Practical Threshold RSA Signatures without a Trusted Dealer

We propose a threshold RSA scheme which is as efficient as the fastest previous threshold RSA scheme (by Shoup), but where two assumptions needed in Shoup's and in previous schemes can be dropped, namely that the modulus must be a product of safe primes and that a trusted dealer generates the keys. The robustness (but not the unforgeability) of our scheme depends on a new intractability assumption, in addition to security of the underlying standard RSA scheme.

[1]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[2]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[3]  Luca Aceto,et al.  Characteristic formulae for timed automata , 2000, RAIRO Theor. Informatics Appl..

[4]  Jacques Stern,et al.  Fully Distributed Threshold RSA under Standard Assumptions , 2001, ASIACRYPT.

[5]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[6]  L. Santocanale Free μ-lattices ☆ , 2002 .

[7]  Luigi Santocanale The Alternation Hierarchy for the Theory of mu-lattices , 2000 .

[8]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[9]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[10]  Claus Brabrand,et al.  Growing languages with metamorphic syntax macros , 2000, PEPM '02.

[11]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[12]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[13]  J. Rosser,et al.  Approximate formulas for some functions of prime numbers , 1962 .

[14]  Rajeev Alur,et al.  Heuristics for Hierarchical Partitioning with Application to Model Checking , 2000, CHARME.

[15]  Anders B. Sandholm,et al.  Using Automata in Control Synthesis. A Case Study , 2000 .

[16]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[17]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[18]  Zoltán Ésik,et al.  Continuous Additive Algebras and Injective Simulations of Synchronization Trees , 2000, J. Log. Comput..

[19]  Luca Aceto,et al.  2-Nested Simulation Is Not Finitely Equationally Axiomatizable , 2000, STACS.

[20]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[21]  Ran Canetti A unified framework for analyzing security of protocols , 2001, Electron. Colloquium Comput. Complex..

[22]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[23]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[24]  Ivan Damgård,et al.  Practical Threshold RSA Signatures Without a Trusted Dealer , 2000 .

[25]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[26]  Moti Yung,et al.  On Threshold RSA-Signing with no Dealer , 1999, ICISC.