Journal "Software Engineering"
a journal on theoretical and applied science and technology
ISSN 2220-3397

Issue N3 2026 year

DOI: 10.17587/prin.17.155-165
Potential Vulnerabilities in Software Implementations of Asymmetric Ciphers
E. A. Ishchukova, Cand. Sc. (Eng.), Leading Researcher, jekky82@mail.ru, Scientific Center for Information Technologies and Artificial Intelligence, Sirius University of Science and Technology, Sirius Federal Territory, 354340, Russian Federation
Corresponding author: Evgeniya A. Ishchukova, Cand. Sc. (Eng.), Leading Researcher, Scientific Center for Information Technologies and Artificial Intelligence, Sirius University of Science and Technology, Sirius Federal Territory, 354340, Russian Federation, E-mail: jekky82@mail.ru
Received on August 05, 2025
Accepted on October 30, 2025

The aim of the work is to check the correctness of the software implementations of the asymmetric RSA and ECDSA algorithms as part of cryptographic libraries with open source code. And also to form a list of checks for the parameters of the RSA and ECDSA algorithms, the implementation of which will allow obtaining correct software implementations. The RSA encryption algorithm is based on modular arithmetic and works with large numbers in finite fields. The complexity of the algorithm is based on the complexity of the factorization problem, that is, the com­plexity of decomposing a number into prime factors. The ECDSA algorithm is a digital signature algorithm based on the use of elliptic curves. The ECDSA algorithm is based on the mathematics of cyclic groups of elliptic curves over finite fields. The main advantage of the ECDSA algorithm is the use of numbers several times smaller than in RSA, while maintaining approximately the same margin of reliability. Particular emphasis is placed on the description of the mathematical subtleties of the algorithms under consideration, which should be taken into account in the form of checks of the parameters used when performing software implementations, such as: the quality and dimension of the prime numbers used, the correct choice of initial parameters, the correct implementation of the operations performed, and others. A number of cryptographic libraries with open source code for various programming languages are con­sidered. It is shown that from the list of libraries considered, only the cpenssl library meets all security requirements. The recommendations presented in the article will be useful both for those developers who choose a cryptographic library for their implementation, and for those who want to implement the RSA and ECDSA encryption algorithms themselves.

