Server-Supported RSA Signatures for Mobile Devices

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10492)

Abstract

We propose a new method for shared RSA signing between the user and the server so that: (a) the server alone is unable to create valid signatures; (b) having the client’s share, it is not possible to create a signature without the server; (c) the server detects cloned client’s shares and blocks the service; (d) having the password-encrypted client’s share, the dictionary attacks cannot be performed without alerting the server; (e) the composite RSA signature “looks like” an ordinary RSA signature and verifies with standard crypto-libraries. We use a modification of the four-prime RSA scheme of Damgård, Mikkelsen and Skeltved from 2015, where the client and the server have independent RSA private keys. As their scheme is vulnerable to dictionary attacks, in our scheme, the client’s RSA private exponent is additively shared between server and client. Our scheme has been deployed and has over 200,000 users.

References

  1. 1.
    Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_34 Google Scholar
  2. 2.
    Bellare, M., Sandhu, R.: The security of practical two-party RSA signature schemes. Cryptology e-print archive 2001/060Google Scholar
  3. 3.
    Blanchet, B.: Modeling and verifying security protocols with the applied Pi calculus and ProVerif. Found. Trends Priv. Secur. 1(1–2), 1–135 (2016)Google Scholar
  4. 4.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 425–439. Springer, Heidelberg (1997). doi:10.1007/BFb0052253 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.K.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Boneh, D., Horwitz, J.: Generating a product of three primes with an unknown factorization. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 237–251. Springer, Heidelberg (1998). doi:10.1007/BFb0054866 CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: Virtual smart cards: How to sign with a password and a server. In: Zikas, V., Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 353–371. Springer, Cham (2016). doi:10.1007/978-3-319-44618-9_19 Google Scholar
  8. 8.
    Damgård, I., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 152–165. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_10 CrossRefGoogle Scholar
  9. 9.
    Damgård, I., Mikkelsen, G.L.: On the theory and practice of personal digital signatures. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 277–296. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00468-1_16 CrossRefGoogle Scholar
  10. 10.
    Damgård, I., Mikkelsen, G.L.: Efficient, robust and constant-round distributed RSA key generation. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 183–200. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11799-2_12 CrossRefGoogle Scholar
  11. 11.
    Damgård, I., Mikkelsen, G.L., Skeltved, T.: On the security of distributed multiprime RSA. In: Lee, J., Kim, J. (eds.) ICISC 2014. LNCS, vol. 8949, pp. 18–33. Springer, Cham (2015). doi:10.1007/978-3-319-15943-0_2 Google Scholar
  12. 12.
    Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988). doi:10.1007/3-540-48184-2_8 Google Scholar
  13. 13.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990). doi:10.1007/0-387-34805-0_28 CrossRefGoogle Scholar
  14. 14.
    Frankel, Y., MacKenzie, P.D., Yung, M.: Robust efficient distributed RSA key generation. In: Vitter, J.S. (ed.) STOC, pp. 663–672. ACM (1998)Google Scholar
  15. 15.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and efficient sharing of RSA functions. J. Cryptol. 13, 273–300 (2000)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_8 Google Scholar
  17. 17.
    Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T.: Efficient RSA key generation and threshold paillier in the two-party setting. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 313–331. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27954-6_20 CrossRefGoogle Scholar
  18. 18.
    Kwon, T.: On the difficulty of protecting private keys in software. In: Chan, A.H., Gligor, V. (eds.) ISC 2002. LNCS, vol. 2433, pp. 17–31. Springer, Heidelberg (2002). doi:10.1007/3-540-45811-5_2 CrossRefGoogle Scholar
  19. 19.
    Kwon, T.: Robust software tokens – Yet another method for securing user’s digital identity. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 476–487. Springer, Heidelberg (2003). doi:10.1007/3-540-45067-X_41 CrossRefGoogle Scholar
  20. 20.
    Luby, M.: Pseudorandomness and Cryptographic Applications. Princeton University Press, Princeton (1996)MATHGoogle Scholar
  21. 21.
    MacKenzie, P., Reiter, M.K.: Networked cryptographic devices resilient to capture. Int. J. Inf. Secur. 2(1), 1–20 (2003)CrossRefGoogle Scholar
  22. 22.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_15 CrossRefGoogle Scholar
  24. 24.
    Smart, N.P. (ed.): Algorithms, Key Size and Protocols Report. Deliverable D5.2 of ECRYPT CSA, 17 October 2016Google Scholar
  25. 25.
    RSA Laboratories. PKCS #1: RSA Encryption Standard, ver. 2.2, October 2012Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
  • Aivo Kalu
    • 1
  • Peeter Laud
    • 1
  • Mart Oruaas
    • 1
  1. 1.Cybernetica ASTallinnEstonia
  2. 2.Tallinn University of TechnologyTallinnEstonia

Personalised recommendations