Multiparty Generation of an RSA Modulus

Megan Chen, Jack Doerner, Yashvanth Kondi, Eysa Lee, Schuyler Rosefield, Abhi Shelat, Ran Cohen

Research output: Contribution to journalArticlepeer-review

6 Scopus citations

Abstract

We present a new multiparty protocol for the distributed generation of biprime RSA moduli, with security against any subset of maliciously colluding parties assuming oblivious transfer and the hardness of factoring. Our protocol is highly modular, and its uppermost layer can be viewed as a template that generalizes the structure of prior works and leads to a simpler security proof. We introduce a combined sampling-and-sieving technique that eliminates both the inherent leakage in the approach of Frederiksen et al. (Crypto’18) and the dependence upon additively homomorphic encryption in the approach of Hazay et al. (JCrypt’19). We combine this technique with an efficient, privacy-free check to detect malicious behavior retroactively when a sampled candidate is not a biprime and thereby overcome covert rejection-sampling attacks and achieve both asymptotic and concrete efficiency improvements over the previous state of the art.

Original languageEnglish
Article number12
JournalJournal of Cryptology
Volume35
Issue number2
DOIs
StatePublished - Apr 2022
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2022, International Association for Cryptologic Research.

Funding

The authors thank Muthuramakrishnan Venkitasubramaniam for the useful conversations and insights he provided, Tore Frederiksen for reviewing and confirming our cost analysis of his protocol [], Peter Scholl and Xiao Wang for providing detailed cost analyses of their respective protocols [, ], and Nigel Smart for pointing out the connection to Residue Number Systems. This research was supported in part by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Project Activity (IARPA) under contract number 2019-19-020700009 (ACHILLES). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ODNI, IARPA, DoI/NBC, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon.

FundersFunder number
ACHILLES
Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity2019-19-020700009

    Keywords

    • Biprime sampling
    • Concrete efficiency
    • Multiparty computation
    • RSA
    • Threshold cryptography

    Fingerprint

    Dive into the research topics of 'Multiparty Generation of an RSA Modulus'. Together they form a unique fingerprint.

    Cite this