@misc{17220, keywords = {RSA, X.509 certificates, factoring}, author = {H{\r a}vard Raddum and Henry V{\r a}ge}, title = {Factoring RSA Keys Found in Certificate Transparency Logs}, abstract = {TLS is the most important protocol for securing web communication today. Authenticating servers on the internet relies on PKI, and the number of public key certificates issued yearly by certificate authorities (CA) are now in the billions. Most of the public keys attested by these certificates are 2048-bit RSA keys. The security of RSA is based on the hardness of factoring N = pq where N is public and p and q are two secret big primes. With so many keys generated for certificates each year it is important that all CAs use cryptographically strong random number generators when selecting their prime numbers. If the same prime is used in two different RSA keys it is easy to factor both by computing their greatest common divisor (GCD). Experiments on computing the GCDs of all pairs from a large set of RSA keys have been done before. In 2012, two teams of researchers independently harvested approximately 6 million certificates with RSA keys each, and ran GCD on all pairs. One finding was that around 0.5\% of the RSA keys could be factored this way, mostly due to faulty random number generators. The same experiment was repeated in 2016, this time collecting 81 million keys. The result was that 0.4\% of the RSA keys could be factored via GCD. Finally, in 2019 approximately 75 million certificates with RSA keys were collected from the internet and almost 0.6\% of them were factored by taking GCD of all pairs. According to the authors this is due to IoT devices with poor random generators. The authors compare this to a set of 100 million RSA keys collected from the Certificate Transparency (CT) logs, where they could only factor 5 keys. We have redone the GCD factoring experiment using 159 million certificates from the CT log Argon from 2021, and report on our findings. To our knowledge, this is the largest experiment of this type done so far.}, year = {2023}, journal = {Linz, Austria}, }