Eliminating Quadratic Slowdown in Two-Prime RSA Function Sharing

The nature of the RSA public modulus N as a composite of at least two secret large primes was always considered as a major obstacle facing the RSA function sharing without the help of a trusted dealer. The incorporated parties must agree on a suitable RSA modulus with no information revealed to them about its prime factors. Enormous number of trials must be performed before a suitable modulus is established. According to the number theory, for two `-bit primes modulus, the number of trials is in the order of O(`2). Efforts have been made to reduce the quadratic slowdown in the generation process, however, most of these protocols allow the joint generation of a multi-prime RSA modulus (an RSA modulus with at least three prime factors), which is a drift from standard. Other protocols require distributed primality tests over a shared secret modulus which is an extensive task. In this paper, we introduce a simple yet an efficient idea to allow two parties to jointly generate a two-prime RSA modulus with a running time complexity O(`). In our protocol, the distributed primality test is performed over a public modulus. Consequently, the expected running time will be reduced from several days to only few minutes. The protocol can be extended to the multiparty case. However, for clarity, in this paper, we focus on the two-party case.