3DS System Flaws: Difference between revisions

Line 91:

However, when setting a keyslot's modulus, the RSA hardware leaves the exponent alone. This allows retrieving the exponent by doing a discrete logarithm of the output.

By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [~~//en.~~wikipedia~~.org/wiki/~~Pohlig~~%E2%80%93Hellman_algorithm~~ Pohlig-Hellman algorithm]. If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.

By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [[wikipedia:Pohlig-Hellman algorithm|Pohlig-Hellman algorithm]]. If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.

This exploit's usefulness is limited: these four keyslots' values are only used in current firmware for deriving the 6.x save and 7.x NCCH keys, which were already known. Additionally, with a boot ROM dump, this exploit is moot; these private keys are located in the protected ARM9 boot ROM.

@@ Line 91: / Line 91: @@
 However, when setting a keyslot's modulus, the RSA hardware leaves the exponent alone.  This allows retrieving the exponent by doing a discrete logarithm of the output.
-By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [//en.wikipedia.org/wiki/Pohlig%E2%80%93Hellman_algorithm Pohlig-Hellman algorithm].  If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.
+By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [[wikipedia:Pohlig-Hellman algorithm|Pohlig-Hellman algorithm]].  If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.
 This exploit's usefulness is limited: these four keyslots' values are only used in current firmware for deriving the 6.x save and 7.x NCCH keys, which were already known.  Additionally, with a boot ROM dump, this exploit is moot; these private keys are located in the protected ARM9 boot ROM.