CryptoDB

Paper: Simple backdoors to RSA key generation

Authors: Claude Crépeau Alain Slakmon URL: http://eprint.iacr.org/2002/183 Search ePrint Search Google We present extremely simple ways of embedding a backdoor in the key generation scheme of RSA. Three of our schemes generate two genuinely random primes $p$ and $q$ of a given size, to obtain their public product $n=pq$. However they generate private/public exponents pairs $(d,e)$ in such a way that appears very random while allowing the author of the scheme to easily factor $n$ given only the public information $(n,e)$. Our last scheme, similar to the PAP method of Young and Yung, but more secure, works for any public exponent $e$ such as $3,17,65537$ by revealing the factorization of $n$ in its own representation. This suggests that nobody should rely on RSA key generation schemes provided by a third party.
BibTeX
@misc{eprint-2002-11706,
title={Simple backdoors to RSA key generation},
booktitle={IACR Eprint archive},
keywords={public-key cryptography /},
url={http://eprint.iacr.org/2002/183},
note={ crepeau@cs.mcgill.ca 12017 received 26 Nov 2002},
author={Claude Crépeau and Alain Slakmon},
year=2002
}