Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:papers:privrsa_esorics20 [2020-10-05 12:11] – [Further research] xjanovskpublic:papers:privrsa_esorics20 [2022-10-12 08:51] (current) xsvenda
Line 1: Line 1:
-====== Biased RSA private keys: Origin attribution of GCD-factorable keys [Esorics 2020]  ======+====== Biased RSA private keys: Origin attribution of GCD-factorable keys [ESORICS 2020]  ======
 ~~NOTOC~~ ~~NOTOC~~
  
Line 46: Line 46:
 </panel> </panel>
  
-===== Further research ===== 
  
 +===== Artifacts, tools... =====
 +{{fa>database}}\_//// [[https://owncloud.cesnet.cz/index.php/s/Ihhw3BKKzKTaxB9|Dataset of all collected RSA keys (39GB)]]
 +
 +===== Further research =====
 This research is related to our previous papers: This research is related to our previous papers:
  
Line 55: Line 58:
  
 [[http://crcs.cz/rsa|The Million-Key Question – Investigating the Origins of RSA Public Keys (USENIX 2016)]] [[http://crcs.cz/rsa|The Million-Key Question – Investigating the Origins of RSA Public Keys (USENIX 2016)]]
 +
 +===== Key points =====
 +
 +  * We investigated the properties of keys as generated by 70 cryptographic libraries, identified biased features in the primes produced, andcompared three models based on Bayes classifiers for the private key attribution.
 +  * The information available in private keys significantly increases the classification performance compared to the result achieved on public keys. Our worke nables to distinguish 26 groups of sources (compared to 13 on public keys) while increasing the accuracy more than twice w.r.t. random guessing.
 +  * Finally, we designed a method usable also for a dataset of keys where one prime is significantly correlated. Such primes are found in GCD-factorable TLS keys  where one prime was generated with  insufficient randomness. As a result, we can identify libraries responsible for the production of these GCD-factorable keys, showing that only three groups are a relevant source of such keys.
  
 ===== Summary video ====== ===== Summary video ======
  
 {{ youtube>CXCkdmFUGwU?900x520 | Biased RSA private keys}} {{ youtube>CXCkdmFUGwU?900x520 | Biased RSA private keys}}