Information Hiding in the RSA Modulus

Wüller, Stefan; Kühnel, Marián; Meyer, Ulrike

doi:10.1145/2909827.2930804

Cited by 4 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2016, W üller, K ühnel, and Meyer [37] proposed an RSA backdoor called PHP, for "Prime Hiding Prime", in which the information required to factor N is hidden in N itself. The idea is to select a prime p such that q = (p e • p −1 ) mod N is a prime, where (N , e ) is the RSA public key of the designer.…”

Section: Asymmetric Backdoorsmentioning

confidence: 99%

See 1 more Smart Citation

A New Idea for RSA Backdoors

Cesati

2023

Cryptography

View full text Add to dashboard Cite

This article proposes a new method to inject backdoors in RSA (the public-key cryptosystem invented by Rivest, Shamir, and Adleman) and other cryptographic primitives based on the integer factorization problem for balanced semi-primes. The method relies on mathematical congruences among the factors of the semi-primes based on a large prime number, which acts as a “designer key” or “escrow key”. In particular, two different backdoors are proposed, one targeting a single semi-prime and the other one a pair of semi-primes. This article also describes the results of tests performed on a SageMath implementation of the backdoors.

show abstract

Section: Asymmetric Backdoorsmentioning

confidence: 99%

“…An improvement of PHP, called PHP', is also described in [37]: here, q = (s e • p −1 ) mod N , where s is the concatenation of n/4 random bits and p n/4 . Half of the bits of p are enough to recover the factorization of N thanks to the Coppersmith's attack.…”

Section: Asymmetric Backdoorsmentioning

confidence: 99%

A New Idea for RSA Backdoors

Cesati

2023

Cryptography

View full text Add to dashboard Cite

show abstract

“…In 2016, Wüller, Kühnel, and Meyer [34] proposed a RSA backdoor called PHP, for "Prime Hiding Prime", in which the information required to factor N is hidden in N itself. The idea is to select a prime p such that q = (p e • p −1 ) mod N is a prime, where (N , e ) is the RSA public key of the designer.…”

Section: Asymmetric Backdoorsmentioning

confidence: 99%

“…The idea is to select a prime p such that q = (p e • p −1 ) mod N is a prime, where (N , e ) is the RSA public key of the designer. To factor N = pq, the actor computes N d ≡ N (p • p e • p −1 ) d ≡ N p. An improvement of PHP, called PHP', is also described in [34]: here q = (s e • p −1 ) mod N , where s is the concatenation of n/4 random bits and p n/4 . Half of the bits of p are enough to recover the factorization of N thanks to the Coppersmith's attack.…”

Section: Asymmetric Backdoorsmentioning

confidence: 99%

A new idea for RSA backdoors

Cesati¹

2022

Preprint

View full text Add to dashboard Cite

This article proposes a new method to inject backdoors in RSA and other cryptographic primitives based on the Integer Factorization problem for balanced semi-primes. The method relies on mathematical congruences among the factors of the semi-primes modulo a large prime number, which acts as a "designer key" or "escrow key". In particular, two different backdoors are proposed, one targeting a single semi-prime and the other one a pair of semi-primes. The article also describes the results of tests performed on a SageMath implementation of the backdoors.

show abstract