Analyzing Keyserver Data

Hanno Böck
https://hboeck.de/

Keyservers

Lots of keys, lots of signatures, long timeframe

Keys: ~5M DSA, ~3M RSA; Signatures: ~8M DSA, ~6M RSA

Big Data!

Analyzing

Parse data, put it into database (Python).

What to do?

We have lots of data.

Look for potential flaws.

Even if they are rare they may show up.

DSA duplicate k

DSA needs unique "k" value.

If you ever use the same k twice you leak your key.

Result: 1 breakable key (primefactors.com, commercial PGP solution).

RSA-CRT

Common optimization for RSA signatures, split exponentiation with p/q.

If one exponentiation goes wrong (software bug, hardware failure) you leak the key.

Result: 1 breakable key (with defect sig), unclear origin.

Shared factor, Batch-GCD

Two keys with N1=p1*q, N2=p2*q

Done before by Lenstra, Heninger.

Some broken keys and fun keys, 2 legit keys broken.

2 keys broken

Probably CryptoEx, Glück & Kanja.

Does anyone have this software?

Ideas welcome

Are there other things that we can do with this data?

Thanks for listening

Code: https://github.com/hannob/pgpecosystem

Paper: https://eprint.iacr.org/2015/262