Abstract
We present a new multiparty protocol for the distributed generation of biprime RSA moduli, with security against any subset of maliciously colluding parties assuming oblivious transfer and the hardness of factoring. Our protocol is highly modular, and its uppermost layer can be viewed as a template that generalizes the structure of prior works and leads to a simpler security proof. We introduce a combined sampling-and-sieving technique that eliminates both the inherent leakage in the approach of Frederiksen et al. (Crypto’18) and the dependence upon additively homomorphic encryption in the approach of Hazay et al. (JCrypt’19). We combine this technique with an efficient, privacy-free check to detect malicious behavior retroactively when a sampled candidate is not a biprime and thereby overcome covert rejection-sampling attacks and achieve both asymptotic and concrete efficiency improvements over the previous state of the art.
Original language | English |
---|---|
Article number | 12 |
Journal | Journal of Cryptology |
Volume | 35 |
Issue number | 2 |
DOIs | |
State | Published - Apr 2022 |
Externally published | Yes |
Bibliographical note
Publisher Copyright:© 2022, International Association for Cryptologic Research.
Funding
The authors thank Muthuramakrishnan Venkitasubramaniam for the useful conversations and insights he provided, Tore Frederiksen for reviewing and confirming our cost analysis of his protocol [], Peter Scholl and Xiao Wang for providing detailed cost analyses of their respective protocols [, ], and Nigel Smart for pointing out the connection to Residue Number Systems. This research was supported in part by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Project Activity (IARPA) under contract number 2019-19-020700009 (ACHILLES). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ODNI, IARPA, DoI/NBC, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon.
Funders | Funder number |
---|---|
ACHILLES | |
Office of the Director of National Intelligence | |
Intelligence Advanced Research Projects Activity | 2019-19-020700009 |
Keywords
- Biprime sampling
- Concrete efficiency
- Multiparty computation
- RSA
- Threshold cryptography