Cryptology ePrint Archive: Report 2012/336
RSA modulus generation in the two-party case
Abstract: In this paper, secure two-party protocols are provided in order to
securely generate a random $k$-bit RSA modulus $n$ keeping its factorization secret. We first show that most existing
two-party protocols based on Boneh's test are not correct: an RSA modulus can be output in the malicious case.
Recently, Hazay et al. proposed the first proven secure protocol against any polynomial active adversary. However, their protocol is very costly: several hours are required to output a 1024-bit RSA modulus on a standard platform. In this paper, we propose an other approach consisting of post-processing efficient existing Boneh's based protocols. The running time of this post-processing can be neglected with respect to the running time of the whole protocol.
Category / Keywords: cryptographic protocols / RSA modulus, Boneh's test, keys share
Publication Info: accepted in the industrial track of ACNS'12 (without proceedings)
Date: received 13 Jun 2012
Contact author: gavin at univ-lyon1 fr
Available format(s): PDF | BibTeX Citation
Version: 20120622:193411 (All versions of this report)
Short URL: ia.cr/2012/336
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]