Lots of keys, lots of signatures, long timeframe
Keys: ~5M DSA, ~3M RSA; Signatures: ~8M DSA, ~6M RSA
Parse data, put it into database (Python).
We have lots of data.
Look for potential flaws.
Even if they are rare they may show up.
DSA needs unique "k" value.
If you ever use the same k twice you leak your key.
Result: 1 breakable key (primefactors.com, commercial PGP solution).
Common optimization for RSA signatures, split exponentiation with p/q.
If one exponentiation goes wrong (software bug, hardware failure) you leak the key.
Result: 1 breakable key (with defect sig), unclear origin.
Two keys with N1=p1*q, N2=p2*q
Done before by Lenstra, Heninger.
Some broken keys and fun keys, 2 legit keys broken.
Probably CryptoEx, Glück & Kanja.
Does anyone have this software?
Are there other things that we can do with this data?