Paper 2012/336

RSA modulus generation in the two-party case

Gerald Gavin

Abstract

In this paper, secure two-party protocols are provided in order to securely generate a random $k$-bit RSA modulus $n$ keeping its factorization secret. We first show that most existing two-party protocols based on Boneh's test are not correct: an RSA modulus can be output in the malicious case. Recently, Hazay et al. proposed the first proven secure protocol against any polynomial active adversary. However, their protocol is very costly: several hours are required to output a 1024-bit RSA modulus on a standard platform. In this paper, we propose an other approach consisting of post-processing efficient existing Boneh's based protocols. The running time of this post-processing can be neglected with respect to the running time of the whole protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. accepted in the industrial track of ACNS'12 (without proceedings)
Keywords
RSA modulusBoneh's testkeys share
Contact author(s)
gavin @ univ-lyon1 fr
History
2012-06-22: received
Short URL
https://ia.cr/2012/336
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/336,
      author = {Gerald Gavin},
      title = {{RSA} modulus generation in the two-party case},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/336},
      year = {2012},
      url = {https://eprint.iacr.org/2012/336}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.