Efficient Generation of Shared RSA keys
نویسنده
چکیده
In Public key Cryptosystems, exchanging public keys among the communicating parties is very important. Since an adversary can impersonate a legitimate user and send his own public key instead of the legitimate user’s one. So that, the idea of another trusted third party that can authenticate the legitimate parties appeared. This trusted party is often called the Certification Authority (CA) [6]. The CA issues certificates that carry users’ identities along with their public keys. The CA also signs (using its private key) the certificates so that the users can trust each other. When Bob sends his certificate (which he got from the CA) to Alice, she can verify the signature appended to this certificate and make sure that it’s Bob whom she is communication with, assuming that none can forge the signature generated by the CA. Shared keys can be used to protect sensitive private keys, such as Certification Authority keys. In this case, the CA generates the private key and distributes it over several parties (servers) in such a way that each one of them will have a share of the private key but can not construct the whole key. This approach makes it harder for an adversary to break the security system (since he needs now to crack several servers not only one.) However, it still has a single point of attack, which is the party that generates the private key. So, if a hacker compromised the security of this party, he will have the private key.
منابع مشابه
Experimenting with Shared Generation of RSA Keys
We describe an implementation of a distributed algorithm to generate a shared RSA key. At the end of the computation, an RSA modulus N = pq is publicly known. All servers involved in the computation are convinced that N is a product of two large primes, however none of them know the factorization of N . In addition, a public encryption exponent is publicly known and each server holds a share of...
متن کاملEfficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products
We present a new protocol for efficient distributed computation modulo a shared secret. We further present a protocol to distributively generate a random shared prime or safe prime that is much more efficient than previously known methods. This allows to distributively compute shared RSA keys, where the modulus is the product of two safe primes, much more efficiently than was previously known.
متن کاملGBD Threshold Cryptography with an Application to RSA Key Recovery
We present protocols for threshold cryptography in the GBD public-key cryptosystem. Both threshold decryption and threshold key generation are covered, in the “honest-butcurious” setting. This shows that it is possible to perform GBD computations in a distributed manner during both key generation and decryption, without revealing the private key to any party. GBD threshold decryption is similar...
متن کاملGBD Threshold Cryptography with an Application to RSA Key Recovery
We present protocols for threshold decryption and threshold key generation in the GBD public-key cryptosystem in the “honest-butcurious” setting. These allow GBD computations to be performed in a distributed manner during both key generation and decryption, without revealing the private key to any party. GBD threshold decryption is similar to El-Gamal threshold decryption. GBD threshold key gen...
متن کاملShared Generation of Shared RSA Keys 1
The paper considers the problem of distributed key generation for shared-control RSA schemes. In particular: how can two parties generate a shared RSA key in such a way that neither party can cheat? The answer to this question would have signi cant applications to, for example, key escrow systems. Cocks has recently proposed protocols to solve this problem in the case when both parties act hone...
متن کاملSymmetric Key Management: A new approach
Many cryptographic algorithms (e.g., AES, HMAC) require the establishment of shared keying material in advance. The Federal key agreement schemes document is based on ANSI X9.42 agreement of symmetric keys using discrete logarithm cryptography, ANSI X9.44 key agreement and key transport using factoringbased cryptography and ANSI X9.63 key agreement and key transport using elliptic curve cryptog...
متن کامل