Recovering Private Keys Generated with Weak PRNGsReport as inadecuate




Recovering Private Keys Generated with Weak PRNGs - Download this document for free, or read online. Document in PDF available to download.

1 UR1 - Université de Rennes 1 2 IUF - Institut Universitaire de France 3 NTT Secure Platform Laboratories Tokyo 4 CELTIQUE - Software certification with semantic analysis Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL

Abstract : Suppose that the private key of discrete logarithm-based or factoring-based public-key primitive is obtained by concatenating the outputs of a linear congruential generator. How seriously is the scheme weakened as a result? While linear congruential generators are cryptographically very weak -pseudorandom- number generators, the answer to that question is not immediately obvious, since an adversary in such a setting does not get to examine the outputs of the congruential generator directly, but can only obtain an implicit hint about them—namely the public key. In this paper, we take a closer look at that problem, and show that, in most cases, an attack does exist to retrieve the key much faster than with a naive exhaustive search on the seed of the generator.





Author: Pierre-Alain Fouque - Mehdi Tibouchi - Jean-Christophe Zapalowicz -

Source: https://hal.archives-ouvertes.fr/



DOWNLOAD PDF




Related documents