Abstract
Secure distributed generation of RSA moduli (e.g., generating N = pq where none of the parties learns anything about p or q) is an important cryptographic task, that is needed both in threshold implementations of RSA-based cryptosystems and in other, advanced cryptographic protocols that assume that all the parties have access to a trusted RSA modulo. In this paper, we provide a novel protocol for secure distributed RSA key generation based on the Miller-Rabin test. Compared with the more commonly used Boneh-Franklin test (which requires many iterations), the Miller-Rabin test has the advantage of providing negligible error after even a single iteration of the test for large enough moduli (e.g., 4096 bits). From a technical point of view, our main contribution is a novel divisibility test which allows to perform the primality test in an efficient way, while keeping p and q secret. Our semi-honest RSA generation protocol uses any underlying secure multiplication protocol in a black-box way, and our protocol can therefore be instantiated in both the honest or dishonest majority setting based on the chosen multiplication protocol. Our semi-honest protocol can be upgraded to protect against active adversaries at low cost using existing compilers. Finally, we provide an experimental evaluation showing that for the honest majority case, our protocol is much faster than Boneh-Franklin.
| Original language | English |
|---|---|
| Title of host publication | CCS '23 : Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security |
| Editors | Weizhi Meng, Christian Damsgaard Jensen, Cas Cremers, Engin Kirda |
| Number of pages | 15 |
| Place of publication | New York |
| Publisher | Association for Computing Machinery |
| Publication date | 21 Nov 2021 |
| Pages | 2501-2515 |
| ISBN (Print) | 979-8-4007-0050-7 |
| DOIs | |
| Publication status | Published - 21 Nov 2021 |
Keywords
- RSA
- Secure multiparty computation
- threshold cryptography