Cited By
View all- Delahaye J(2024)Des premiers aux pseudo-premiersPour la Science10.3917/pls.558.0080N° 558 – Avril:4(80-85)Online publication date: 28-Mar-2024
Improved Distributed RSA Key Generation Using the Miller-Rabin Test
Authors: 
Jakob Burkhardt, Ivan Damgård, Tore Kasper Frederiksen, Satrajit Ghosh, Claudio OrlandiAuthors Info & Claims
Jakob Burkhardt, Ivan Damgård, Tore Kasper Frederiksen, Satrajit Ghosh, Claudio OrlandiAuthors Info & ClaimsPages 2501 - 2515
Abstract
Secure distributed generation of RSA moduli (e.g., generating N=pq where none of the parties learns anything about p or q) is an important cryptographic task, that is needed both in threshold implementations of RSA-based cryptosystems and in other, advanced cryptographic protocols that assume that all the parties have access to a trusted RSA modulo. In this paper, we provide a novel protocol for secure distributed RSA key generation based on the Miller-Rabin test. Compared with the more commonly used Boneh-Franklin test (which requires many iterations), the Miller-Rabin test has the advantage of providing negligible error after even a single iteration of the test for large enough moduli (e.g., 4096 bits).
From a technical point of view, our main contribution is a novel divisibility test which allows to perform the primality test in an efficient way, while keeping p and q secret.
Our semi-honest RSA generation protocol uses any underlying secure multiplication protocol in a black-box way, and our protocol can therefore be instantiated in both the honest or dishonest majority setting based on the chosen multiplication protocol. Our semi-honest protocol can be upgraded to protect against active adversaries at low cost using existing compilers. Finally, we provide an experimental evaluation showing that for the honest majority case, our protocol is much faster than Boneh-Franklin.
References
[1]
Joy Algesheimer, Jan Camenisch, and Victor Shoup. 2002. Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products. In CRYPTO 2002 (LNCS, Vol. 2442), Moti Yung (Ed.). Springer, Heidelberg, 417--432. https://doi.org/10.1007/3--540--45708--9_27
[2]
AWS. 2023. Amazon EC2 On-Demand Pricing. https://aws.amazon.com/ec2/ pricing/on-demand/. Accessed: 2023-05-02.
[3]
Judit Bar-Ilan and Donald Beaver. 1989. Non-Cryptographic Fault-Tolerant Computing in Constant Number of Rounds of Interaction. In 8th ACM PODC, Piotr Rudnicki (Ed.). ACM, 201--209. https://doi.org/10.1145/72981.72995
[4]
Josh Cohen Benaloh and Michael de Mare. 1994. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract). In EUROCRYPT'93 (LNCS, Vol. 765), Tor Helleseth (Ed.). Springer, Heidelberg, 274--285. https://doi.org/10.1007/3--540--48285--7_24
[5]
Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. 2018. Verifiable Delay Functions. In CRYPTO 2018, Part I (LNCS, Vol. 10991), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 757--788. https://doi.org/10. 1007/978--3--319--96884--1_25
[6]
Dan Boneh, Benedikt Bünz, and Ben Fisch. 2019. Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains. In CRYPTO 2019, Part I (LNCS, Vol. 11692), Alexandra Boldyreva and Daniele Micciancio (Eds.). Springer, Heidelberg, 561--586. https://doi.org/10.1007/978--3-030--26948--7_20
[7]
Dan Boneh and Matthew K. Franklin. 1997. Efficient Generation of Shared RSA Keys (Extended Abstract). In CRYPTO'97 (LNCS, Vol. 1294), Burton S. Kaliski Jr. (Ed.). Springer, Heidelberg, 425--439. https://doi.org/10.1007/BFb0052253
[8]
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Rindal, and Peter Scholl. 2019. Efficient Two-Round OT Extension and Silent NonInteractive Secure Computation. In ACM CCS 2019, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM Press, 291--308. https: //doi.org/10.1145/3319535.3354255
[9]
Jakob Burkhardt, Ivan Damgård, Tore Frederiksen, Satrajit Ghosh, and Claudio Orlandi. 2023. Improved Distributed RSA Key Generation Using the Miller-Rabin Test. Cryptology ePrint Archive, Paper 2023/644. https://eprint.iacr.org/2023/644
[10]
Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In CRYPTO 2002 (LNCS, Vol. 2442), Moti Yung (Ed.). Springer, Heidelberg, 61--76. https://doi.org/10.1007/3- 540--45708--9_5
[11]
Megan Chen, Jack Doerner, Yashvanth Kondi, Eysa Lee, Schuyler Rosefield, abhi shelat, and Ran Cohen. 2022. Multiparty Generation of an RSA Modulus. Journal of Cryptology 35, 2 (April 2022), 12. https://doi.org/10.1007/s00145-021-09395-y
[12]
Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, abhi shelat, Muthu Venkitasubramaniam, and Ruihan Wang. 2021. Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority. In 2021 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 590--607. https://doi.org/10.1109/SP40001.2021.00025
[13]
Ivan Damgård, Peter Landrock, and Carl Pomerance. 1993. Average case error estimates for the strong probable prime test. Mathematics of computation 61, 203 (1993), 177--194.
