GBD Threshold Cryptography with an Application to RSA Key Recovery
نویسندگان
چکیده
We present protocols for threshold decryption and threshold key generation in the GBD public-key cryptosystem in the “honest-butcurious” setting. These allow GBD computations to be performed in a distributed manner during both key generation and decryption, without revealing the private key to any party. GBD threshold decryption is similar to El-Gamal threshold decryption. GBD threshold key generation is based on adaptations of protocols for RSA key generation by Boneh and Franklin, and Catalano et al, and includes a new protocol for efficiently computing the inverse of a shared secret modulo another shared secret. We also show an application of GBD threshold cryptography to RSA key recovery. This is based on the use of GBD as a master cryptosystem, whose use allows generation by individual users of RSA moduli that can be factored by using the GBD private key as trapdoor information. This application requires RSA key generation to be tailored, but other operations are standard RSA. Clearly, compromise of the GBD private key would compromise all corresponding RSA private keys, so the security of the GBD master private key should be stronger than the security of the individual RSA keys, and this can be achieved using threshold methods. Finally, we point out two open problems in the RSA key recovery application.
منابع مشابه
GBD Threshold Cryptography with an Application to RSA Key Recovery
We present protocols for threshold cryptography in the GBD public-key cryptosystem. Both threshold decryption and threshold key generation are covered, in the “honest-butcurious” setting. This shows that it is possible to perform GBD computations in a distributed manner during both key generation and decryption, without revealing the private key to any party. GBD threshold decryption is similar...
متن کاملA JCA-Based Implementation Framework for Threshold Cryptography
The Java Cryptography Architecture, JCA in short, was created to allow JCA-compliant cryptography providers to be plugged into a JCA-aware application at run time. This configurable feature makes JCA widely used and assures its success. However, the public key cryptographic service interfaces defined by JCA are based on the conventional public key cryptography, which is a single-sender-singlere...
متن کاملAll Sail, No Anchor III: Risk Aggregation and Time's Arrow
Traversing middleboxes with the host identity protocol p. 17 An investigation of unauthorised use of wireless networks in Adelaide, South Australia p. 29 An efficient solution to the ARP cache poisoning problem p. 40 On Stern's attack against secret truncated linear congruential generators p. 52 On the success probability of [chi][superscript 2]-attack on RC6 p. 61 Solving systems of differenti...
متن کاملA Dynamic Threshold Proxy Digital Signature Scheme by using RSA Cryptography for Multimedia Authentication
In this paper we propose a threshold digital signature scheme by using RSA cryptography to authenticate multimedia content. Multimedia authentication deals with genuineness of the structure and content of the multimedia such as text, image, audio, video etc. The proposed scheme uses an efficient key distribution scenario where, the private key of the group is
متن کاملReconstructing RSA Private Keys from Random Key Bits
We show that an RSA private key with small public exponent can be efficiently recovered given a 0.27 fraction of its bits at random. An important application of this work is to the “cold boot” attacks of Halderman et al. We make new observations about the structure of RSA keys that allow our algorithm to make use of the redundant information in the typical storage format of an RSA private key. ...
متن کامل