We present a solution to both the robust threshold RSA and proactive RSA problems. Our solutions are conceptually simple, and allow for an easy design of the system. The signing key, in our solution, is shared at all times in additive form, which allows for simple signing and for a particularly efficient and straightforward refreshing process for proactivization. The key size is (up to a very small constant) the size of the RSA modulus, and the protocol runs in constant time, even when faults occur, unlike previous protocols where either the size of the key has a linear blow-up (at best) in the number of players or the run time of the protocol is linear in the number of faults. The protocol is optimal in its resilience as it can tolerate a minority of faulty players. Furthermore, unlike previous solutions, the existence and availability of the key throughout the lifetime of the system, is guaranteed without probability of error.
These results are derived from a new general technique for transforming distributed computations for which there is a known n-out-n solution into threshold and robust computations.
- threshold signatures
- proactive signatures
- threshold and proactive RSA
D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In Crypto '97, pages 425–439, 1997. Springer-Verlag. LNCS No. 1294.
M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computations. In Proc. 20th Annual Symp. on the Theory of Computing, pages 1–10. ACM, 1988.
C. Boyd. Digital Multisignatures. In H. Baker and F. Piper, editors, Cryptography and Coding, pages 241–246. Claredon Press, 1989.
R. Canetti, R. Gennaro, A. Herzberg, and D. Naor. Proactive Security: Long-term Protextion Against Break-ins. CryptoBytes, 3(1):1–8, 1997.
R. A. Croft and S. P. Harris. Public-key cryptography and re-usable shared secrets. In H. Baker and F. Piper, editors, Cryptography and Coding, pages 189–201. Claredon Press, 1989.
R. Canetti and Amir Herzberg. Maintaining security in the presence of transient faults. Crypto '94, pages 425–438, 1994. Springer-Verlag. LNCS No. 839.
M. Cerecedo, T. Matsumoto, and H. Imai. Efficient and secure multiparty generation of digital signatures based on discrete logarithms. IEIGE Trans. Fundamentals, E76-A(4):532–545, 1993.
Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung. How to share a function securely. In Proc. 26th Annual Symp. on the Theory of Computing, pages 522–533. ACM, 1994.
Yvo Desmedt. Society and group oriented cryptography: A new concept. In Crypto '87, pages 120–127, Berlin, 1987. Springer-Verlag. LNCS No. 293.
Yvo G. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457, July 1994.
Yvo Desmedt and Yair Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology — Crypto '89, pages 307–315, Berlin, 1989. Springer-Verlag. LNCS No. 435.
Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Advances in Cryptology — Crypto '91, pages 457–469, Berlin, 1991. Springer-Verlag. LNCS No. 576.
Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications. Tech. Report ISSE-TR-97-01, George Mason University, July 1997. ftp://isse.gmu.edu/pub/techrep/97_01_jajodia.ps.gz.
Yair Frankel and Yvo Desmedt. Parallel reliable threshold multisignature. TR-92-04-02, April, Dept. of EE and CS, U of Wisconsin, 1992.
P. Feldman. A Practical Scheme for Non-Interactive Verifiable Secret Sharing. In Proc. 28th Annual FOCS, pages 427–437. IEEE, 1987.
Yair Frankel, P. Gemmell, P. Mackenzie, and M. Yung. Proactive RSA. In Crypto '97, pages 440–454, 1997. Springer-Verlag. LNCS No. 1294.
Y. Frankel, P. Gemmell, P. Mackenzie, and M. Yung. Optimal resilience proactive public-key cryptosystems. In Proc. 38th FOCS, pages 384–393. IEEE, 1997.
Y. Frankel, P. Gemmell, and M. Yung. Witness-based Cryptographic Program Checking and Robust Function Sharing. In Proc. 28th STOC, pages 499–508. ACM, 1996.
P. Feldman and S. Micali. An Optimal Algorithm for Synchronous Byzantine Agreement. In Proc. 20th STOC, pages 148–161. ACM, 1988.
Y. Frankel. A practical protocol for large group oriented networks. In Eurocrypt '89, pages 56–61, 1989. Springer-Verlag. LNCS No. 434.
Z. Galil, S. Haber, and M. Yung. Cryptographic computation: Secure faut-tolerant protocols and the public-key model. In Crypto '87, pages 135–155, 1987. Springer-Verlag. LNCS No. 293.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In Eurocrypt '96, pages 354–371, 1996. Springer-Verlag. LNCS No. 1070.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In Crypto '96, pages 157–172, 1996. Springer-Verlag. LNCS No. 1109.
L. Harn. Group oriented (t,n) digital signature scheme. IEE Proc.-Comput.Digit.Tech, 141(5):307–313, Sept 1994.
[HJJ+97] Amir Herzberg, M. Jakobsson, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive public key and signature systems. In 1997 ACM Conference on Computers and Communication Security, 1997.
M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. Proactive RSA for Constant-Size Thresholds. Upublished manuscript, 1995.
R. Ostrovsky and M. Yung. How to withstand mobile virus attacks. In Proc. 10th PODC, pages 51–59. ACM, 1991.
Editors and Affiliations
Rights and permissions
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rabin, T. (1998). A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055722
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64892-5
Online ISBN: 978-3-540-68462-6
eBook Packages: Springer Book Archive