A Simplified Approach to Threshold and Proactive RSA

We present a solution to both the robust threshold RSA and proactive RSA problems. Our solutions are conceptually simple, and allow for an easy design of the system. The signing key, in our solution, is shared at all times in additive form, which allows for simple signing and for a particularly efficient and straightforward refreshing process for proactivization. The key size is (up to a very small constant) the size of the RSA modulus, and the protocol runs in constant time, even when faults occur, unlike previous protocols where either the size of the key has a linear blow-up (at best) in the number of players or the run time of the protocol is linear in the number of faults. The protocol is optimal in its resilience as it can tolerate a minority of faulty players. Furthermore, unlike previous solutions, the existence and availability of the key throughout the lifetime of the system, is guaranteed without probability of error.

[1]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[2]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[3]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[4]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[5]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[6]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, EUROCRYPT.

[7]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[8]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  H. Imai,et al.  Efficient and secure multiparty generation of digital signatures based on discrete logarithms , 1993 .

[10]  Silvio Micali,et al.  An Optimal Algorithm for Synchronous Byzantine Agreement , 1997 .

[11]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[12]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[13]  Yvo Desmedt,et al.  Parallel reliable threshold multisignature , 1992 .

[14]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[15]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[16]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[17]  Moti Yung,et al.  Witness-based cryptographic program checking and robust function sharing , 1996, STOC '96.

[18]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[19]  Yair Frankel,et al.  A Practical Protocol for Large Group Oriented Networks , 1990, EUROCRYPT.

[20]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[21]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[22]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[23]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[24]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[25]  Ran Canetti,et al.  Proactive Security: Long-term protection against break-ins , 1997 .

[26]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.