Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting
The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for distributively generating an RSA composite with...
Saved in:
| Published in: | Journal of cryptology Vol. 32; no. 2; pp. 265 - 323 |
|---|---|
| Main Authors: | , , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
New York
Springer US
15-04-2019
Springer Nature B.V |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic
fully simulatable
protocol for distributively generating an RSA composite with security against malicious behavior. Our second contribution is a
complete
Paillier (in: EUROCRYPT, pp 223–238,
1999
) threshold encryption scheme in the two-party setting with security against malicious attacks. We further describe how to extend our protocols to the multiparty setting with dishonest majority. Our RSA key generation protocol is comprised of the following subprotocols: (
i
) a distributed protocol for generation of an RSA composite and (
ii
) a biprimality test for verifying the validity of the generated composite. Our Paillier threshold encryption scheme uses the RSA composite for the public key and is comprised of the following subprotocols: (
i
) a distributed generation of the corresponding secret key shares and (
ii
) a distributed decryption protocol for decrypting according to Paillier. |
|---|---|
| ISSN: | 0933-2790 1432-1378 |
| DOI: | 10.1007/s00145-017-9275-7 |