Experimental Performance of Shared {RSA} Modulus Generation

Abstract Many distributed protocols require the participants to have secret shares of an RSA modulus in order to perform distributed cryptographic computations. Until recently, a trusted party was required to generate and distribute these secret shares before the start of the protocol. Recently, Boneh and Franklin introduced a protocol whereby participants could themselves generate the secret shares without revealing any information about their shares to each other. We experimentally evaluate the performance of their protocol and we recommend good choices for certain parameters of the protocol.

[1]  Matthew K. Franklin,et al.  Joint Encryption and Message-Efficient Secure Computation , 1993, CRYPTO.

[2]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[3]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[4]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[5]  Jacques Stern,et al.  Generation of Shared RSA Keys by Two Parties , 1998, ASIACRYPT.

[6]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[7]  John B. Lacy CryptoLib: Cryptography in Software , 1993, USENIX Security Symposium.

[8]  de Ng Dick Bruijn On the number of uncancelled elements in the sieve of Eratosthenes , 1950 .

[9]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[10]  Clifford C. Cocks Split Knowledge Generation of RSA Parameters , 1997, IMACC.

[11]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[12]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[13]  Gerald Fortney A private conversation , 1997 .

[14]  Kazuo Ohta,et al.  A Modification of the Fiat-Shamir Scheme , 1988, CRYPTO.

[15]  Dan Boneh,et al.  Experimenting with Shared Generation of RSA Keys , 1999, NDSS.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  Claus-Peter Schnorr,et al.  Fast Signature Generation With a Fiat Shamir-Like Scheme , 1991, EUROCRYPT.

[18]  Catherine C. McGeoch Analyzing algorithms by simulation: variance reduction techniques and simulation speedups , 1992, CSUR.