Information on software update of RSA key generation function
Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration algorithms for prime number finding, which are common practice today for RSA key generation.
In this context, the team informed Infineon upfront, in the scope of responsible disclosure that selected Infineon products can be affected under a specific combination of preconditions: First, the acceleration algorithm must be used. Second, cryptographic keys have to be generated on a card or token, which uses this algorithm. This function is seldom used, but important. Products that can be affected are typically the TPM (Trusted Platform Modules), e.g. used in professional notebooks, and smart cards for signature applications with self-generated keys. The chip hardware (symmetric and asymmetric co-processors) is not affected.
Infineon immediately informed its related customers and offered mitigation paths. In parallel, the affected software function was updated in close co-operation with the research team, customers and the German certification body.