Optimizing Robustness While Generating Shared Secret Safe Primes

  • Emil Ong
  • John Kubiatowicz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)


We develop a method for generating shared, secret, safe primes applicable to use in threshold RSA signature schemes such as the one developed by Shoup. We would like a scheme usable in practical settings, so our protocol is robust and efficient in asynchronous, hostile environments. We show that the techniques used for robustness need special care when they must be efficient. Specifically, we show optimizations that minimize the number and size of the proofs of knowledge used. We also develop optimizations based on computer arithmetic algorithms, in particular, precomputation and Montgomery modular multiplication.


Distributed key generation safe primes threshold RSA signatures 


  1. 1.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 207. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Algesheimer, J., Camenisch, J.L., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Fouque, P.-A., Stern, J.: Fully distributed threshold RSA under standard assumptions. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 310–330. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Damgård, I.B., Koprowski, M.: Practical Threshold RSA Signatures Without a Trusted Dealer. Technical Report RS-00-30, Basic Research in Computer Science, University of Aarhus (2000)Google Scholar
  5. 5.
    Malkin, M., Wu, T., Boneh, D.: Experimenting with Shared Generation of RSA keys. In: Symposium on Network and Distributed System Security, pp. 43–56 (1999)Google Scholar
  6. 6.
    Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. ACM Transactions on Information and System Security 3, 161–185 (2000)CrossRefGoogle Scholar
  7. 7.
    Catalano, D., Gennaro, R., Halevi, S.: Computing inverses over a shared secret modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 190–207. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. Journal of the ACM (JACM) 48, 702–722 (2001)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Frankel, Y., MacKenzie, P.D., Yung, M.: Robust Efficient Distributed RSA-Key Generation. In: Annual ACM Symposium on Theory of Computing (1998)Google Scholar
  10. 10.
    Goldwasser, S., Lindell, Y.: Secure Multi-Party Computation Without Agreement. In: Malkhi, D. (ed.) DISC 2002. LNCS, vol. 2508, pp. 17–32. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Shamir, A.: How to share a secret. Communications of the ACM 22 (1979)Google Scholar
  12. 12.
    Damgård, I., Fujisaki, E.: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. In: ASIACRYPT, pp. 125–142 (2002)Google Scholar
  13. 13.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  14. 14.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computation. In: Annual ACM Symposium on Theory of Computing, pp. 1–10 (1988)Google Scholar
  15. 15.
    Mao, W.: Guaranteed correct sharing of integer factorization with off-line shareholders. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 60–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Montgomery, P.L.: Modular Multiplication Without Trial Division. Mathematics of Computation 44, 519–521 (1985)MATHMathSciNetCrossRefGoogle Scholar
  17. 17.
    Bajard, J.C., Didier, L.S., Kornerup, P.: Modular Multiplication and Base Extensions in Residue Number Systems. In: Proceedings of the 15th IEEE Symposium on Computer Arithmetic, pp. 59–65 (2001)Google Scholar
  18. 18.
    C¸ .K. Ko¸c, Acar, T.: Fast Software Exponentiation in GF(2k). In: Symposium on Computer Arithmetic, pp. 225–231 (1997) Google Scholar
  19. 19.
    Bar-Ilan, J., Beaver, D.: Non-Cryptographic Fault-Tolerant Computing in a Constant Number of Rounds of Interaction. In: 8th ACM Symposium on Principles of Distributed Computation, pp. 201–209 (1989)Google Scholar
  20. 20.
    Frankel, Y., MacKenzie, P., Yung, M.: Adaptively secure distributed public-key systems. Theoretical Computer Science 287, 535–561 (2002)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Emil Ong
    • 1
  • John Kubiatowicz
    • 1
  1. 1.University of CaliforniaBerkeley

Personalised recommendations