#bulk #gcd #fastgcd

bin+lib bulk-gcd

Fast parallel bulk GCD computation for finding weak RSA keys in a set

16 releases (stable)

Uses old Rust 2015

2.2.0 Jan 1, 2019
2.1.2 Dec 20, 2018
1.0.7 Dec 19, 2018
0.1.3 Dec 16, 2018

#535 in Cryptography

Download history 161/week @ 2022-06-02 2/week @ 2022-06-09 2/week @ 2022-06-16 18/week @ 2022-06-30 32/week @ 2022-07-07 15/week @ 2022-07-14 50/week @ 2022-07-21 2/week @ 2022-07-28 16/week @ 2022-08-04 1/week @ 2022-08-11 2/week @ 2022-08-18 21/week @ 2022-08-25 51/week @ 2022-09-08 17/week @ 2022-09-15

89 downloads per month

MIT and LGPL-3.0+

368 lines


Build Status Latest version Documentation License

This package provides and implementation of bulk GCD (Greatest Common Divisor) algorithm by D. Bernstein.


GCD is useful for identifying weak keys in a large set of RSA keys. Such sets were collected by researches (e.g. this paper). In order to find weak keys a pairwise GCD has to be executed on all RSA moduli (i.e. products of two primes P and Q, pertaining to each RSA private key). However, each separate GCD computation takes considerable amount of time and the naive pairwise process doesn't scale well (O(n^2)).

Instead of doing this search in a brute-force way, this module employs clever algorithm by D. Bernstein, that finds GCD of each moduli with a product of all other moduli. Through introduction of product and remainder trees, the computational cost becomes logarithmic instead of quadratic, which results in dramatic drop of the execution time.

Quick example

extern crate bulk_gcd;
extern crate rug;

use rug::Integer;

let moduli = [

let result = bulk_gcd::compute(&moduli).unwrap();

assert_eq!(result, vec![

Using bulk-gcd

bulk-gcd is available on crates.io. To use bulk-gcd in your crate, add it as a dependency inside Cargo.toml:

bulk-gcd = "^1.0.0"

You also need to declare it by adding this to your crate root (usually lib.rs or main.rs):

extern crate bulk_gcd;


Huge thanks to Michael Grunder for helping me make threads work in Rust.


~499K SLoC