JOURNAL ARTICLE

Incorrectly Generated RSA Keys: How I Learned To Stop Worrying And Recover Lost Plaintexts.

  • Published In: Computer Journal, 2023, v. 66, n. 6. P. 1342 1 of 3

  • Database: Academic Search Ultimate 2 of 3

  • Authored By: Shumow, Daniel 3 of 3

Abstract

This article focuses on the problem of recovering plaintexts encrypted with incorrectly generated RSA keys, specifically when the public exponent \( e \) is not relatively prime to \(\varphi(N) = (p-1)(q-1)\), causing the decryption exponent to be undefined. Such incorrectly generated keys, which occurred due to a software bug in a prerelease version of Windows 10, result in ciphertexts that cannot be decrypted by standard means. The paper analyzes the mathematical structure underlying this failure and presents an \( O(e) \)-time algorithm to recover a small set of candidate plaintexts, leveraging the knowledge of the prime factors \( p \) and \( q \) and the properties of common RSA padding schemes—PKCS1 v1.5 and Optimal Asymmetric Encryption Padding (OAEP)—to narrow down or uniquely identify the original plaintext. The work includes a practical Python implementation of the recovery algorithm and discusses implications for cryptographic testing, emphasizing the importance of thorough validation in randomized cryptographic functions to prevent rare but impactful bugs.

Additional Information

  • Source:Computer Journal. 2023/06, Vol. 66, Issue 6, p1342
  • Document Type:Article
  • Subject Area:Computer Science
  • Publication Date:2023
  • ISSN:0010-4620
  • DOI:10.1093/comjnl/bxac199
  • Accession Number:164417645
  • Copyright Statement:Copyright of Computer Journal is the property of Oxford University Press / USA and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Looking to go deeper into this topic? Look for more articles on EBSCOhost.