Abstract
We present a new multiparty protocol for the distributed generation of biprime RSA moduli, with security against any subset of maliciously colluding parties assuming oblivious transfer and the hardness of factoring. Our protocol is highly modular, and its uppermost layer can be viewed as a template that generalizes the structure of prior works and leads to a simpler security proof. We introduce a combined sampling-and-sieving technique that eliminates both the inherent leakage in the approach of Frederiksen et al. (Crypto’18), and the dependence upon additively homomorphic encryption in the approach of Hazay et al. (JCrypt’19). We combine this technique with an efficient, privacy-free check to detect malicious behavior retroactively when a sampled candidate is not a biprime, and thereby overcome covert rejection-sampling attacks and achieve both asymptotic and concrete efficiency improvements over the previous state of the art.
| Original language | English |
|---|---|
| Title of host publication | Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings |
| Editors | Daniele Micciancio, Thomas Ristenpart |
| Publisher | Springer |
| Pages | 64-93 |
| Number of pages | 30 |
| ISBN (Print) | 9783030568764 |
| DOIs | |
| State | Published - 2020 |
| Externally published | Yes |
| Event | 40th Annual International Cryptology Conference, CRYPTO 2020 - Santa Barbara, United States Duration: 17 Aug 2020 → 21 Aug 2020 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 12172 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 40th Annual International Cryptology Conference, CRYPTO 2020 |
|---|---|
| Country/Territory | United States |
| City | Santa Barbara |
| Period | 17/08/20 → 21/08/20 |
Bibliographical note
Publisher Copyright:© International Association for Cryptologic Research 2020.
Funding
This research was supported in part by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Project Activity (IARPA) under contract number 2019-19-020700009 (ACHILLES). The authors thank Muthuramakrishnan Venkitasubramaniam for the useful conversations and insights he provided, Tore Frederiksen for reviewing and confirming our cost analysis of his protocol [16], and Xiao Wang and Peter Scholl for providing detailed cost analyses of their respective protocols [21,34]. This research was supported in part by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Project Activity (IARPA) under contract number 2019-19-020700009 (ACHILLES). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ODNI, IARPA, DoI/NBC, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon.
| Funders | Funder number |
|---|---|
| ACHILLES | |
| Xiao Wang and Peter Scholl | 21,34 |
| Office of the Director of National Intelligence | |
| Intelligence Advanced Research Projects Activity | 2019-19-020700009 |