Study Highlights Ongoing RSA Prime Selection Weaknesses in Deployed Systems

Global: Study Highlights Ongoing RSA Prime Selection Weaknesses in Deployed Systems

Researchers Murtaza Nikzad and Kerem Atas released a study on Dec. 27, 2025, that examines how improper prime selection compromises RSA encryption in real-world deployments. The paper documents two primary attack vectors—Fermat’s factorization and greatest‑common‑divisor (GCD) exploitation—and outlines mitigation measures.

Attack Vectors Identified

The authors describe how RSA keys generated with primes that are unusually close together become vulnerable to Fermat’s factorization, a method that can recover the private key with modest computational effort. They also detail GCD attacks, which succeed when two distinct keys share a single prime factor, allowing an adversary to compute the private keys of both parties.

Evidence From Prior Research

Building on the 2016 “Mining Your Ps and Qs” study by Heninger et al., which uncovered more than 64,000 TLS hosts with weak RSA keys, the new analysis confirms that similar weaknesses persist in contemporary systems. A 2023 investigation by Bök demonstrated that Fermat‑based attacks remain feasible against deployed hardware.

Root Causes in Embedded Devices

Both authors attribute the continued exposure primarily to insufficient entropy sources in embedded devices. Limited hardware random number generators often produce predictable or correlated prime candidates, increasing the likelihood of close‑prime or shared‑prime scenarios.

Proposed Mitigations

The study recommends several practical steps: integrating hardware‑based entropy collectors, performing post‑generation prime validation checks for proximity and uniqueness, and adopting standardized key‑generation libraries that enforce robust randomness requirements.

Implications for the Security Community

According to the authors, the findings underscore the need for ongoing audits of cryptographic implementations, especially in Internet‑of‑Things (IoT) ecosystems where resource constraints can compromise randomness. They suggest that regulators and standards bodies consider updating guidelines to reflect these persistent risks.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.