A pseudo-random bit generator based on elliptic logarithms
Proceedings on Advances in cryptology---CRYPTO '86
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Data Structures and Algorithms
Data Structures and Algorithms
The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Memory Efficient Version of Satoh's Algorithm
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Riemann's hypothesis and tests for primality
Journal of Computer and System Sciences
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Improved techniques for fast exponentiation
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Simple backdoors for RSA key generation
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
A space efficient backdoor in RSA and its applications
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Fast computation of canonical lifts of elliptic curves and its application to point counting
Finite Fields and Their Applications
| Hi-index | 0.00 |
We present a fast algorithm for finding pairs of backdoor RSA primes (p,q) given a security parameter. Such pairs posses an asymmetric backdoorthat gives the designer the exclusive ability to factor n= pq, even when the key generation algorithm is public. Our algorithm uses a pair of twisted curves over GF(2257) and we present the first incremental search method to generate such primes. The search causes the $\frac{1}{2}$log(n)+O(log(log(n))) least significant bits of nto be modified during key generation after pis selected and before qis determined. However, we show that this is tolerable by using point compression and ECDH. We also present the first rigorous experimental benchmarks of an RSA asymmetric backdoor and show that our OpenSSL-based implementation outperforms OpenSSL RSA key generation. Our application is highly efficient key recovery. Of independent interest, we motivate the need to find large binary twists. We present the twist we generated and how we found it.