GBD Threshold Cryptography with an Application to RSA Key Recovery

  • Chris Steketee
  • Jaimee Brown
  • Juan M. González Nieto
  • Paul Montague
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


We present protocols for threshold decryption and threshold key generation in the GBD public-key cryptosystem in the “honest-but-curious” setting. These allow GBD computations to be performed in a distributed manner during both key generation and decryption, without revealing the private key to any party. GBD threshold decryption is similar to El-Gamal threshold decryption. GBD threshold key generation is based on adaptations of protocols for RSA key generation by Boneh and Franklin, and Catalano et al, and includes a new protocol for efficiently computing the inverse of a shared secret modulo another shared secret. We also show an application of GBD threshold cryptography to RSA key recovery, and point out two open problems in this application.


Shared Computation Threshold Cryptography Threshold Decryption Trial Division Polynomial Sharing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    González-Nieto, J.M., Boyd, C., Dawson, E.: A public key cryptosystem based on a subgroup membership problem. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 352–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    González-Nieto, J.M., Boyd, C., Dawson, E.: A public key cryptosystem based on a subgroup membership problem. Designs, Codes and Cryptography (2004) (accepted for publication)Google Scholar
  3. 3.
    Gemmell, P.: An introduction to threshold cryptography. CryptoBytes 2(3), 7–12 (1997)Google Scholar
  4. 4.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)Google Scholar
  5. 5.
    De Santis, A., Desmedt, Y., Frankel, Y., Yung, M.: How to share a function securely. In: STOC 1994, pp. 522–533 (1994)Google Scholar
  6. 6.
    Pedersen, T.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  7. 7.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Frankel, Y., MacKenzie, P., Yung, M.: Robust efficient distributed RSA-key generation. In: STOC 1998, pp. 663–672. ACM Press, New York (1998)CrossRefGoogle Scholar
  9. 9.
    Brown, J., Dawson, E., González-Nieto, J.M.: Implementation of the GBD cryptosystem. In: Cryptographic Algorithms and their Uses, pp. 94–109. QUT Publications (2004)Google Scholar
  10. 10.
    Catalano, D., Gennaro, R., Halev, S.: Computing inverses over a shared secret modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 190–206. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Steketee, C., Brown, J., González Nieto, J., Montague, P.: GBD threshold cryptography with an application to RSA key recovery (2005),
  13. 13.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Malkin, M., Wu, T., Boneh, D.: Experimenting with shared generation of RSA keys. In: SNDSS 1999, pp. 43–56 (1999)Google Scholar
  15. 15.
    Paillier, P., Yung, M.: Self-escrowed public-key infrastructures. In: Song, J.S. (ed.) ICISC 1999. LNCS, vol. 1787, pp. 249–261. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    Young, A., Yung, M.: Auto-recoverable and auto-certifiable cryptosystems. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 17–31. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Micali, S.: Fair public-key cryptosystems. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 113–138. Springer, Heidelberg (1993)Google Scholar
  18. 18.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Fouque, P., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 90–104. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Damgard, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    González-Nieto, J.M., Viswanathan, K., Boyd, C., Dawson, E.: A self-escrowed integer factorisation based public key infrastructure. In: VII Spanish Meeting on Cryptology and Information Security, Oviedo, Spain, pp. 315–328. Universidad de Oviedo (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Chris Steketee
    • 1
  • Jaimee Brown
    • 2
  • Juan M. González Nieto
    • 2
  • Paul Montague
    • 3
  1. 1.Advanced Computing Research CentreUniversity of South AustraliaAustralia
  2. 2.Information Security InstituteQueensland University of TechnologyAustralia
  3. 3.Motorola AustraliaAustralia

Personalised recommendations