Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions

We propose techniques that allow construction of robust threshold RSA signature schemes that can work without a trusted dealer using known key generation protocols and is as efficient as the best previous schemes. We do not need special conditions on the RSA modulus, extra complexity or set-up assumptions or random oracles. An “optimistic” variant of the scheme is even more efficient in case no faults occur. Some potential more general applications of our basic idea are also pointed out.

[1]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[2]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[3]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[4]  Moti Yung,et al.  On Threshold RSA-Signing with no Dealer , 1999, ICISC.

[5]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[6]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[7]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[8]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[9]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[10]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[11]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[12]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[13]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[14]  J. Rosser,et al.  Approximate formulas for some functions of prime numbers , 1962 .

[15]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[16]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[17]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[18]  Michael K. Reiter,et al.  How to securely replicate services , 1994, TOPL.

[19]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.

[20]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[21]  Jacques Stern,et al.  Fully Distributed Threshold RSA under Standard Assumptions , 2001, ASIACRYPT.

[22]  Brian King,et al.  Improved Methods to Perform Threshold RSA , 2000, ASIACRYPT.

[23]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[24]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[25]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[26]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[27]  JooSeok Song,et al.  Information Security and Cryptology - ICISC’99 , 1999, Lecture Notes in Computer Science.

[28]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[29]  Ran Canetti A unified framework for analyzing security of protocols , 2001, Electron. Colloquium Comput. Complex..

[30]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[31]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .