Guaranteed correct sharing of integer factorization with off-line shareholders

  • Wenbo Mao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)

Abstract

A fair public-key cryptosystem consists of multi-party protocols in which a plural number of participants (shareholders) are involved in receiving and verifying distributed shares. It will be desirable if multiparty protocols can be streamlined into two-party ones without lowering the quality of fairness: secret is still shared among many (more than two) parties. In this paper we propose a scheme that distributes secret shares of the factorization of an integer to multi-parties without their participation in the protocols for share distribution and verification. A single verifier suffices to verify the correctness of the shares using the public keys of the off-line shareholders. Due to the universal verifiability, a guaranteed correctness of secret sharing is achieved without relying on the honesty of the verifier.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Bellare and S. Goldwasser. Verifiable partial key escrow. In Proceedings of 4th ACM Conference on Computer and Communications Security. Zurich, April 1997.Google Scholar
  2. 2.
    M. Blum. Coin flipping by telephone: a protocol for solving impossible problems. In Proceedings of 24th IEEE Computer Conference (CompCon), pages 133–137. 1982.Google Scholar
  3. 3.
    R. Cramer, I. Damgård and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology — Proceedings of CRYPTO'94 (LNCS 839), pages 174–187. Springer-Verlag, 1994.Google Scholar
  4. 4.
    R. Cramer, R. Gennaro and B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. In Advances in Cryptology — Proceedings of EUROCRYPT'97 (LNCS 1233), pages 103–118. Springer-Verlag, 1997.Google Scholar
  5. 5.
    D. Denning and D. Branstad. A taxonomy for key escrow encryption systems. Communications of the ACM. 39,3 March 1996, pages 34–40.CrossRefGoogle Scholar
  6. 6.
    Y. Desmedt and Y. Frankel. Threshold cryptosystems. In Advances in Cryptology — Proceedings of CRYPTO'89 (LNCS 435), pages 307–315. Springer-Verlag, 1990.Google Scholar
  7. 7.
    T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.CrossRefMathSciNetGoogle Scholar
  8. 8.
    A. Fiat and A. Shamir. How to prove yourself: Practical solution to identification and signature problems. In Advances in Cryptology — Proceedings of CRYPTO'86 (LNCS 263), pages 186–194. Springer-Verlag, 1987.Google Scholar
  9. 9.
    J. van de Graaf and R. Peralta. A simple and secure way to show the validity of your public key. In Advances in Cryptology — Proceedings of CRYPTO'87 (LNCS 293), pages 128–134. Springer-Verlag, 1988.Google Scholar
  10. 10.
    J.A. Gordon. Strong primes are easy to find. In Advances in Cryptology — Proceedings of EUROCRYPT'84 (LNCS 209), pages 216–223. Springer-Verlag, 1985.Google Scholar
  11. 11.
    J. Kilian and T. Leighton. Fair cryptosystems, revisited. A Rigorous approach to key-escrow. In Advances in Cryptology — Proceedings of CRYPTO'95 (LNCS 963), pages 208–221. Springer-Verlag, 1995.Google Scholar
  12. 12.
    A.K. Lenstra, P. Winkler and Y. Yacobi. A key escrow system with warrant bounds. In Advances in Cryptology — Proceedings of CRYPTO'95 (LNCS 963), pages 197–207. Springer-Verlag, 1995.Google Scholar
  13. 13.
    S. Micali. Fair public key cryptosystems. In Advances in Cryptology — Proceedings of CRYPTO'92 (LNCS 740), pages 113–138. Springer-Verlag, 1993.Google Scholar
  14. 14.
    T. Okamoto. An efficient divisible electronic cash scheme. In Advances in Cryptology — Proceedings of CRYPTO'91 (LNCS 963), pages 438–451. Springer-Verlag, 1995.Google Scholar
  15. 15.
    T. Okamoto. Threshold key-recovery system for RSA. In Proceedings of 1997 Security Protocols Workshop. Paris. April, 1997.Google Scholar
  16. 16.
    T. Pedersen. Distributed provers with applications to undeniable signatures. In Advances in Cryptology — Proceedings of EUROCRYPT'91 (LNCS 547), pages 221–242. Springer-Verlag, 1991.Google Scholar
  17. 17.
    T. Pedersen. A threshold cryptosystem without a trusted party. In Advances in Cryptology — Proceedings of EUROCRYPT'91 (LNCS 547), pages 522–526. Springer-Verlag, 1991.Google Scholar
  18. 18.
    T. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology — Proceedings of CRYPTO'91 (LNCS 576), pages 129–140. Springer-Verlag, 1992.Google Scholar
  19. 19.
    L.C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In Advances in Cryptology — Proceedings of EUROCRYPT'88 (LNCS 330), pages 123–128. Springer-Verlag, 1988.Google Scholar
  20. 20.
    R.L. Rivest, A. Shamir and L.M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM v.21, n.2, 1978, pages 120–126.CrossRefMathSciNetGoogle Scholar
  21. 21.
    M.O. Rabin. Digital signatures and public-key functions as intractable as factorization. MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212. 1979.Google Scholar
  22. 22.
    A. Shamir. How to share a secret. Communications of the ACM 22, 1979, pages 612–613.MATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    C.P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):161–174, 1991.MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    M. Stadler. Publicly Verifiable Secret Sharing. In Advances in Cryptology — Proceedings of EUROCRYPT'96 (LNCS 1070), pages 190–199. Springer-Verlag, 1996.Google Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Wenbo Mao
    • 1
  1. 1.Hewlett-Packard LaboratoriesBristolUK

Personalised recommendations