient factoring based on partial information., in Advances in Cryptology-EuroCrypt’ 85, F. Pichler, ed., Berlin, 1985, Springer-Verlag, pp. 31–34. Lecture Notes in Computer Science Volume 219. 405

    CrossRef  Google Scholar 

  10. R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. ACM, 21 (1978), pp. 120–126. 405

    CrossRef  MATH  MathSciNet  Google Scholar 

  11. A. Slakmon, Sur des méthodes et algorithmes de factorisation et leur application en cryptologie, Master’s thesis, Université de Montréal, dépt. IRO, 2000. 406

    Google Scholar 

  12. S. Vaudenay, Private e-mail communication., 2 may 2001. 411

    Google Scholar 

  13. M. Wiener, Cryptanalysis of short RSA secret exponents, Information Theory, IEEE Transactions on, 36 (1990), pp. 553–558. 405

    CrossRef  MATH  MathSciNet  Google Scholar 

  14. A. Young and M. Yung, The dark side of “black-box” cryptography, or: Should we trust Capstone?, in Advances in Cryptology-Crypto’ 96, N. Koblitz, ed., Berlin, 1996, Springer-Verlag, pp. 89–103. Lecture Notes in Computer Science Volume 1109. 406, 412, 413

    CrossRef  Google Scholar 

  15. —,Kleptography: Using cryptography against cryptography, in Advances in Cryptology-EuroCrypt’ 97, W. Fumy, ed., Berlin, 1997, Springer-Verlag, pp. 62–74. Lecture Notes in Computer Science Volume 1233. 406

    Google Scholar 

  16. —,The prevalence of kleptographic attacks on discrete-log based cryptosystems, in Advances in Cryptology-Crypto’ 97, B. Kaliski, ed., Berlin, 1997, Springer-Verlag, pp. 264–276. Lecture Notes in Computer Science Volume 1294. 406

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, McGill University, 3480 rue University, room 318, McConnell Eng. Bldg, H3A 2A7, Montréal (Québec), Canada

    Claude Crépeau

  2. Département de mathématiques, Collège de Bois-de-Boulogne, 10555 avenue de Bois-de-Boulogne, H4N 1L4, Montréal (Québec), Canada

    Alain Slakmon

Authors
  1. Claude Crépeau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alain Slakmon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Gemplus, Card Security Group, La Vigie, Avenue du Jujubier, ZI Athélia IV, 13705, La Ciotat Cedex, France

    Marc Joye

Rights and permissions

Reprints and Permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Crépeau, C., Slakmon, A. (2003). Simple Backdoors for RSA Key Generation. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_28

Download citation

  • DOI: https://doi.org/10.1007/3-540-36563-X_28

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00847-7

  • Online ISBN: 978-3-540-36563-1

  • eBook Packages: Springer Book Archive

search

Navigation