Abstract
This paper investigates various security issues and provides possible improvements on server-aided RSA computation schemes, mainly focused on the two-phase protocols, RSA-S1M and RSA-S2M, proposed by Matsumoto et al. [4]. We first present new active attacks on these protocols when the final result is not checked. A server-aided protocol is then proposed in which the client can check the computed signature in at most six multiplications irrespective of the size of the public exponent. Next we consider multi-round active attacks on the protocol with correctness check and show that parameter restrictions cannot defeat such attacks. We thus assume that the secret exponent is newly decomposed in each run of the protocol and discuss some means of speeding up this preprocessing step. Finally, considering the implementation-dependent attack, we propose a new method for decomposing the secret and performing the required computation efficiently.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
T. Matsumoto, K. Kato and H. Imai, Speeding up secret computations with insecure auxiliary devices, In Proc. of Crypto’88, Springer-Verlag, LNCS 403, 497–506 (1990).
J.J. Quisquater and M. De Soete, Speeding up smart card RSA computation with insecure coprocessors, In Proc. Smart Card 2000, North-Holland, 191–197 (1991).
C.S. Laih, S.M. Yen and L. Harn, Two efficient server-aided secret computation protocols based on addition chain sequence, In Proc. of Asiacrypt’91, S.V., LNCS 739, 450–459 (1993).
T. Matsumoto, H. Imai, C.S. Laih and S.M. Yen, On verifiable implicit asking protocols for RSA computation, In Proc. of Auscrypt’92, S.V., LNCS 718, 296–307 (1993).
S. Kawamura and A. Shimbo, Fast server-aided secret computation protocols for modular exponentiation, IEEE JSAC, 11(5), 778–784 (1993).
S. Kawamura and A. Shimbo, Performance analysis of server-aided secret computation protocols, Trans. IEICE, 73(7), 1073–1080 (1990).
A. Shimbo and S. Kawamura, Factorization attack on certain server-aided secret computation protocols for the RSA secret transformation, Elect. Lett., 26(17), 1387–1388 (1990).
B. Pfitzmann and M. Waidner, Attacks on protocols for server-aided RSA computation, In Proc. of Eurocrypt’92, S.V., LNCS 658 (1993).
R. J. Anderson, Attack on server-aided authentication protocols, Elect. Lett., 28(15), 1473 (1992).
S.M. Yen and C.S. Laih, More about the active attack on the server-aided secret computation protocol, Elect. Lett., 28(24), 2250 (1992).
J. Burns and C.J. Mitchell, Parameter selection for server-aided RSA computation schemes, IEEE Trans. Computers, 43(2), 163–174 (1994).
S. Kawamura, Information leakage measurement in a distributed computation protocol, IEICE Trans. Fundamentals, E78-A(1), 59–66 (1995).
P. Béguin and J.J. Quisquater, Fast server-aided RSA signatures secure against active attacks, In this proceedings.
E.F. Brickell, D.M. Gordon, K.S. McCurley and D.B. Wilson, Fast exponentiation with precomputation, In Proc. of Eurocrypt’92, S.V., LNCS 658, 200–207 (1993).
J. Hastard, On using RSA with low exponent in a public key network, In Proc. of Crypto’85, S.V., LNCS 218, 403–408 (1986).
T. Matsumoto, K. Kato and H. Imai, How to ask and verify oracles for speeding up secret computations (Part 2), IEICE TR, IT89-24 (1989).
C.P. Schnorr, Efficient identification and signatures for smart cards, In Proc. of Crypto’89, S.V., LNCS 435, 239–252 (1990).
C.P. Schnorr, Efficient signature generation by smart cards, J. Cryptology 4(3), 161–174 (1991).
P. de Rooij, On the security of the Schnorr scheme using preprocessing, In Proc. of Eurocrypt’91, S.V., LNCS 547, 71–78 (1991)
P. de Rooij, On Schnorr’s preprocessing for digital signature schemes, In Proc. of Eurocrypt’93, S.V., LNCS 765, 435–439 (1994).
C.H. Lim and P.J. Lee, More flexible exponentiation with precomputation, In Proc. of Crypto’94, S.V., LNCS 839, 95–107 (1994).
M.J. Wiener, Cryptanalysis of short RSA secret exponents, IEEE Trans. Inform. Theory, IT-36, 553–558 (1990).
S.R. Dusse and B.S. Kaliski Jr., A cryptographic library for the Motorola DSP 5600, In Proc. of Eurocrypt’90, S.V., LNCS 473, 230–244 (1991).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lim, C.H., Lee, P.J. (1995). Security and Performance of Server-Aided RSA Computation Protocols. In: Coppersmith, D. (eds) Advances in Cryptology — CRYPT0’ 95. CRYPTO 1995. Lecture Notes in Computer Science, vol 963. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44750-4_6
Download citation
DOI: https://doi.org/10.1007/3-540-44750-4_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60221-7
Online ISBN: 978-3-540-44750-4
eBook Packages: Springer Book Archive