Threshold key-recovery systems for RSA

  • Tatsuaki Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1361)


Although threshold key-recovery systems for the discrete log based cryptosystems such as the ElGamal scheme have been proposed by Feldman and Pedersen [6, 11, 12], no (practical) threshold key-recovery system for the factoring based cryptosystems such as the RSA scheme has been proposed.

This paper proposes the first (practical) threshold key-recovery systems for the factoring based cryptosystems including the RSA and Rabin schemes. Almost all of the proposed systems are unconditionally secure, since the systems utilize unconditionally secure bit-commitment protocols and unconditionally secure VSS.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blakley, G.R.: Safeguarding Cryptographic Keys, Proc. of AFIPS 1979 Nat. Computer Conf., vol.48, pp.313–317 (Sep. 1979)Google Scholar
  2. 2.
    Blum, M.: Coin Flipping by Telephon, Proc. of COMPCON, IEEE, pp. 133–137 (1982).Google Scholar
  3. 3.
    Brickell, E., Chaum, D., DamgArd, I. and van de Graaf, Gradual and Verifiable Release of a Secret, Proc. of Crypto 87, LNCS, Springer-Verlag (1988).Google Scholar
  4. 4.
    Chor, B., Goldwasser, S., Micali, S. and Awerbuch, B.: Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults, Proc. of FOCS, pp.383–395 (1985).Google Scholar
  5. 5.
    Damgård, I.: Practical and Provably Secure Release of a Secret and Exchange of Signatures, Proc. of Eurocrypt'93, LNCS 765, Springer-Verlag, pp.200–217 (1994).Google Scholar
  6. 6.
    Feldman, P.: A Practical Scheme for Non-Interactive Verifiable Secret Sharing, Proc. of FOCS'87, pp.427–437 (1987).Google Scholar
  7. 7.
    Fiat, A. and Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems, Proc. of Crypto'86, LNCS 263, Springer-Verlag, pp. 186–194 (1986).Google Scholar
  8. 8.
    Micali, S.: Fair Public-Key Cryptosystems, Proc. of Crypto'92, LNCS, Springer-Verlag, pp.113–138 (1993).Google Scholar
  9. 9.
    Okamoto, T.: Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes, Proc. of Crypto'92, LNCS 740, Springer-Verlag, pp.31–53 (1993).Google Scholar
  10. 10.
    Okamoto, T.: An Efficient Divisible Electronic Cash Scheme, Proc. of Crypto'95, LNCS 963, Springer-Verlag, pp.438–451 (1995).Google Scholar
  11. 11.
    Pedersen, T. P.: Distributed Provers with Applications to Undeniable Sigantures, Proc. of Eurocrypt'91, LNCS 547, Springer-Verlag, pp.221–242 (1991).Google Scholar
  12. 12.
    Pedersen, T. P.: Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, Proc. of Crypto'91, LNCS 576, Springer-Verlag, pp. 129–140 (1992).Google Scholar
  13. 13.
    Shamir, A.: How to Share a Secret, Comm. Assoc. Comput. Mach., vol.22, no.11, pp.612–613 (Nov. 1979)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Tatsuaki Okamoto
    • 1
  1. 1.NTT LaboratoriesNippon Telegraph and Telephone CorporationYokosuka-shi, Kanagawa-kenJapan

Personalised recommendations