Paper 2018/577

Fast Distributed RSA Key Generation for Semi-Honest and Malicious Adversaries

Tore Kasper Frederiksen, Yehuda Lindell, Valery Osheter, and Benny Pinkas


We present two new, highly efficient, protocols for securely generating a distributed RSA key pair in the two-party setting. One protocol is semi-honestly secure and the other maliciously secure. Both are constant round and do not rely on any specific number-theoretic assumptions and improve significantly over the state-of-the-art by allowing a slight leakage (which we show to not affect security). For our maliciously secure protocol our most significant improvement comes from executing most of the protocol in a ``strong'' semi-honest manner and then doing a single, light, zero-knowledge argument of correct execution. We introduce other significant improvements as well. One such improvement arrives in showing that certain, limited leakage does not compromise security, which allows us to use lightweight subprotocols. Another improvement, which may be of independent interest, comes in our approach for multiplying two large integers using OT, in the malicious setting, without being susceptible to a selective-failure attack. Finally, we implement our malicious protocol and show that its performance is an order of magnitude better than the best previous protocol, which provided only semi-honest security.

Note: This revision is the full version of the paper and includes a bug fix of step 2 of the biprimality test (present in the proceedings version) which we were kindly informed about by Muthuramakrishnan Venkitasubramaniam and Samuel Ranellucci.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2018
RSADistributed Cryptography
Contact author(s)
lindell @ biu ac il
tore frederiksen @ alexandra dk
2019-10-03: last of 2 revisions
2018-06-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tore Kasper Frederiksen and Yehuda Lindell and Valery Osheter and Benny Pinkas},
      title = {Fast Distributed {RSA} Key Generation for Semi-Honest and Malicious Adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2018/577},
      year = {2018},
      doi = {10.1007/978-3-319-96881-0_12},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.