Paper 2011/494

Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, Tomas Toft, and Angelo Agatino Nicolosi

Abstract

The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for distributively generating an RSA composite with security against malicious behavior. Our second contribution is complete Paillier [Pai99] threshold encryption scheme in the two-party setting with security against malicious behavior. Furthermore, we describe how to extend our protocols to the multiparty setting with dishonest majority. Our RSA key generation is comprised of the following: (i) a distributed protocol for generation of an RSA composite, and (ii) a biprimality test for verifying the validity of the generated composite. Our Paillier threshold encryption scheme uses the RSA composite as public key and is comprised of: (i) a distributed generation of the corresponding secret-key shares and, (ii) a distributed decryption protocol for decrypting according to Paillier.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. CT-RSA
Keywords
Secure Two-Party ComputationRSA GenerationThreshold Encryption SchemePaillier
Contact author(s)
gert l mikkelsen @ alexandsra dk
History
2017-12-22: last of 3 revisions
2011-09-13: received
See all versions
Short URL
https://ia.cr/2011/494
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/494,
      author = {Carmit Hazay and Gert Læssøe Mikkelsen and Tal Rabin and Tomas Toft and Angelo Agatino Nicolosi},
      title = {Efficient {RSA} Key Generation and Threshold Paillier in the Two-Party Setting},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/494},
      year = {2011},
      url = {https://eprint.iacr.org/2011/494}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.