Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
A new public key cryptosystem based on higher residues
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Adaptive Security for Threshold Cryptosystems
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Parallel Reducibility for Information-Theoretically Secure Computation
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient Generation of Shared RSA Keys (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Generation of Shared RSA Keys by Two Parties
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Adaptively-Secure Optimal-Resilience Proactive RSA
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Optimal-resilience proactive public-key cryptosystems
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Verifiable secret-ballot elections
Verifiable secret-ballot elections
A practical scheme for non-interactive verifiable secret sharing
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
A threshold cryptosystem without a trusted party
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Secure distributed key generation for discrete-log based cryptosystems
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Adaptively secure threshold cryptography: introducing concurrency, removing erasures
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Protecting user data in ubiquitous computing: towards trustworthy environments
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Threshold cryptography in mobile ad hoc networks
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Group signatures with efficient concurrent join
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
Pedersen designed the first scheme for generating Discrete-Log keys without any trusted dealer in 1991. As this protocol is simple and efficient, it appeared to be very attractive. For a long time, this robust algorithm has been trusted as being secure. However, in 1999, Gennaro et al. proved that one of the requirements is not guaranteed: more precisely, the property that the key is uniformly distributed in the key space. Their main objective was to repair the security flaw without sacrificing on efficiency. As a result, the protocol became secure but somehow unpractical. In particular, the "complaint phase", in which cheaters are thrown out, makes the scheme overly complex and difficult to deal with in practical situations. In order to avoid this phase and other drawbacks such as the initialization phase where private channels have to be created, we present a one round scheme which generates a discrete-log key with public channels only. Finally, we show how to improve the efficiency of our algorithm when the number of servers increases.