Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting

The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for distributively generating an RSA composite with security against malicious behavior. Our second contribution is a complete Paillier (in: EUROCRYPT, pp 223–238, 1999) threshold encryption scheme in the two-party setting with security against malicious attacks. We further describe how to extend our protocols to the multiparty setting with dishonest majority. Our RSA key generation protocol is comprised of the following subprotocols: (i) a distributed protocol for generation of an RSA composite and (ii) a biprimality test for verifying the validity of the generated composite. Our Paillier threshold encryption scheme uses the RSA composite for the public key and is comprised of the following subprotocols: (i) a distributed generation of the corresponding secret key shares and (ii) a distributed decryption protocol for decrypting according to Paillier.

[1]  Angelo Agatino Nicolosi Efficient RSA Key Generation Protocol in a Two-Party Setting and its Application into the Secure Multiparty Computation Environment , 2011 .

[2]  de Ng Dick Bruijn On the number of uncancelled elements in the sieve of Eratosthenes , 1950 .

[3]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[4]  Ivan Damgård,et al.  Client/Server Tradeoffs for Online Elections , 2002, Public Key Cryptography.

[5]  Yehuda Lindell,et al.  Efficient Oblivious Polynomial Evaluation with Simulation-Based Security , 2009, IACR Cryptol. ePrint Arch..

[6]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[7]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[8]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[9]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[10]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[13]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[14]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols: Techniques and Constructions , 2010 .

[15]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[16]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[17]  Jacques Stern,et al.  Generation of Shared RSA Keys by Two Parties , 1998, ASIACRYPT.

[18]  J. Silverman Advanced Topics in the Arithmetic of Elliptic Curves , 1994 .

[19]  Mike Burmester,et al.  Shared Generation of Shared Rsa Keys 1 , 1998 .

[20]  Ivan Damgård,et al.  On the Amortized Complexity of Zero-Knowledge Protocols , 2009, CRYPTO.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[23]  Carmit Hazay,et al.  Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs , 2015, Journal of Cryptology.

[24]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[25]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[26]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[27]  Jacques Stern,et al.  Practical multi-candidate election system , 2001, PODC '01.

[28]  Carmit Hazay,et al.  Computationally Secure Pattern Matching in the Presence of Malicious Adversaries , 2010, Journal of Cryptology.

[29]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[30]  Rosario Gennaro,et al.  Paillier's cryptosystem revisited , 2001, CCS '01.

[31]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[32]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[33]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[34]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[35]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[36]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[37]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[38]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[39]  M. Rabin Probabilistic algorithm for testing primality , 1980 .

[40]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[41]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[42]  Ivan Damgård,et al.  Efficient, Robust and Constant-Round Distributed RSA Key Generation , 2010, TCC.

[44]  Yehuda Lindell Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries , 2013, CRYPTO.

[45]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[46]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[47]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[48]  Kouichi Sakurai,et al.  Distributed Paillier Cryptosystem without Trusted Dealer , 2010, WISA.

[49]  E. Kushilevitz Foundations of Cryptography Foundations of Cryptography , 2014 .

[50]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[51]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[52]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[53]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[54]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[55]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[56]  Helger Lipmaa,et al.  On Diophantine Complexity and Statistical Zero-Knowledge Arguments , 2003, ASIACRYPT.

[57]  ord Cocks Split Generation of RSA Parameters with Multiple Participants Cli , 1998 .

[58]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[59]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[60]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[61]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[62]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[63]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[64]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[65]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[66]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..