Generating RSA Keys on a Handheld Using an Untrusted Server

  • Dan Boneh
  • Nagendra Modadugu
  • Michael Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1977)


We show how to efficiently generate RSA keys on a low power handheld device with the help of an untrusted server. Most of the key generation work is offloaded onto the server. However, the server learns no information about the key it helped generate. We experiment with our techniques and show they result in up to a factor of 5 improvement in key generation time. The resulting RSA key looks like an RSA key for paranoids. It can be used for encryption and key exchange, but cannot be used for signatures.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    N. Asokan, G. Tsudik and M. Waidner, “Server-Supported Signatures”, Journal of Computer Security, Vol. 5, No. 1, pp. 91–108, 1997.Google Scholar
  2. 2.
    D. Balfanz, E. Felten, “Hand-Held Computers Can Be Better Smart Cards”, to appear in the 8th USENIX Security Symposium. 271Google Scholar
  3. 3.
    D. Boneh, N. Daswani, “Experimenting with electronic commerce on the PalmPilot”, in proc. of Financial-Crypto’ 99, Lecture Notes in Computer Science, Vol. 1648, Springer-Verlag, pp. 1–16, 1999. 271Google Scholar
  4. 4.
    M. Bellare, P. Rogaway, ldOptimal asymmetric encryption-How to encrypt with RSA”, in proc. Eurocrypt’ 94. 274, 274Google Scholar
  5. 5.
    H. Gilbert, D. Gupta, A. M. Odlyzko, and J.-J. Quisquater, “Attacks on Shamirś ŔSA for paranoids,” Information Processing Letters 68 (1998), pp. 197–199. 274CrossRefGoogle Scholar
  6. 6.
    T. Matsumoto, K. Kato, H. Imai, “Speeding up secret computations with insecure auxiliary devices”, In proc. of Crypto’ 88, Lecture Notes in Computer Science, Vol. 403, Springer-Verlag, pp. 497–506, 1998.Google Scholar
  7. 7.
    A. Menezes, P. van Oorschot and S. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1996. 277Google Scholar
  8. 8.
    P. Nguyen, J. Stern, “The Beguin-Quisquater Server-Aided RSA Protocol from Crypto’95 is not secure”, in proc. of AsiaCrypt’ 98, Lecture Notes in Computer Science, Vol. 1514, Springer-Verlag, pp. 372–380, 1998.Google Scholar
  9. 10.
    R. Rivest, “Finding four million large random primes”, In proc. of Crypto’ 90, Lecture Notes in Computer Science, Vol. 537, Springer-Verlag, pp. 625–626, 1997.273Google Scholar
  10. 11.
    A. Shamir, “RSA for paranoids”, CryptoBytes, Vol. 1, No. 3, 1995. 274Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Dan Boneh
    • 1
  • Nagendra Modadugu
    • 1
  • Michael Kim
    • 1
  1. 1.Stanford UniversityUSA

Personalised recommendations