Abstract
There has been a lot of recent work in the area of proving in zero-knowledge that an RSA modulus N is in the correct form. For example, protocols have been given that prove that N is the product of: two safe primes, two primes nearly equal in size, etc. Such proof systems are rather remarkable in what they achieve, but may be regarded as being heavyweight protocols due to the computational and messaging overhead they impose. In this paper an efficient zero-knowledge protocol is given that simultaneously proves that N is a Blum integer and that its factorization is recoverable. The proof system requires that the RSA primes p and q be such that p ≡ q ≡ 3 mod 4 and another sematically secure encryption. The solution is therefore amenable for use with systems based on PKCS #1. A proof is given that shows that our algorithm is secure under the integer factorization problem (and can be turned into a non-interactive roof in the random oracle model).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boyar, J., Friedl, K., Lund, C.: Practical Zero-Knowledge Proofs: Giving Hints and Using Deficiencies. Journal of Cryptology (1991)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. First Annual Conference on Computer and Communications Security, pp. 62–73. ACM, New York (1993) (on-line version dated October 20, 1995)
Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption- How to Encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)
Bach, E., Sorenson, J.: Sive Algorithms for Perfect Power Testing. Algorithmica 9, 313–328 (1993)
Camenisch, J., Damgaard, I.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 331. Springer, Heidelberg (2000)
Camenisch, J., Michels, M.: Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 107. Springer, Heidelberg (1999)
Camenisch, J., Shoup, V.: Practical Verifiable Encryption and Decryption of Discrete Logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)
Fujisaki, E., Okamoto, T.: A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 32–46. Springer, Heidelberg (1998)
Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is Secure under the RSA Assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 260–274. Springer, Heidelberg (2001)
Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing 18, 186–208 (1989)
Gennaro, R., Micciancio, D., Rabin, T.: An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products. In: The 5th ACM Conference on Computer and Communications Security (1998)
Goldreich, O.: Introduction to Complexity Theory: Non-Uniform Polynomial Time - P/poly. Lecture number 8, Goldreich’s web page at http://www.wisdom.weizmann.ac.il/~oded/PS/CC/l8.ps
Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudo-randomness. Appendix A.2, p. 113. Springer, Heidelberg (1999)
Goldreich, O.: Introduction. In: Foundations of Cryptography, ch. 1, February 27 (1998)
Goldreich, O.: Fragments of a chapter on Encryption Schemes, ch. 5, sec. 2, February 10 (2002)
van de Graaf, J., Peralta, R.: A simple and secure way to show the validity of your public key. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 128–134. Springer, Heidelberg (1988)
Liskov, M., Silverman, R.: A Statistical Limited-Knowledge Proof for Secure RSA Keys. Submitted to IEEE P1363 working group
Luby, M.: Pseudorandomness and Cryptographic Applications, p. 4. Princeton University Press, Princeton (1996)
Menezes, A., Orschoot, P., Vanstone, S.: Handbook of Applied Cryptography, p. 89. CRC Press, Boca Raton (1997)
Naccache, D., Stern, J.: A new candidate trapdoor function. In: 5th ACM Symposium on Computer and Communications Security (1998)
Okamoto, T., Uchiyama, S.: An efficient public-key cryptosystem. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)
PKCS #1-RSA Cryptography Standard, version 2.1, available from http://www.rsa.com/rsalabs/pkcs
Paillier, P.: Public Key Cryptosystems based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Poupard, G., Stern, J.: Fair Encryption of RSA Keys. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 172. Springer, Heidelberg (2000)
Rabin, M.: Digitalized signatures and public-key functions as intractable as factorization, TR-212, MIT Laboratory for Computer Science (January 1979)
Ross, S.: A First Course in Probability Theory, 4th edn., p. 126. Prentice-Hall, Englewood Cliffs (1994)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Shoup, V.: OAEP Reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 239. Springer, Heidelberg (2001)
Young, A., Yung, M.: Auto-Recoverable and Auto-certifiable cryptosystems with RSA or factoring based keys. United States Patent 6,389,136. Filed September 17 (1997) (Issued May 14, 2002)
Young, A., Yung, M.: Auto-Recoverable Auto-Certifiable Cryptosystems. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 17–31. Springer, Heidelberg (1998)
Young, A., Yung, M.: Auto-Recoverable Auto-Certifiable Cryptosystems (a survey). In: Baumgart, R. (ed.) CQRE 1999. LNCS, vol. 1740, p. 204. Springer, Heidelberg (1999)
Young, A., Yung, M.: RSA Based Auto-Recoverable Cryptosystems. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 326–341. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Young, A., Yung, M. (2004). A Key Recovery System as Secure as Factoring. In: Okamoto, T. (eds) Topics in Cryptology – CT-RSA 2004. CT-RSA 2004. Lecture Notes in Computer Science, vol 2964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24660-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-24660-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20996-6
Online ISBN: 978-3-540-24660-2
eBook Packages: Springer Book Archive