Factoring RSA keys from certified smart cards: Coppersmith in the wild

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8270 LNCS, Issue PART 2, 2013, Pages 341-360

  Bernstein, Daniel J ^a,b   Chang, Yun An ^c   Cheng, Chen Mou ^c   Chou, Li Ping ^d   Heninger, Nadia ^e   Lange, Tanja ^b   Van Someren, Nicko ^f  

^a 1120 Science and Engineering Offices   (United States)

^b EINDHOVEN UNIVERSITY OF TECHNOLOGY   (Netherlands)

^c RESEARCH CENTER FOR INFORMATION TECHNOLOGY INNOVATION   (Taiwan)

^d CHINESE CULTURE UNIVERSITY   (Taiwan)

^e UNIVERSITY OF PENNSYLVANIA   (United States)

^f Good Technology Inc   (United States)

Author keywords

Coppersmith; factorization; lattices; RSA; smart cards

Indexed keywords

COPPERSMITH; CRYPTOGRAPHIC KEY; DIGITAL CERTIFICATES; FIPS 140-2; LEVEL 2; RSA;

CRYPTOGRAPHY; CRYSTAL LATTICES; NUMBER THEORY; SECURITY OF DATA; SMART CARDS;

FACTORIZATION;

EID: 84892388375     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-42045-0_18     Document Type: Conference Paper

References (24)

1. ANSI. ANSI X9.31:1998: Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA). American National Standards Institute (1998)
2. Bernstein, D.J.: How to find the smooth parts of integers (May 2004), http://cr.yp.to/papers.html#smoothparts
3. 0.292. In: Stern, J. (ed.) EUROCRYPT. LNCS, vol. 1592, pp. 1-11. Springer (1999)
4. Cadé, D., Pujol, X., Stehlé, D.: fpLLL (2013), http://perso.ens-lyon.fr/damien.stehle/fplll/
5. Ltd. Chunghwa Telecom Co. Hicos pki smart card security policy (2006), http://www.cryptsoft.com/fips140/vendors/140sp614.pdf
6. Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT. LNCS, vol. 1070, pp. 178-189. Springer (1996)
7. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233-260 (1997)
8. Decker, W., Greuel, G.-M., Pfister, G., Schönemann, H.: Singular 3-1-6 - A computer algebra system for polynomial computations (2012), http://www.singular.uni-kl.de
9. Faugère, J.-C., Marinier, R., Renault, G.: Implicit factoring with shared most significant and middle bits. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography. LNCS, vol. 6056, pp. 70-87. Springer (2010)
10. Bundesamt für Sicherheit in der Informationstechnik. Certification report BSI-DSZ-CC-0212-2004 for Renesas AE45C1 (HD65145C1) smartcard integrated circuit version 01 (2004), https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ Zertifizierung/Reporte02/0212a-pdf.pdf?-blob=publicationFile
11. Bundesamt für Sicherheit in der Informationstechnik. Evaluation of random number generators (2013), https://www.bsi.bund.de/SharedDocs/Downloads/ EN/BSI/Zertifierung/Interpretation/Evaluation-of-random number-generators.pdf?- blob=publicationFile and https://www.bsi.bund.de/DE/Themen/ ZertifizierungundAnerkennung
12. Granville, A.: Harald Cramér and the distribution of prime numbers. Scand. Actuarial J. 1995(1), 12-28 (1995)
13. Heninger, N., Durumeric, Z., Wustrow, E., Alex Halderman, J.: Mining your Ps and Qs: Detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Security Symposium (August 2012)
14. Heninger, N., Shacham, H.: Reconstructing rsa private keys from random key bits. In: Halevi, S. (ed.) CRYPTO. LNCS, vol. 5677, pp. 1-17. Springer (2009)
15. Herrmann, M., May, A.: Solving linear equations modulo divisors: On factoring given any bits. In: Pieprzyk, J. (ed.) ASIACRYPT. LNCS, vol. 5350, pp. 406-424. Springer (2008)
16. Howgrave-Graham, N.: Approximate integer common divisors. In: Silverman, J.H. (ed.) CaLC. LNCS, vol. 2146, pp. 51-66. Springer (2001)
17. Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO. LNCS, vol. 7417, pp. 626-642. Springer (2012)
18. Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515-534 (1982)
19. May, A., Ritzenhofen, M.: Implicit factoring: On polynomial time factoring given only an implicit hint. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography. LNCS, vol. 5443, pp. 1-14. Springer (2009)
20. MOICA. Safety questions (2013), http://moica.nat.gov.tw/html/en-T2/faq22- 066-090.htm
21. National Institute of Standards and Technology (NIST). Security requirements for cryptographic modules. Federal Information Processing Standards Publication (FIPS PUB) 140-2 (May 2001), http://csrc.nist.gov/publications/ fips/fips140-2/fips1402.pdf (updated December 03, 2012), See http://csrc.nist.gov/publications/nistpubs/800-29/sp800-29.pdf for differences between this and FIPS-140-1
22. National Institute of Standards and Technology (NIST). Recommendation for random number generation using deterministic random bit generators. NIST Special Publication (NIST SP) 800-90A (January 2012)
23. Paterson, K.G., Polychroniadou, A., Sibborn, D.L.: A coding-theoretic approach to recovering noisy RSA keys. In: Wang, X., Sako, K. (eds.) ASIACRYPT. LNCS, vol. 7658, pp. 386-403. Springer (2012)
24. Stein, W.A., et al.: Sage Mathematics Software (Version 5.8). The Sage Development Team (2013), http://www.sagemath.org