[Resource Topic] 2001/013: Digitally Watermarking RSA Moduli

Welcome to the resource topic for 2001/013

Digitally Watermarking RSA Moduli

Authors: Anna M. Johnston


The moduli used in RSA (see \cite{rsa}) can be generated by many different sources.
The generator of that modulus knows its factorization.
They have the ability to forge signatures or break any system based on this moduli.
If a moduli and the RSA parameters associated with it were generated by a reputable source,
the system would have higher value than if the parameters were generated by an unknown entity.
An RSA modulus is digitally marked, or digitally trade marked, if the generator and other
identifying features of the modulus can be identified and possibly verified by the modulus itself.
The basic concept of digitally marking an RSA modulus would be to fix the upper bits of the
modulus to this tag.
Thus anyone who sees the public modulus can tell who generated the modulus and who the generator
believes the intended user/owner of the modulus is.

Two types of trade marking will be described here.
The first is simpler but does not give verifiable trade marking.
The second is more complex, but allows for verifiable trade marking of RSA moduli.

The second part of this paper describes how to generate an RSA modulus with fixed upper bits.

ePrint: https://eprint.iacr.org/2001/013

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .