research-article

Improved Distributed RSA Key Generation Using the Miller-Rabin Test

Authors:
Jakob Burkhardt

Aarhus University, Aarhus, Denmark

Aarhus University, Aarhus, Denmark

0000-0002-1678-6680
View Profile

,
Ivan Damgård

Aarhus University, Aarhus, Denmark

Aarhus University, Aarhus, Denmark

0009-0003-6164-0896
View Profile

,
Tore Kasper Frederiksen

Zama, Paris, France

Zama, Paris, France

0000-0002-0358-2638
View Profile

,
Satrajit Ghosh

Indian Institute of Technology Kharagpur, Kharagpur, India

Indian Institute of Technology Kharagpur, Kharagpur, India

0000-0003-2657-5286
View Profile

,
Claudio Orlandi

Aarhus University, Aarhus, Denmark

Aarhus University, Aarhus, Denmark

0000-0003-4992-0249
View Profile

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2023Pages 2501–2515https://doi.org/10.1145/3576915.3623163

Published:21 November 2023Publication History

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 2501–2515

ABSTRACT

Secure distributed generation of RSA moduli (e.g., generating N=pq where none of the parties learns anything about p or q) is an important cryptographic task, that is needed both in threshold implementations of RSA-based cryptosystems and in other, advanced cryptographic protocols that assume that all the parties have access to a trusted RSA modulo. In this paper, we provide a novel protocol for secure distributed RSA key generation based on the Miller-Rabin test. Compared with the more commonly used Boneh-Franklin test (which requires many iterations), the Miller-Rabin test has the advantage of providing negligible error after even a single iteration of the test for large enough moduli (e.g., 4096 bits).

From a technical point of view, our main contribution is a novel divisibility test which allows to perform the primality test in an efficient way, while keeping p and q secret.

Our semi-honest RSA generation protocol uses any underlying secure multiplication protocol in a black-box way, and our protocol can therefore be instantiated in both the honest or dishonest majority setting based on the chosen multiplication protocol. Our semi-honest protocol can be upgraded to protect against active adversaries at low cost using existing compilers. Finally, we provide an experimental evaluation showing that for the honest majority case, our protocol is much faster than Boneh-Franklin.

