Recovering Private Keys Generated with Weak PRNGs

Abstract : Suppose that the private key of discrete logarithm-based or factoring-based public-key primitive is obtained by concatenating the outputs of a linear congruential generator. How seriously is the scheme weakened as a result? While linear congruential generators are cryptographically very weak "pseudorandom" number generators, the answer to that question is not immediately obvious, since an adversary in such a setting does not get to examine the outputs of the congruential generator directly, but can only obtain an implicit hint about them—namely the public key. In this paper, we take a closer look at that problem, and show that, in most cases, an attack does exist to retrieve the key much faster than with a naive exhaustive search on the seed of the generator.
Type de document :
Communication dans un congrès
Cryptography and Coding - 14th International Conference, Dec 2013, Oxford, United Kingdom. Springer, LNCS 8308, pp.158 - 172, 2013, IMACC 2013. 〈10.1007/978-3-642-45239-0_10〉
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01094296
Contributeur : Pierre-Alain Fouque <>
Soumis le : vendredi 12 décembre 2014 - 09:20:46
Dernière modification le : mercredi 16 mai 2018 - 11:23:29
Document(s) archivé(s) le : vendredi 13 mars 2015 - 10:20:50

Fichier

FTZ13.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Pierre-Alain Fouque, Mehdi Tibouchi, Jean-Christophe Zapalowicz. Recovering Private Keys Generated with Weak PRNGs. Cryptography and Coding - 14th International Conference, Dec 2013, Oxford, United Kingdom. Springer, LNCS 8308, pp.158 - 172, 2013, IMACC 2013. 〈10.1007/978-3-642-45239-0_10〉. 〈hal-01094296〉

Partager

Métriques

Consultations de la notice

277

Téléchargements de fichiers

316