A key-exchange system based on imaginary quadratic fields
Journal of Cryptology
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Prime numbers and computer methods for factorization (2nd ed.)
Prime numbers and computer methods for factorization (2nd ed.)
Efficient Generation of Shared RSA Keys (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Practical Threshold RSA Signatures without a Trusted Dealer
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Fully Distributed Threshold RSA under Standard Assumptions
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Generating a Product of Three Primes with an Unknown Factorization
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Computing inverses over a shared secret modulus
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Practical threshold signatures
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
In the generation method for RSA-moduli proposed by Boneh and Franklin in [BF97] the partial signing servers generate random shares pi, qi and compute as candidate for an RSA-modulus n = pq where p = (驴pi) and q = (驴qi). Then they perform a time-consuming distributed primality test which simultaneously checks the primality both of p and q by computing g(p-1)(q-1) = 1 mod n. The primality test proposed in [BF97] cannot be generalized to products of more than two primes. A more complicated one for products of three primes was presented in [BH98].In this paper we propose a new distributed primality test, which can independently prove the primality of p or q for the public modulus n = pq and can be easily generalized to products of arbitrarily many factors, i.e., the Multi-Prime RSA of PKCS #1 v2.0 Amendment 1.0 [PKCS]. The proposed scheme can be applied in parallel for each factor p and q. We use properties of the group Cl(-8n2), which is the class group of the quadratic field with discriminant -8n2.As it is the case with the Boneh-Franklin protocol our protocol is 驴k-1/2驴-private, i.e. less than 驴k-1/2驴 colluding servers cannot learn any information about the primes of the generated modulus. The security of the proposed scheme is based on the intractability of the discrete logarithm problem in Cl(-8n2) and on the intractability of a new number theoretic problem which seems to be intractable too.