CryptoDB
Simple backdoors to RSA key generation
Authors: | |
---|---|
Download: | |
Abstract: | We present extremely simple ways of embedding a backdoor in the key generation scheme of RSA. Three of our schemes generate two genuinely random primes $p$ and $q$ of a given size, to obtain their public product $n=pq$. However they generate private/public exponents pairs $(d,e)$ in such a way that appears very random while allowing the author of the scheme to easily factor $n$ given only the public information $(n,e)$. Our last scheme, similar to the PAP method of Young and Yung, but more secure, works for any public exponent $e$ such as $3,17,65537$ by revealing the factorization of $n$ in its own representation. This suggests that nobody should rely on RSA key generation schemes provided by a third party. |
BibTeX
@misc{eprint-2002-11706, title={Simple backdoors to RSA key generation}, booktitle={IACR Eprint archive}, keywords={public-key cryptography /}, url={http://eprint.iacr.org/2002/183}, note={ crepeau@cs.mcgill.ca 12017 received 26 Nov 2002}, author={Claude Crépeau and Alain Slakmon}, year=2002 }