Deterministic RSA key generation (D-RSA)
./install.sh
The generation of RSA key pairs traditionally involves random generation within the module's dimension. However, an alternative method involves deterministic key pair generation, where a fixed set of parameters consistently generates the same key pair. This deterministic approach ensures predictability in RSA key pair generation.
The rsagen tool developed in the scope of this project enables deterministic RSA key pair generation. 3 specific parameters are used to set up the generator: a password, a confusion string, and an iteration count. These ensure the setup of the randomness source used for the RSA key pair generation. Notably, it's crucial to ensure that the setup of a randomness source for the RSA key pair generator is time-consuming to enhance security.
The randgen tool evaluates the setup time of the pseudo-random generator mentioned above, focusing on different input parameters to determine their impact on the generation process.
We employ Argon2 for password-based key derivation. This cryptographic method was selected as the winner in the Password Hashing Competition of 2013, aimed at finding new recommended standards for password hash functions.
Argon2 stands out for its dual constraints: it is both compute-bound and memory-bound. This characteristic ensures that achieving an equivalent unlock time for users results in a significantly decelerated pace for password cracking attempts. Unlike PBKDF2, Argon2 restricts an attacker from running numerous instances concurrently on a GPU due to memory constraints. Consequently, achieving the same unlock duration for users implies that password cracking becomes exponentially slower compared to PBKDF2. This attribute aligns perfectly with the fundamental objective of this project.
In adherence to NIST standards for Cryptographically Secure Pseudo Random Number Generation (CSPRNG), our implementation aligns with a version of Hash_DRBG, as specified in NIST SP 800-90A.
This generator orchestrates the production of random bits by applying a hash function iteratively to an initial seed. The Hash_DRBG functions across three primary phases:
- Instantiate: This phase initializes the internal state of the DRBG by processing the initial seed and any optional additional inputs.
- Generate: Here, pseudo random bits are generated by iteratively applying the hash function to the current internal state. These bits are extracted and utilized as random output.
- Reseed: To uphold its security integrity, the DRBG requires periodic reseeding with fresh entropy. Reseeding involves introducing a new seed and optional additional inputs to update the DRBG's internal state. In our case, we cannot introduce entropy outside our control since the pseudo random generation needs to be deterministic, so we simply rely on reseeding the PRNG with the initial seed and an iterative counter.
We used NIST's recommendation for the hashing function within Hash_DRBG, SHA256, ensuring a robust cryptographic foundation.
The decision to utilize Hash_DRBG stemmed from its efficiency, reliance on hashing principles, and relative ease of implementation compared to other cryptographically secure pseudo-random number generators. This selection aligns with the objectives of ensuring both security and practicality within our cryptographic framework.
During the RSA Key generation phase, we replace the default pseudo random number generation function within the library with our customized pseudo random number generator, employing our specified seed after the several iterations through the
Subsequently, we facilitate the export of both the Private and Public keys in PEM format, allowing users to designate the desired file location for storage.