Be the first to like this
Various studies have been conducted to assess the state of the current public key infrastruc-
ture, with a focus on X.509 certicates (cf. ). Key generation standards for RSA (cf. )
have been analysed and found to be satisfactory in . In  and  (and the references
therein) several problems have been identied that are mostly related to the way certicates
are used. In this paper we complement previous studies by concentrating on computational
and randomness properties of actual public keys, issues that are usually taken for granted.
Compared to the collection of certicates considered in , where shared RSA moduli are
\not very frequent", we found a much higher fraction of duplicates. More worrisome is that
among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, 12720
have a single large prime factor in common. That this happens may be crypto-folklore, but it
was new to us (but see ), and it does not seem to be a disappearing trend: in our current
collection3 of 11.4 million RSA moduli 26965 are vulnerable, including ten 2048-bit ones.
When exploited, it could aect the expectation of security that the public key infrastructure
is intended to achieve.