Efficient RSA key generation and threshold Paillier in the two-party setting

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, Tomas Toft

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

57 Scopus citations

Abstract

The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for distributively generating an RSA composite with security against malicious behavior in the two party setting. Our second contribution is a complete Paillier [37] threshold encryption scheme in the two-party setting with security against malicious behavior. Our RSA key generation is comprised of the following: (i) a distributed protocol for generation of an RSA composite, and (ii) a biprimality test for verifying the validity of the generated composite. Our Paillier threshold encryption scheme uses the RSA composite as public key and is comprised of: (i) a distributed generation of the corresponding secret-key shares and, (ii) a distributed decryption protocol for decrypting according to Paillier.

Original languageEnglish
Title of host publicationTopics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings
Pages313-331
Number of pages19
DOIs
StatePublished - 2012
Externally publishedYes
Event12th Cryptographers' Track at the RSA Conference, CT-RSA 2012 - San Francisco, CA, United States
Duration: 27 Feb 20122 Mar 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7178 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th Cryptographers' Track at the RSA Conference, CT-RSA 2012
Country/TerritoryUnited States
CitySan Francisco, CA
Period27/02/122/03/12

Fingerprint

Dive into the research topics of 'Efficient RSA key generation and threshold Paillier in the two-party setting'. Together they form a unique fingerprint.

Cite this