Simple Backdoors on RSA Modulus by Using RSA Vulnerability

Hung-Min SUN  Mu-En WU  Cheng-Ta YANG  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E92-A   No.9   pp.2326-2332
Publication Date: 2009/09/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E92.A.2326
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Cryptography and Information Security
cryptography,  RSA,  backdoor,  lattice reduction technique,  exhaustive search,  

Full Text: PDF(175.6KB)>>
Buy this Article

This investigation proposes two methods for embedding backdoors in the RSA modulus N=pq rather than in the public exponent e. This strategy not only permits manufacturers to embed backdoors in an RSA system, but also allows users to choose any desired public exponent, such as e=216+1, to ensure efficient encryption. This work utilizes lattice attack and exhaustive attack to embed backdoors in two proposed methods, called RSASBLT and RSASBES, respectively. Both approaches involve straightforward steps, making their running time roughly the same as that of normal RSA key-generation time, implying that no one can detect the backdoor by observing time imparity.