News

Colloquia

An Elliptic Curve Asymmetric Backdoor in RSA Key Generation

Adam Young
Cryptovirology Labs

Wednesday, April 25, 2007

This talk will cover the elliptic curve asymmetric backdoor in RSA key generation that we presented at the Selected Areas in Cryptography conference in 2005. Indistinguishability of the backdoor key pair with respect to "normal" RSA key pairs holds in the random oracle model under the ECDDH assumption. Point compression is used to achieve a space-efficient backdoor and a pair of twisted elliptic curves over GF(2^m) is used to achieve the computational indistinguishability property. The talk will conclude with a demonstration of the backdoor that has not been presented before. We chose OpenSSL as our testbed. This is a FIPS 140 level 1 approved cryptographic library. The experimental results show that the running time of backdoor RSA key generation is very close to the running time of "normal" RSA key generation.

Joint work with Moti Yung from RSA Labs/Columbia University

Hosted by: Bulent Yener (x6907)
Administrative support: Chris Coonrad (x8412)