The Secure Generation of RSA Moduli Using Poor RNG

نویسنده

  • George B. Purdy
چکیده

We discuss a procedure, which should be called Lenstra's fix, for producing secure RSA moduli even when the random number generation is very poor. RSA is uniquely vulnerable to low entropy random number generation. If n = pq and n' = pq' are two (public) moduli, then the computation gcd(n,n') = p factors both moduli and totally compromises the security of both systems. Following a suggestion of A. K. Lenstra and his coauthors in [1] we present an algorithm for generating p and q that avoids this attack without changing the method of random number generation. If the probability is P that in the world two random primes p and p' are generated the same, then the probability that n = n' will only be P 2. It is much more likely that p = p' and q  q', in which case gcd(n,n') = p factors n and n' The damage done when n = n' is incomparably less. The owners of n and n' can access each other's accounts, but they are safe from attacks by others. Moreover, this is the same risk that any other cryptosystems face. The proposal is to generate p randomly and then choose q = f(p,k), where f(p,k) is the function f(p,k) = 1 + [2 2k /p]. Here [x] denotes the integer part of x. For example, [3.14] = 3.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

RSA Threshold Cryptography

In this project, a new threshold signing scheme for RSA has been proposed. The scheme does not require a trusted third party and no secure information is leaked throughout the protocol. The time and storage complexity of the protocol is linear in the number of parties and no restriction is placed on the RSA moduli. Combined with the n-out-of-n key generation protocol of Boneh and Franklin, one ...

متن کامل

Generating RSA Moduli with a Predetermined Portion

This paper reviews and generalizes a method to generate RSAmoduli with a predetermined portion. The potential advantages of the resultingmethods are discussed: both the storage and the computational requirements ofthe RSA cryptosystem can be considerably reduced. The constructions are as ef-ficient as generation of regular RSA moduli, and the resulting moduli do notseem to o...

متن کامل

Twin RSA

We introduce Twin RSA, pairs of RSA moduli (n, n + 2), and formulate several questions related to it. Our main questions are: is Twin RSA secure, and what is it good for?

متن کامل

ABCRNG - Swarm Intelligence in Public key Cryptography for Random Number Generation

Cryptography is an important tool for protecting and securing data. In public key cryptography, the key generation plays a vital role for strengthening the security. The random numbers are the seed values in key generation process in many of the public key cryptography algorithms, such as Elgamal, Rivest_Shamir_Adleman (RSA) algorithm etc. Much effort is dedicated to develop efficient Random Nu...

متن کامل

Compact floating-gate true random number generator

Introduction: Random number generation is indispensable in cryptography, scientific computing and stochastic computing. In cryptography, the quality of randomness of the generator is critical for security [1]. The pseudo-RNG generates sequences using a deterministic algorithm, so the sequence inevitably repeats and becomes predictable. A true RNG is nondeterministic and unpredictable, often rel...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • CoRR

دوره abs/1202.4366  شماره 

صفحات  -

تاریخ انتشار 2012