Efficient Dealer-Less Threshold Sharing of Standard RSA

In [15] an e‐cient two-party, two-prime RSA function sharing protocol was proposed. The protocol proves efflciency over previously proposed protocols. When the sharing of standard RSA is considered, the protocol is faster than ever. In this paper, under the assumption that the adversary has eavesdropping and halting capabilities, we propose an e‐cient extension to the protocol of [15]. Our protocol enjoys the following properties (some of which are inherit from [15]): The protocol is fully distributed (i.e. does not require an honest dealer). It is a t-private and t-resilient (t;n)-threshold structure against a stationary adversary and also t-proactive (t;n)threshold structure against a mobile adversary, where the number of players n > 3t. The players jointly generate two-prime RSA modulus in a number of trials of O(‘=lg‘) since, the protocol avoids the ine‐cient distributed biprimality test. An extension of the protocol allows the generation of a RSA modulus which is a composite of two safe primes. Distributed primality tests are performed over a public modulus not a shared secret one, which reduces complexity on a per trial basis. We must emphasize that robustness against malicious adversaries (adversaries that masquerade the corrupted player by altering, deleting, sending wrong values, etc.) are beyond the scope of this paper.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Shai Halevi,et al.  Computing Inverses over a Shared Secret Modulus , 2000, EUROCRYPT.

[3]  Maged Hamada Ibrahim,et al.  Fast Fully-Distributed and Threshold RSA Function Sharing , 2005 .

[4]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[5]  Maged Hamada Ibrahim,et al.  Verifiable Threshold Sharing of a Large Secret Safe-Prime , 2005, ITCC.

[6]  Maged Hamada Ibrahim,et al.  Eliminating Quadratic Slowdown in Two-Prime RSA Function Sharing , 2008, Int. J. Netw. Secur..

[7]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[8]  H. Imai,et al.  Efficient and secure multiparty generation of digital signatures based on discrete logarithms , 1993 .

[9]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[10]  Vijay Varadharajan,et al.  How to Prove That a Committed Number Is Prime , 1999, ASIACRYPT.

[11]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[12]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[13]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[14]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[15]  Maged Hamada Ibrahim,et al.  Fast Three-Party Shared Generation of RSA Keys Without Distributed Primality Tests , 2005 .

[16]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[17]  M.H. Ibrahi,et al.  Verifiable threshold sharing of a large secret safe-prime , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[18]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[19]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..