Theory of linear and integer programming
Theory of linear and integer programming
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Multiparty unconditionally secure protocols
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Non-cryptographic fault-tolerant computing in constant number of rounds of interaction
Proceedings of the eighth annual ACM Symposium on Principles of distributed computing
Efficient checking of polynomials and proofs and the hardness of approximation problems
Efficient checking of polynomials and proofs and the hardness of approximation problems
Witness-based cryptographic program checking and robust function sharing
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Robust efficient distributed RSA-key generation
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Signature schemes based on the strong RSA assumption
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Society and Group Oriented Cryptography: A New Concept
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient Generation of Shared RSA Keys (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
New Efficient and Secure Protocols for Verifiable Signature Sharing and Other Applications
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Optimal-resilience proactive public-key cryptosystems
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Collision-free accumulators and fail-stop signature schemes without trees
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient generation of shared RSA keys
Journal of the ACM (JACM)
RSA-Based Undeniable Signatures for General Moduli
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Fully Distributed Threshold RSA under Standard Assumptions
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Threshold Cryptosystems Based on Factoring
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
RSA Key Generation with Verifiable Randomness
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
A New Distributed Primality Test for Shared RSA Keys Using Quadratic Fields
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Adaptive Security in the Threshold Setting: From Cryptosystems to Signature Schemes
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An asynchronous protocol for distributed computation of RSA inverses and its applications
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Multi-Party Computation with Omnipresent Adversary
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Reducing the Complexity in the Distributed Computation of Private RSA Keys
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Distributed paillier cryptosystem without trusted dealer
WISA'10 Proceedings of the 11th international conference on Information security applications
Shared RSA key generation in a mobile ad hoc network
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
GBD threshold cryptography with an application to RSA key recovery
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Optimizing robustness while generating shared secret safe primes
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Threshold and proactive pseudo-random permutations
TCC'06 Proceedings of the Third conference on Theory of Cryptography
| Hi-index | 0.01 |
We discuss the following problem: Given an integer φ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e-1 mod φ. The most interesting case is when φ is the Euler function of a known RSA modulus N, φ = φ(N). The problem has several applications, among which the construction of threshold variants for two recent signature schemes proposed by Gennaro-Halevi-Rabin and Cramer-Shoup. We present new and efficient protocols to solve this problem, improving over previous solutions by Boneh-Franklin and Frankel et al. Our basic protocol (secure against honest but curious players) requires only two rounds of communication and a single GCD computation. The robust protocol (secure against malicious players) adds only a couple of rounds and a few modular exponentiations to the computation.