On February 14th, 2012, Lenstra et al. published on the Cryptology ePrint Archive an extended abstract of a study assessing computational and randomness properties of millions of actual public keys collected from a wide variety of sources on the web. They found out that many thousands of 1024-bit RSA moduli still in use offer no security, since they share a prime factor with at least one other RSA key, easily yielding to a factorization using the Euclidean GCD Algorithm. El-Gamal, DSA and ECDSA keys are also studied. According to the authors, the fact many public keys are shared among unrelated parties might be explained by an inappropriate choice of the seeds (with low entropy) of the pseudorandom number generators used to generate the prime factors of RSA, regardless the sizes of the keys. Some particular clusters of moduli (sharing factors) are quite stupefying and difficult to explain. In particular, there exist a subset of 36 moduli corresponding to the set yielded by all the pairwise product of 9 specific primes.
Finally, they observe a 99.8% security at best for real-world 1024-bit RSA (representing 75% of the collected RSA keys). However, as the body of keys grows, so does the percentage of affected keys. Thus, the simple step of abandoning 1024-bit keys for 2048-bit ones (as recommended by the NIST since 2011) is susceptible to lead to a comparable proportion of unsecured keys. These results are definitively an interesting warning for both users and cryptographic developers of the importance of high entropy seeds for pseudorandom number generators used in real world.
An article entitled “Higher-Order Masking Schemes for S-boxes” written by Matthieu Rivain (CryptoExperts) together with Claude Carlet (Paris 8 University), Louis Goubin (Versailles University), Emmanuel Prouff (Oberthur Technologies) and Michael Quisquater (Versailles University) has been accepted for presentation at the 19th International Workshop on Fast Software Encryption (FSE 2012) and publication in the conference proceedings. The conference will take place in Washington DC (USA) from March 19th to 21th.
Matthieu Rivain (CryptoExperts) will be part of the program committee of the 2012 edition of Cryptographic Hardware and Embedded Systems (CHES), which is the main international workshop in the fields of cryptographic implementations and embedded systems security. CHES is sponsored by the International Association for Cryptologic Research (IACR) and it has been held annually since 1999 in various locations in United States, Europe and Asia. This year, CHES will take place in Leuven (Belgium) from the 9th until the 12th of September 2012, and it will be organized by the COSIC research group of the Katholieke Universiteit Leuven.
The article “Partial key exposure on RSA with private exponents larger than N” written by Tancrède Lepoint (CryptoExperts), together with Marc Joye (Technicolor), will be published in 8th International Conference on Information Security Practice and Experience (ISPEC 2012), Hangzhou, China, April 9-12, 2012.
Following his recent graduation from the Université Joseph Fourier, Tancrède Lepoint, MSc in Computer Science, today joins CryptoExperts to carry out a PhD thesis on lattice-based cryptography. Tancrède’s research works are advised by Prof. D. Pointcheval (Cascade team, Ecole Normale Supérieure).
Tancrède Lepoint’s web page.
Following the 2011 Call for Proposals INS, the French National Research Agency (ANR) approves 3 new research initiatives submitted by CryptoExperts and its technology partners. The upcoming projects, KISS, Lyrics and Bloc, will respectively implement the notion of Smart Cloud in mass storage smartcards, achieve user-privacy in contactless mobile services and conceive provably secure lightweight symmetric encryption for low-cost devices for a total investment of €8.37 Million. CryptoExperts is proud to welcome Atos Worldline, INRIA, Liris, ANSSI, Irisa, Modyco and Orange Labs in its network of research partners.