Keywords: cryptography, cipher, private key, public key, library, vulnerability, ECDSA, RSA
pp. 155—165
For citation:
Ishchukova E. A. Potential Vulnerabilities in Software Implementations of Asymmetric Ciphers, Programmnaya Ingeneria, 2026, vol. 17, no. 3, pp. 155—165. DOI: 10.17587/prin.17.155-165 (in Russian).
The results were obtained with the financial support of the project "Technologies for countering previously unknown quantum cyber threats", implemented within the framework of the state program of the "Sirius"" Federal Territory "Scientific and technological development of the "Sirius"" Federal Territory (Agreement No. 23-03 dated September 27, 2024).
References:
  1. Zotov Ya. A. Issues of development of the system of automatic implementation of software for technical complexes of automated process control systems, Programmnaya ingeneria, 2025, vol. 16, no. 3, pp. 122—133. DOI: 10.17587/prin.16.122-133 (in Russian).
  2. Rivest R., Shamir A., Adleman L. A Method for Obtaining digital signatures and public-key cryptosystems, Communication of the ACM, 1978, vol. 21, pp. 120—126. DOI: 10.1145/359340.359342.
  3. Huang H., Zheng J., Chen Z. et al. Review of Modular Multiplication Algorithms over Prime Fields for Public-Key Cryptosystems, Cryptography, 2025, vol. 9, no. 2, article 46. DOI: 10.3390/cryptography9020046.
  4. Bibilo P. N. Synthesis of Modular Multiplier Circuits, Programmnaya ingeneria, 2023, vol. 14, no. 8, pp. 377—387. DOI: 10.17587/prin.14.377-387 (in Russian).
  5. Mfungo D., Fu X. Fractal-Based Hybrid Cryptosystem: Enhancing Image Encryption with RSA, Homomorphic Encryption, and Chaotic Maps, Entropy, 2023, vol. 25, no. 11, article 1478. DOI: 10.3390/e25111478.
  6. Gusak E. V. Experience of implementing electronic signature in business-critical systems, Tendencii razvitija nauki i obrazovanija, 2022, no. 82-2, pp. 14—17. DOI: 10.18411/trnio-02-2022-37 (in Russian).
  7. Rahmani M., Nitaj A., Tadmori A. et al. An Improved Attack on the RSA Variant Based on Cubic Pell Equation, Cryptography, 2025, vol. 9, no. 2, article 40. DOI: 10.3390/cryptogra-phy9020040.
  8. Feng Y., Nitaj A., Pan Y. Partial prime factor exposure attacks on some RSA variants, Theoretical Computer Science, 2024, vol. 999. DOI: 10.1016/j.tcs.2024.114549.
  9. Teseleanu G. Partial Exposure Attacks Against a Family of RSA-like Cryptosystems, Cryptography, 2025, vol. 9, no. 1, article 2. DOI: 10.3390/cryptography9010002.
  10. Mehta J., Rana H. Safest-Value of the Number of Primes in RSA Modulus and an Improvised Generalized Multi-Moduli RSA, Mathematics, 2025, vol. 13, no. 10, article 1690. DOI: 10.3390/math13101690.
  11. Rahmani M., Nitaj A., Ziane M. Improved Cryptanalysis of Some RSA Variants, Algorithms, 2025, vol. 18, no. 4, article 223. DOI: 10.3390/a18040223.
  12. Wang S., Sun M. New Cryptanalysis of Prime Power RSA with Two Private Exponents, Mathematics, 2024, vol. 12, no. 21, article 3411. DOI: 10.3390/math12213411.
  13. Rahmani M., Nitaj A., Ziane M. Partial Exposure Attacks on a New RSA Variant, Cryptography, 2024, vol. 8, no. 4, article 44. DOI: 10.3390/cryptography8040044.
  14. Overmars A., Venkatraman S. Continued Fractions Applied to the One Line Factoring Algorithm for Breaking RSA, Journal of Cybersecurity and Privacy, 2024, vol. 4, no. 1, pp. 41—54. DOI: 10.3390/jcp4010003.
  15. Nitaj A., Susilo W., Tonien J. A new attack on some RSA variants, Theoretical Computer Science, 2023, vol. 960. DOI: 10.1016/j.tcs.2023.113898.
  16. Cesati M. A New Idea for RSA Backdoors, Cryptography, 2023, vol. 7, no. 3, article 45. DOI: 10.3390/cryptography7030045.
  17. Markelova A. V. Kleptographic (algorithmic) bookmarks in the RSA key generator, Prikladnaja diskretnaja matematika, 2022, no. 55, pp. 13—34. DOI: 10.17223/20710410/55/2 (in Russian).
  18. Hankerson D., Menezes A. J., Vanstone S. Guide to elliptic curve cryptography, NY, Springer Science & Business Media, 2004, 311 p.
  19. Tidrea A., Korodi A., Silea I. Elliptic Curve Cryptography Considerations for Securing Automation and SCADA Systems, Sensors, 2023, vol. 23, no. 5, article 2686. DOI: 10.3390/s23052686.
  20. Di Matteo S., Baldanzi L., Crocetti L. et al. Secure Elliptic Curve Crypto-Processor for Real-Time IoT Applications, Energies, 2021, vol. 14, no. 15, article 4676. DOI: 10.3390/en14154676.
  21. Nyame G., Qin Z., Obour Agyekum K. O.-B. et al. An ECDSA Approach to Access Control in Knowledge Management Systems Using Blockchain, Information, 2020, vol. 11, no 2, article 111. DOI: 10.3390/info11020111.
  22. Al-Zubaidie M., Zhang Z., Zhang J. PAX: Using Pseud-onymization and Anonymization to Protect Patients' Identities and Data in the Healthcare System, International Journal of Environmental Research and Public Health, 2019, vol. 16, no. 9, article 1490. DOI: 10.3390/ijerph16091490.
  23. Zemskov Ju.V., Laptev I. A., Temirov I. Ju. Cryptographic protection of navigation systems using ECDSA (Elliptic Curve Digi­tal Signature Algorithm), Mezhdunarodnyj zhurnal informacionnyh tehnologij i jenergojeffektivnosti, 2025, vol. 10, no. 5(55), pp. 165—170 (in Russian).
  24. Basynya E. A., Karapetyants N., Karapetyants M. Research of existing approaches to the analysis of transactions in the Bitcoin network, Programmnaya ingeneria, 2023, vol. 14, no. 10, pp. 493—501. DOI: 10.17587/prin.14.493-501 (in Russian).
  25. Basinya E. A., Karapetyants N., Karapetyants M. System for analyzing transactions in the Bitcoin network, Programmnaya ingeneriya, 2023, vol. 14, no. 11, pp. 523—530. DOI: 10.17587/ prin.14.523-530 (in Russian).
  26. Nesterenko A. I., Luk'janchikov A. V. Analysis of the ECDSA algorithm vulnerability when nonce value is reused, Sovremennye problemy radiojelektroniki i telekommunikacij, 2024, no. 7, p. 201. (in Russian).
  27. Kabin I., Dyka Z., Langendoerfer P. Atomicity and Regularity Principles Do Not Ensure Full Resistance of ECC Designs against Single-Trace Attacks, Sensors, 2022, vol. 22, no. 8, arti­cle 3083. DOI: 10.3390/s22083083.
  28. Mahovenko E. B. Teoretiko-chislovye metody v kriptografii: uchebnoe posobie, Moscow, Gelios ARV, 2006, 320 p. (in Russian).
  29. Artyuhov Yu. V. Analiz algoritma RSA. Nekotorye raspros-tranyonnye elementarnye ataki i mery protivodejstviya im, Molodoj uchenyj, 2010, vol. 1, no. 11 (22), pp. 85—87 (in Russian).
  30. Coppersmith D. Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities, Journal of Cryptology, 1997, vol. 10, no. 4, pp. 233—260. DOI: 10.1007/s001459900030.
  31. Wiener M. J. Cryptanalysis of short RSA secret exponents, IEEE Transactions on Information Theory, 1990, vol. 36, no. 3, pp. 553—558. DOI: 10.1109/18.54902.
  32. Boneh D., Durfee G. Cryptanalysis of RSA with Private Key d Less Than N0.292, IEEE Transactions on Information Theory, 2000, vol. 46, no. 4.