RSA Key Generation with Verifiable Randomness
نویسندگان
چکیده
We consider the problem of proving that a user has selected and correctly employed a truly random seed in the generation of her RSA key pair. This task is related to the problem of key validation, the process whereby a user proves to another party that her key pair has been generated securely. The aim of key validation is to pursuade the verifying party that the user has not intentionally weakened or reused her key or unintentionally made use of bad software. Previous approaches to this problem have been ad hoc, aiming to prove that a private key is secure against specific types of attacks, e.g., that an RSA modulus is resistant to elliptic-curve-based factoring attacks. This approach results in a rather unsatisfying laundry list of security tests for keys. We propose a new approach that we refer to as key generation with verifiable randomness (KEGVER). Our aim is to show in zero knowledge that a private key has been generated at random according to a prescribed process, and is therefore likely to benefit from the full strength of the underlying cryptosystem. Our proposal may be viewed as a kind of distributed key generation protocol involving the user and verifying party. Because the resulting private key is held solely by the user, however, we are able to propose a protocol much more practical than conventional distributed key generation. We focus here on a KEGVER protocol for
منابع مشابه
ABCRNG - Swarm Intelligence in Public key Cryptography for Random Number Generation
Cryptography is an important tool for protecting and securing data. In public key cryptography, the key generation plays a vital role for strengthening the security. The random numbers are the seed values in key generation process in many of the public key cryptography algorithms, such as Elgamal, Rivest_Shamir_Adleman (RSA) algorithm etc. Much effort is dedicated to develop efficient Random Nu...
متن کاملDistributed Key Generation in the Wild
Distributed key generation (DKG) has been studied extensively in the cryptographic literature. However, it has never been examined outside of the synchronous setting, and the known DKG protocols cannot guarantee safety or liveness over the Internet. In this work, we present the first realistic DKG protocol for use over the Internet. We propose a practical system model for the Internet and defin...
متن کاملNon-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability
Group signatures are an important privacy-enhancing tool that allow to anonymously sign messages on behalf of a group. A recent feature for group signatures is controllable linkability, where a dedicated linking authority (LA) can determine whether two given signatures stem from the same signer without being able to identify the signer(s). Currently the linking authority is fully trusted, which...
متن کاملUnique Signatures and Verifiable Random Functions from the DH-DDH Separation
A unique signature scheme has the property that a signature σPK(m) is a (hard-to-compute) function of the public key PK and message m, for all, even adversarially chosen, PK. Unique signatures, introduced by Goldwasser and Ostrovsky, have been shown to be a building block for constructing verifiable random functions. Another useful property of unique signatures is that they are stateless: the s...
متن کاملSecure verifiable non-interactive oblivious transfer protocol using RSA and Bit commitment on distributed environment
In this paper, we have discussed the issues concerning the basic concept and classification of OT (Oblivious Transfer). We have proposed secure verifiable non-interactive oblivious transfer protocols for the exchange of secrets on distributed environments. One is a new secure verifiable noninteractive oblivious transfer protocol using RSA, the other is that with bit commitment using one-way fun...
متن کامل