A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
A pseudo-random bit generator based on elliptic logarithms
Proceedings on Advances in cryptology---CRYPTO '86
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Abuses in Cryptography and How to Fight Them
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A World Wide Number Field Sieve Factoring Record: On to 512 Bits
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Generating RSA Moduli with a Predetermined Portion
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Kleptography: using cryptography against cryptography
Kleptography: using cryptography against cryptography
Guide to Elliptic Curve Cryptography
Guide to Elliptic Curve Cryptography
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Simple backdoors for RSA key generation
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Kleptographic attacks on a cascade of mix servers
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A Timing-Resistant Elliptic Curve Backdoor in RSA
Information Security and Cryptology
An elliptic curve backdoor algorithm for RSASSA
IH'06 Proceedings of the 8th international conference on Information hiding
Space-efficient kleptography without random oracles
IH'07 Proceedings of the 9th international conference on Information hiding
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Kleptography from standard assumptions and applications
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Two-Head dragon protocol: preventing cloning of signature keys
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
| Hi-index | 0.00 |
In this paper we present an RSA backdoor that, for example, can be used for a hardware-based RSA key recovery system. The system is robust in the sense that a successful reverse-engineer is not able to obtain previous nor future RSA private keys that have been/will be generated within the key generation device. The construction employs the notion of two elliptic curves in which one is the “twist” of the other. We present a proof in the random oracle model that the generated RSA key pairs that are produced by the cryptographic black-box are computationally indistinguishable (under ECDDH) from “normal” RSA key pairs, thus ensuring the integrity of the outputs. Furthermore, the security level of the key recovery mechanism is nearly identical to that of the key pair being generated. Thus, the solution provides an “equitable” level of security for the end user. This solution also gives a number of new kleptographic applications.