[14]
Ivan Damgård and Gert Læssøe Mikkelsen. 2010. Efficient, Robust and ConstantRound Distributed RSA Key Generation. In TCC 2010 (LNCS, Vol. 5978), Daniele Micciancio (Ed.). Springer, Heidelberg, 183--200. https://doi.org/10.1007/978--3- 642--11799--2_12
[15]
Ivan Damgård, Claudio Orlandi, and Mark Simkin. 2018. Yet Another Compiler for Active Security or: Efficient MPC Over Arbitrary Rings. In CRYPTO 2018, Part II (LNCS, Vol. 10992), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 799--829. https://doi.org/10.1007/978--3--319--96881-0_27
[16]
Cyprien Delpech de Saint Guilhem, Eleftheria Makri, Dragos Rotaru, and Titouan Tanguy. 2021. The Return of Eratosthenes: Secure Generation of RSA Moduli using Distributed Sieving. In ACM CCS 2021, Giovanni Vigna and Elaine Shi (Eds.). ACM Press, 594--609. https://doi.org/10.1145/3460120.3484754
[17]
Didier Deshommes. 2023. GMP-java. https://github.com/dfdeshom/GMP-java. Accessed: 2023-07--27.
[18]
Hendrik Eerikson, Marcel Keller, Claudio Orlandi, Pille Pullonen, Joonas Puura, and Mark Simkin. 2019. Use your brain! Arithmetic 3PC for any modulus with active security. Cryptology ePrint Archive (2019).
[19]
Hendrik Eerikson, Marcel Keller, Claudio Orlandi, Pille Pullonen, Joonas Puura, and Mark Simkin. 2020. Use Your Brain! Arithmetic 3PC for Any Modulus with Active Security. In ITC 2020, Yael Tauman Kalai, Adam D. Smith, and Daniel Wichs (Eds.). Schloss Dagstuhl, 5:1--5:24. https://doi.org/10.4230/LIPIcs.ITC.2020.5
[20]
Yair Frankel, Philip D. MacKenzie, and Moti Yung. 1998. Robust Efficient Distributed RSA-Key Generation. In STOC, Jeffrey Scott Vitter (Ed.). ACM, 663--672. https://doi.org/10.1145/276698.276882
[21]
Tore Kasper Frederiksen, Yehuda Lindell, Valery Osheter, and Benny Pinkas. 2018. Fast Distributed RSA Key Generation for Semi-honest and Malicious Adversaries. In CRYPTO 2018, Part II (LNCS, Vol. 10992), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 331--361. https://doi.org/10.1007/978--3- 319--96881-0_12
[22]
Rosario Gennaro, Michael O. Rabin, and Tal Rabin. 1998. Simplified VSS and FastTrack Multiparty Computations with Applications to Threshold Cryptography. In 17th ACM PODC, Brian A. Coan and Yehuda Afek (Eds.). ACM, 101--111. https://doi.org/10.1145/277697.277716
[23]
Niv Gilboa. 1999. Two Party RSA Key Generation. In CRYPTO'99 (LNCS, Vol. 1666), Michael J. Wiener (Ed.). Springer, Heidelberg, 116--129. https://doi.org/10.1007/3- 540--48405--1_8
[24]
Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CT-RSA (Lecture Notes in Computer Science, Vol. 7178), Orr Dunkelman (Ed.). Springer, 313--331. https://doi.org/10.1007/978--3--642--27954--6_20
[25]
Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CTRSA 2012 (LNCS, Vol. 7178), Orr Dunkelman (Ed.). Springer, Heidelberg, 313--331. https://doi.org/10.1007/978--3--642--27954--6_20
[26]
Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, Tomas Toft, and Angelo Agatino Nicolosi. 2019. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. Journal of Cryptology 32, 2 (April 2019), 265--323. https: //doi.org/10.1007/s00145-017--9275--7
[27]
Yuval Ishai, Manoj Prabhakaran, and Amit Sahai. 2009. Secure Arithmetic Computation with No Honest Majority. In TCC 2009 (LNCS, Vol. 5444), Omer Reingold (Ed.). Springer, Heidelberg, 294--314. https://doi.org/10.1007/978--3--642-00457- 5_18
[28]
Mitsuru Ito, Akira Saito, and Takao Nishizeki. 1989. Secret sharing scheme realizing general access structure. Electronics and Communications in Japan (Part III: Fundamental Electronic Science) 72, 9 (1989), 56--64. https://doi.org/10.1002/ecjc.4430720906 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/ecjc.4430720906
[29]
Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2015. Actively Secure OT Extension with Optimal Overhead. In CRYPTO 2015, Part I (LNCS, Vol. 9215), Rosario Gennaro and Matthew J. B. Robshaw (Eds.). Springer, Heidelberg, 724-- 741. https://doi.org/10.1007/978--3--662--47989--6_35
[30]
Michael Malkin, Thomas D. Wu, and Dan Boneh. 1999. Experimenting with Shared Generation of RSA Keys. In NDSS'99. The Internet Society.
