Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting

  • Carmit Hazay
  • Gert Læssøe Mikkelsen
  • Tal Rabin
  • Tomas Toft
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7178)

Abstract

The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for distributively generating an RSA composite with security against malicious behavior in the two party setting. Our second contribution is a complete Paillier [37] threshold encryption scheme in the two-party setting with security against malicious behavior. Our RSA key generation is comprised of the following: (i) a distributed protocol for generation of an RSA composite, and (ii) a biprimality test for verifying the validity of the generated composite. Our Paillier threshold encryption scheme uses the RSA composite as public key and is comprised of: (i) a distributed generation of the corresponding secret-key shares and, (ii) a distributed decryption protocol for decrypting according to Paillier.

Keywords

Commitment Scheme Honest Party Malicious Adversary ElGamal Encryption Trial Division 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Baudron, O., Fouque, P.A., Pointcheval, D., Poupard, G., Stern, J.: Practical multi-candidate election system. In: PODC, pp. 274–283. ACM Press (2001)Google Scholar
  3. 3.
    Blackburn, S., Blake-Wilson, S., Burmester, M., Galbraith, S.: Shared generation of shared RSA keys, http://cacr.math.uwaterloo.ca/techreports/1998/corr98-19.ps
  4. 4.
    Boneh, D., Franklin, M.K.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Boudot, F.: Efficient Proofs that a Committed Number Lies in an Interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    De Bruijn, N.: On the number of uncanceled elements in the sieve of eratosthenes. Proc. Neder. Akad. Wetensh. 53, 803–812; Reviewed in LeVeque Reviews in Number Theory 4(28), 221Google Scholar
  7. 7.
    Camenisch, J., Kiayias, A., Yung, M.: On the Portability of Generalized Schnorr Proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Catalano, D., Gennaro, R., Howgrave-Graham, N., Nguyen, P.Q.: Paillier’s cryptosystem revisited. In: ACM Conference on Computer and Communications Security, pp. 206–214 (2001)Google Scholar
  9. 9.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  10. 10.
    Cocks, C.: Split Generation of RSA Parameters with Multiple Participants. In: Darnell, M.J. (ed.) IMACC 1997. LNCS, vol. 1355, pp. 200–212. Springer, Heidelberg (1997)Google Scholar
  11. 11.
    Coppersmith, D.: Small Exponents to Polynomial Equations, and Low Exponent RSA Vulnerabilities. Journal of Cryptology 10, 233–260 (1997)CrossRefMATHGoogle Scholar
  12. 12.
    Cramer, R., Damgård, I.: On the Amortized Complexity of Zero-Knowledge Protocols. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 177–191. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Cramer, R., Damgård, I.B., Nielsen, J.B.: Multiparty Computation from Threshold Homomorphic Encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-Authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  15. 15.
    Damgård, I., Jurik, M.: A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Damgård, I., Jurik, M.: Client/Server Tradeoffs for Online Elections. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 125–140. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Damgård, I., Jurik, M.: A Length-Flexible Threshold Cryptosystem with Applications. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 350–364. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Damgård, I., Mikkelsen, G.L.: Efficient, Robust and Constant-Round Distributed RSA Key Generation. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 183–200. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Damgård, I., Nielsen, J.B.: Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 581–596. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Damgård, I., Nielsen, J.B.: Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Desmedt, Y.G.: Threshold cryptography. European Transactions on Telecommunications 5(4), 449–457 (1994)CrossRefGoogle Scholar
  22. 22.
    El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Trans. Info. Theory IT 31, 469–472 (1985)MathSciNetGoogle Scholar
  23. 23.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptology 1(2), 77–94 (1988)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  25. 25.
    Fouque, P.A., Poupard, G., Stern, J.: Sharing Decryption in the Context of Voting or Lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 90–104. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Frankel, Y., Mackenzie, P.D., Yung, M.: Robust efficient distributed RSA-key generation. In: STOC 1998, pp. 663–672. ACM Press (1998)Google Scholar
  27. 27.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust Threshold DSS Signatures. Information and Computation 164(1), 54–84 (2001)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. Journal of Cryptology 20(1), 51–83 (2007)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Gennaro, R., Krawczyk, H., Rabin, T.: Robust and Efficient Sharing of RSA Functions. Journal of Cryptology 13(2), 273–300 (2000)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Gilboa, N.: Two Party RSA Key Generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  31. 31.
    Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T.: Efficient RSA key generation and threshold Paillier in the two-party setting. Cryptology ePrint Archive, Report 2011/494 (2011)Google Scholar
  32. 32.
    Hazay, C., Toft, T.: Computationally Secure Pattern Matching in the Presence of Malicious Adversaries. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 195–212. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  33. 33.
    Jarecki, S., Liu, X.: Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Jarecki, S., Shmatikov, V.: Efficient Two-Party Secure Computation on Committed Inputs. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 97–114. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  35. 35.
    Lipmaa, H.: On Diophantine Complexity and Statistical Zero-Knowledge Arguments. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  36. 36.
    Nicolosi, A.A.: Efficient RSA Key Generation Protocol in a Two-Party Setting and its Application into the Secure Multiparty Computation Environment – Master Thesis. Department of Computer Science Aarhus University, Denmark (2011)Google Scholar
  37. 37.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  38. 38.
    Poupard, G., Stern, J.: Generation of Shared RSA Keys by Two Parties. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 11–24. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  39. 39.
    Rabin, T.: A Simplified Approach to Threshold and Proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  40. 40.
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4, 161–174 (1991)CrossRefMATHGoogle Scholar
  41. 41.
    Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Carmit Hazay
    • 1
  • Gert Læssøe Mikkelsen
    • 2
  • Tal Rabin
    • 3
  • Tomas Toft
    • 1
  1. 1.Department of Computer ScienceAarhus UniversityDenmark
  2. 2.The Alexandra InstituteDenmark
  3. 3.IBM T.J.Watson Research CenterUSA

Personalised recommendations