This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
public:papers:secrypt2019 [2019-08-08 11:09] – [I want to break square-free: The 4p-1 factorization method and its RSA backdoor viability [SeCrypt 2019]] x408178 | public:papers:secrypt2019 [2019-08-08 11:28] – x408178 |
---|
<button type="warning" icon="fa fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/public/papers/2019-secrypt-sedlacek.pdf|Pre-print PDF]]</button> | <button type="warning" icon="fa fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/public/papers/2019-secrypt-sedlacek.pdf|Pre-print PDF]]</button> |
| |
/* | <button type="warning" icon="fa fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/public/papers/2019-secrypt-sedlacek-presentation.pdf|Presentation]]</button> |
<popover trigger="focus" title="Not yet available" content="Paper PDF will be added in February 2018."> | |
<button type="warning" icon="fa fa-file-pdf-o">Pre-print PDF</button> | |
</popover> | |
*/ | |
| |
<button collapse="bibtex" icon="fa fa-file-code-o">BiBTeX</button> | <button collapse="bibtex" icon="fa fa-file-code-o">BiBTeX</button> |
| |
**Abstract:** | **Abstract:** |
| |
In this paper, we analyze Cheng's $4p-1$ factorization method as the means of a potential backdoor for the RSA primes generated inside black-box devices like cryptographic smartcards, and we devise three detection methods for such a backdoor. We also audit 44 millions of RSA keypairs generated by 18 different types of cryptographic devices. Finally, we offer an improved, simplified and asymptotically deterministic version of the method, together with a deeper analysis of its performance and we publish a Sage implementation (we are currently not aware of any other public implementation). | In this paper, we analyze Cheng's $4p-1$ factorization method as the means of a potential backdoor for the RSA primes generated inside black-box devices like cryptographic smartcards, and we devise three detection methods for such a backdoor. We also audit 44 millions of RSA keypairs generated by 18 different types of cryptographic devices. Finally, we offer an improved, simplified and asymptotically deterministic version of the method, together with a deeper analysis of its performance and we publish a Sage implementation (we are currently not aware of any other public implementation). |
===== Key insights ===== | ===== Key insights ===== |