An Intel hardware based digital random number technology could mitigate recent RSA security flaw

Mathematicians from Europe and the United States are reporting a flaw in the RSA encryption method that apparently hinges on crypto keys being created with insufficient randomness. You can read more about this story in a NY Times article by John Markoff entitled, “Flaw Found in an Online Encryption Method” and in an IEEE article by Sam Moore entitled, “RSA Flaw Found”. The researchers submitted their work for publication at a cryptography conference to be held this coming August, but decided to make their research known last Tuesday because they think the issue is an immediate concern to the crypto community and web server operators. A smallish number (27,000) of cases of flawed crypto keys was discovered out of seven or so million crypto keys tested.

The central issue in the flaw is that secret prime numbers generated to create the crypto keys must be generated randomly. The findings indicate that in some cases the prime numbers were not generated in a random enough way, which lead to crypto keys having prime factors in common.

According to Intel’s Greg Taylor, and George Cox (see Behind Intel's New Random-Number Generator), researchers have managed to devise pseudo, random-number generators that are considered cryptographically secure. But you must still start them off using a special seed value; otherwise, they'll always generate the same list of numbers. And for that seed, you really want something that's impossible to predict.

Enter Intel’s digital random number technology, code named Bull Mountain. Bull Mountain is a hardware based digital random number generator which will be released this year when the processor, code named “Ivy Bridge” is launched. Bull Mountain allows digital random numbers to be generated at near clock cycle speeds and with a very high degree of randomness or “entropy” as the crypto folks say it. Using such highly random seeds in the cryptographically secure pseudo random-number generators could help allay the concerns raised by this new research into the RSA flaws.

For more information, you can download the Intel® Bull Mountain Software Implementation Guide and code samples here.

For more complete information about compiler optimizations, see our Optimization Notice.

Comments

's picture

Robert:

Just to clarify, there is no security flaw in the RSA algorithm as your headline suggests. The RSA algorithm has withstood such scrutiny for decades from multiple sources. But good cryptography, including RSA’s, depends on proper implementation. True random number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care to protect against the weakening of well-designed cryptography. This new technology can certainly foster the ability to have better random number generation, but only if any given implementation makes use of it.

Our analysis of the data points to the need for better care in implementation, generally tied to embedded devices. There is no fundamental flaw in the algorithm itself, and we urge all cryptography users to ensure good implementation and best practices are followed.

Feel free to contact me if you have any more questions.

Branden Williams
RSA