## Cryptology ePrint Archive: Report 2012/336

RSA modulus generation in the two-party case

Gerald Gavin

Abstract: In this paper, secure two-party protocols are provided in order to securely generate a random $k$-bit RSA modulus $n$ keeping its factorization secret. We first show that most existing two-party protocols based on Boneh's test are not correct: an RSA modulus can be output in the malicious case. Recently, Hazay et al. proposed the first proven secure protocol against any polynomial active adversary. However, their protocol is very costly: several hours are required to output a 1024-bit RSA modulus on a standard platform. In this paper, we propose an other approach consisting of post-processing efficient existing Boneh's based protocols. The running time of this post-processing can be neglected with respect to the running time of the whole protocol.

Category / Keywords: cryptographic protocols / RSA modulus, Boneh's test, keys share

Publication Info: accepted in the industrial track of ACNS'12 (without proceedings)