Is there a way to modify an existing RSA key pair so that the functionality remains?

Felix

8/13/23, 6:51 AM

I have an existing RSA key pair, how to 'derive' a different key pair based on the existing one so that the encryption decryption functionality remains but the original key isn't interchangeable with the 'modified'/'derived' key?

0 + 0

rsa

encryption

pki

fgrieu

8/13/23, 7:07 AM

By _"the encryption decryption functionality remains"_ do you mean that we can decrypt with the new private key what was encrypted with the old public key? Or that we can decrypt with the new private key what was encrypted with the new public key? In the later case, what's wrong with generating a new key pair from scratch, and perhaps certifying the new public key with RSA signature using the old private key?

Felix

8/13/23, 9:16 AM

"we can decrypt with the new private key what was encrypted with the new public key" for instance if i don't have a good entropy source or computational ability

poncho

8/13/23, 1:12 PM

If you have enough computational ability to find new primes, it's easy (feed the private key into a drbg as a seed, and use that to search for the new primes). If you don't, well, you're pretty much stuck with the modulus you already have, and that (as fgrieu notes) doesn't give you PFS.

Score:0

Crypto

fgrieu

8/13/23, 9:36 AM

One method that does what's asked is to turn the public key $(n,e)$ into $(n,e')$ with $e'=e^2$, and the private key $(n,e,d,p,q,d_p,d_q,q_\text{inv})$ to $(n,e',d',p,q,d_p',d_q',q_\text{inv})$ [or $(n,d)$ to $(n,d')$ ] with $d'=d^2$ or $d'=d^2\bmod\operatorname{lcm}(p-1,q-1)$, $d_p'=d_p^2\bmod(p-1)$, and $d_q'=d_q^2\bmod(q-1)$.

This is not recommendable. In particular, should the old private key leak (including in the future), so does the new one. And encryption requires nearly twice as much time. Also, there are strange properties (like double textbook RSA encryption/decryption with the old key pair is equivalent to textbook RSA encryption/decryption with the new one).

Instead, the recommendable procedure is to generate a new key pair from scratch, and use the original key to sign (a certificate of) the new public key.

0 + 0

Maeher

8/13/23, 10:08 AM

Or use something based on dlog, where such derivations are usually possible and result in uniformly distributed keys.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is there a way to modify an existing RSA key pair so that the functionality remains?

TH: มีวิธีแก้ไขคู่คีย์ RSA ที่มีอยู่เพื่อให้ฟังก์ชันการทำงานยังคงอยู่หรือไม่?

RO: Există o modalitate de a modifica o pereche de chei RSA existentă, astfel încât funcționalitatea să rămână?

RU: Есть ли способ изменить существующую пару ключей RSA, чтобы сохранить функциональность?

VI: Có cách nào để sửa đổi cặp khóa RSA hiện có để giữ nguyên chức năng không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.