One Round Threshold Discrete-Log Key Generation without Private Channels

Pedersen designed the first scheme for generating Discrete-Log keys without any trusted dealer in 1991. As this protocol is simple and efficient, it appeared to be very attractive. For a long time, this robust algorithm has been trusted as being secure. However, in 1999, Gennaro et al. proved that one of the requirements is not guaranteed: more precisely, the property that the key is uniformly distributed in the key space. Their main objective was to repair the security flaw without sacrificing on efficiency. As a result, the protocol became secure but somehow unpractical. In particular, the "complaint phase", in which cheaters are thrown out, makes the scheme overly complex and difficult to deal with in practical situations. In order to avoid this phase and other drawbacks such as the initialization phase where private channels have to be created, we present a one round scheme which generates a discrete-log key with public channels only. Finally, we show how to improve the efficiency of our algorithm when the number of servers increases.

[1]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[2]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[3]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[4]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[5]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[7]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[8]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[10]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[11]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[12]  Jacques Stern,et al.  Generation of Shared RSA Keys by Two Parties , 1998, ASIACRYPT.

[13]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.

[14]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[15]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.

[16]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[17]  Moti Yung,et al.  Adaptively-Secure Optimal-Resilience Proactive RSA , 1999, ASIACRYPT.

[18]  Ivan Damgård,et al.  Verifiable Encryption and Applications to Group Signatures and Signature Sharing , 1998, IACR Cryptol. ePrint Arch..

[19]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[20]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[21]  Silvio Micali,et al.  Parallel Reducibility for Information-Theoretically Secure Computation , 2000, CRYPTO.

[22]  Jacques Stern,et al.  Fair Encryption of RSA Keys , 2000, EUROCRYPT.

[23]  Stanislaw Jarecki,et al.  Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures , 2000, EUROCRYPT.

[24]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.