On the Security of Distributed Multiprime RSA

Threshold RSA encryption and signing is a very useful tool to increase the security of the secret keys used. Key generation is, however, either done in a non-threshold way, or computationally inefficient protocols are used. This is not a big problem in a setup where one organization has a few high profile keys to secure, however, this does not scale well to systems with a lot of secret keys, like eID schemes where there exist one key pair per user, especially not if the we want the users’ personal devices like smart phones to participate in the threshold setup. In this paper we present novel approaches to distributed RSA key generation which are efficient enough to let smart phones participate. This is done by generating keys consisting of more than two primes instead of generating standard RSA keys.

[1]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[2]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[3]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[4]  Ivan Damgård,et al.  On the Theory and Practice of Personal Digital Signatures , 2009, IACR Cryptol. ePrint Arch..

[5]  Dan Boneh,et al.  Generating a Product of Three Primes with an Unknown Factorization , 1998, ANTS.

[6]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[7]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[8]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[9]  Ivan Damgård,et al.  Efficient, Robust and Constant-Round Distributed RSA Key Generation , 2010, TCC.

[10]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[11]  Victor Shoup,et al.  OAEP Reconsidered , 2002, Journal of Cryptology.

[12]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[13]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[14]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[15]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[16]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[17]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.

[18]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.