Fast Three-Party Shared Generation of RSA Keys Without Distributed Primality Tests

Distributed primality tests for the purpose of testing the factors of the jointly generated RSA modulus were always considered as a nightmare due to the large amount of time required for this test to succeed. Enormous number of trials must be performed before a suitable RSA modulus is established. In this paper we propose a protocol to allow three parties to share the generation of a RSA modulus N and to share the secret key d. The protocol enjoys the following properties which do not exist in previous protocols: • The protocol does not need any distributed primality tests. The three parties are able to find a suitable modulus from the first trial without any additional tests. • The protocol can generate a RSA modulus which is a composite of safe primes. • The protocol is less vulnerable to the RSA attacks in [26, 27].

[1]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[2]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[3]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[4]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[5]  Rosario Gennaro,et al.  Theory and practice of verifiable secret sharing , 1996 .

[6]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[7]  J. Grossschadl,et al.  The Chinese Remainder Theorem and its application in a high-speed RSA crypto chip , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[8]  Jacques Stern,et al.  Generation of Shared RSA Keys by Two Parties , 1998, ASIACRYPT.

[9]  Dan Boneh,et al.  Generating a Product of Three Primes with an Unknown Factorization , 1998, ANTS.

[10]  Mike Burmester,et al.  Shared Generation of Shared Rsa Keys 1 , 1998 .

[11]  Clifford C. Cocks Split Knowledge Generation of RSA Parameters , 1997, IMACC.

[12]  Tobias Straub,et al.  Efficient Two Party Multi-Prime {RSA} Key Generation , 2003 .

[13]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[14]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[15]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[16]  ord Cocks Split Generation of RSA Parameters with Multiple Participants Cli , 1998 .

[17]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[18]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[19]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[20]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[21]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[22]  Shai Halevi,et al.  Computing Inverses over a Shared Secret Modulus , 2000, EUROCRYPT.

[23]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[24]  Johann Großschädl,et al.  The Chinese Remainder Theorem and its Application in a High-Speed RSA Crypto Chip , 2000, ACSAC.

[25]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[26]  Susan K. Langford Threshold DSS Signatures without a Trusted Party , 1995, CRYPTO.

[27]  Yvo Desmedt,et al.  Parallel reliable threshold multisignature , 1992 .

[28]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[29]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[30]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[31]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.