[31]
Gary L Miller. 1976. Riemann's hypothesis and tests for primality. Journal of computer and system sciences 13, 3 (1976), 300--317.
[32]
Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In EUROCRYPT'99 (LNCS, Vol. 1592), Jacques Stern (Ed.). Springer, Heidelberg, 223--238. https://doi.org/10.1007/3--540--48910-X_16
[33]
Guillaume Poupard and Jacques Stern. 1998. Generation of Shared RSA Keys by Two Parties. In ASIACRYPT (Lecture Notes in Computer Science, Vol. 1514), Kazuo Ohta and Dingyi Pei (Eds.). Springer, 11--24. https://doi.org/10.1007/3- 540--49649--1_2
[34]
Michael O Rabin. 1980. Probabilistic algorithm for testing primality. Journal of number theory 12, 1 (1980), 128--138.
[35]
Ronald L Rivest, Adi Shamir, and Leonard Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (1978), 120--126.
[36]
Ronald L Rivest, Adi Shamir, and David A Wagner. 1996. Time-lock puzzles and timed-release crypto. (1996).
[37]
Lawrence Roy. 2022. SoftSpokenOT: Quieter OT Extension from Small-Field Silent VOLE in the Minicrypt Model. In CRYPTO 2022, Part I (LNCS, Vol. 13507), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer, Heidelberg, 657--687. https://doi.org/10.1007/978--3-031--15802--5_23
[38]
Omer Shlomovits. 2020. Diogenes Octopus*: Playing Red Team for Eth2.0 VDF. Medium blog post. https://medium.com/zengo/diogenes-octopus-playing-redteam-for-eth2-0-vdf-part-1-dac3f2e3cc7b
[39]
Omer Shlomovits. 2020. DogByte Attack: Playing Red Team for Eth2.0 VDF. Medium blog post. https://medium.com/zengo/dogbyte-attack-playing-redteam-for-eth2-0-vdf-ea2b9b2152af
[40]
Benjamin Wesolowski. 2019. Efficient Verifiable Delay Functions. In EUROCRYPT 2019, Part III (LNCS, Vol. 11478), Yuval Ishai and Vincent Rijmen (Eds.). Springer, Heidelberg, 379--407. https://doi.org/10.1007/978--3-030--17659--4_13
Index Terms
- Improved Distributed RSA Key Generation Using the Miller-Rabin Test
Recommendations
Secure and practical threshold RSA
SIN '13: Proceedings of the 6th International Conference on Security of Information and NetworksThis article describes a scheme that outputs RSA signatures using a threshold mechanism in which each share has a bitlength close to the bitlength of the RSA modulus. The scheme is proven unforgeable under the standard RSA assumption against an honest ...
Efficient generation of shared RSA keys
We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is ...
Password-authenticated key exchange based on RSA
Special Issue on Special Purpose Protocols;Guest Editor:Moti YungThere have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only ones ...
Comments
Information & Contributors
Information
Published In
November 2023
3722 pages
ISBN:9798400700507
DOI:10.1145/3576915
- General Chairs:
- Weizhi Meng,
- Christian D. Jensen,
- Program Chairs:
- Cas Cremers,
- Engin Kirda
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 November 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Danish Independent Research Council
- European Research Council
- Carlsbergfondet
- Concordium Blockchain Research Center
- EU Horizon 2020
Conference
CCS '23
Sponsor:
CCS '23: ACM SIGSAC Conference on Computer and Communications Security
November 26 - 30, 2023
Copenhagen, Denmark
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 161Total Downloads
- Downloads (Last 12 months)161
- Downloads (Last 6 weeks)11
Reflects downloads up to
Other Metrics
Citations
Cited By
View all- Delahaye J(2024)Des premiers aux pseudo-premiersPour la Science10.3917/pls.558.0080N° 558 – Avril:4(80-85)Online publication date: 28-Mar-2024
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in