References

Joy Algesheimer, Jan Camenisch, and Victor Shoup. 2002. Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products. In CRYPTO 2002 (LNCS, Vol. 2442), Moti Yung (Ed.). Springer, Heidelberg, 417--432. https://doi.org/10.1007/3--540--45708--9_27Google ScholarCross Ref
AWS. 2023. Amazon EC2 On-Demand Pricing. https://aws.amazon.com/ec2/ pricing/on-demand/. Accessed: 2023-05-02.Google Scholar
Judit Bar-Ilan and Donald Beaver. 1989. Non-Cryptographic Fault-Tolerant Computing in Constant Number of Rounds of Interaction. In 8th ACM PODC, Piotr Rudnicki (Ed.). ACM, 201--209. https://doi.org/10.1145/72981.72995Google ScholarDigital Library
Josh Cohen Benaloh and Michael de Mare. 1994. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract). In EUROCRYPT'93 (LNCS, Vol. 765), Tor Helleseth (Ed.). Springer, Heidelberg, 274--285. https://doi.org/10.1007/3--540--48285--7_24Google ScholarCross Ref
Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. 2018. Verifiable Delay Functions. In CRYPTO 2018, Part I (LNCS, Vol. 10991), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 757--788. https://doi.org/10. 1007/978--3--319--96884--1_25Google ScholarDigital Library
Dan Boneh, Benedikt Bünz, and Ben Fisch. 2019. Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains. In CRYPTO 2019, Part I (LNCS, Vol. 11692), Alexandra Boldyreva and Daniele Micciancio (Eds.). Springer, Heidelberg, 561--586. https://doi.org/10.1007/978--3-030--26948--7_20Google ScholarDigital Library
Dan Boneh and Matthew K. Franklin. 1997. Efficient Generation of Shared RSA Keys (Extended Abstract). In CRYPTO'97 (LNCS, Vol. 1294), Burton S. Kaliski Jr. (Ed.). Springer, Heidelberg, 425--439. https://doi.org/10.1007/BFb0052253Google ScholarCross Ref
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Rindal, and Peter Scholl. 2019. Efficient Two-Round OT Extension and Silent NonInteractive Secure Computation. In ACM CCS 2019, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM Press, 291--308. https: //doi.org/10.1145/3319535.3354255Google ScholarDigital Library
Jakob Burkhardt, Ivan Damgård, Tore Frederiksen, Satrajit Ghosh, and Claudio Orlandi. 2023. Improved Distributed RSA Key Generation Using the Miller-Rabin Test. Cryptology ePrint Archive, Paper 2023/644. https://eprint.iacr.org/2023/644Google Scholar
Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In CRYPTO 2002 (LNCS, Vol. 2442), Moti Yung (Ed.). Springer, Heidelberg, 61--76. https://doi.org/10.1007/3- 540--45708--9_5Google ScholarCross Ref
Megan Chen, Jack Doerner, Yashvanth Kondi, Eysa Lee, Schuyler Rosefield, abhi shelat, and Ran Cohen. 2022. Multiparty Generation of an RSA Modulus. Journal of Cryptology 35, 2 (April 2022), 12. https://doi.org/10.1007/s00145-021-09395-yGoogle ScholarDigital Library
Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, abhi shelat, Muthu Venkitasubramaniam, and Ruihan Wang. 2021. Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority. In 2021 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 590--607. https://doi.org/10.1109/SP40001.2021.00025Google ScholarCross Ref
Ivan Damgård, Peter Landrock, and Carl Pomerance. 1993. Average case error estimates for the strong probable prime test. Mathematics of computation 61, 203 (1993), 177--194.Google Scholar
Ivan Damgård and Gert Læssøe Mikkelsen. 2010. Efficient, Robust and ConstantRound Distributed RSA Key Generation. In TCC 2010 (LNCS, Vol. 5978), Daniele Micciancio (Ed.). Springer, Heidelberg, 183--200. https://doi.org/10.1007/978--3- 642--11799--2_12Google ScholarCross Ref
Ivan Damgård, Claudio Orlandi, and Mark Simkin. 2018. Yet Another Compiler for Active Security or: Efficient MPC Over Arbitrary Rings. In CRYPTO 2018, Part II (LNCS, Vol. 10992), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 799--829. https://doi.org/10.1007/978--3--319--96881-0_27Google ScholarDigital Library
Cyprien Delpech de Saint Guilhem, Eleftheria Makri, Dragos Rotaru, and Titouan Tanguy. 2021. The Return of Eratosthenes: Secure Generation of RSA Moduli using Distributed Sieving. In ACM CCS 2021, Giovanni Vigna and Elaine Shi (Eds.). ACM Press, 594--609. https://doi.org/10.1145/3460120.3484754Google ScholarDigital Library
Didier Deshommes. 2023. GMP-java. https://github.com/dfdeshom/GMP-java. Accessed: 2023-07--27.Google Scholar
Hendrik Eerikson, Marcel Keller, Claudio Orlandi, Pille Pullonen, Joonas Puura, and Mark Simkin. 2019. Use your brain! Arithmetic 3PC for any modulus with active security. Cryptology ePrint Archive (2019).Google Scholar
Hendrik Eerikson, Marcel Keller, Claudio Orlandi, Pille Pullonen, Joonas Puura, and Mark Simkin. 2020. Use Your Brain! Arithmetic 3PC for Any Modulus with Active Security. In ITC 2020, Yael Tauman Kalai, Adam D. Smith, and Daniel Wichs (Eds.). Schloss Dagstuhl, 5:1--5:24. https://doi.org/10.4230/LIPIcs.ITC.2020.5Google ScholarCross Ref
Yair Frankel, Philip D. MacKenzie, and Moti Yung. 1998. Robust Efficient Distributed RSA-Key Generation. In STOC, Jeffrey Scott Vitter (Ed.). ACM, 663--672. https://doi.org/10.1145/276698.276882Google ScholarDigital Library
Tore Kasper Frederiksen, Yehuda Lindell, Valery Osheter, and Benny Pinkas. 2018. Fast Distributed RSA Key Generation for Semi-honest and Malicious Adversaries. In CRYPTO 2018, Part II (LNCS, Vol. 10992), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 331--361. https://doi.org/10.1007/978--3- 319--96881-0_12Google ScholarDigital Library
Rosario Gennaro, Michael O. Rabin, and Tal Rabin. 1998. Simplified VSS and FastTrack Multiparty Computations with Applications to Threshold Cryptography. In 17th ACM PODC, Brian A. Coan and Yehuda Afek (Eds.). ACM, 101--111. https://doi.org/10.1145/277697.277716Google ScholarDigital Library
Niv Gilboa. 1999. Two Party RSA Key Generation. In CRYPTO'99 (LNCS, Vol. 1666), Michael J. Wiener (Ed.). Springer, Heidelberg, 116--129. https://doi.org/10.1007/3- 540--48405--1_8Google ScholarCross Ref
Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CT-RSA (Lecture Notes in Computer Science, Vol. 7178), Orr Dunkelman (Ed.). Springer, 313--331. https://doi.org/10.1007/978--3--642--27954--6_20Google ScholarCross Ref
Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CTRSA 2012 (LNCS, Vol. 7178), Orr Dunkelman (Ed.). Springer, Heidelberg, 313--331. https://doi.org/10.1007/978--3--642--27954--6_20Google ScholarCross Ref
Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, Tomas Toft, and Angelo Agatino Nicolosi. 2019. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. Journal of Cryptology 32, 2 (April 2019), 265--323. https: //doi.org/10.1007/s00145-017--9275--7Google ScholarDigital Library
Yuval Ishai, Manoj Prabhakaran, and Amit Sahai. 2009. Secure Arithmetic Computation with No Honest Majority. In TCC 2009 (LNCS, Vol. 5444), Omer Reingold (Ed.). Springer, Heidelberg, 294--314. https://doi.org/10.1007/978--3--642-00457- 5_18Google ScholarCross Ref
Mitsuru Ito, Akira Saito, and Takao Nishizeki. 1989. Secret sharing scheme realizing general access structure. Electronics and Communications in Japan (Part III: Fundamental Electronic Science) 72, 9 (1989), 56--64. https://doi.org/10.1002/ecjc.4430720906 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/ecjc.4430720906Google ScholarCross Ref
Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2015. Actively Secure OT Extension with Optimal Overhead. In CRYPTO 2015, Part I (LNCS, Vol. 9215), Rosario Gennaro and Matthew J. B. Robshaw (Eds.). Springer, Heidelberg, 724-- 741. https://doi.org/10.1007/978--3--662--47989--6_35Google ScholarDigital Library
Michael Malkin, Thomas D. Wu, and Dan Boneh. 1999. Experimenting with Shared Generation of RSA Keys. In NDSS'99. The Internet Society.Google Scholar
Gary L Miller. 1976. Riemann's hypothesis and tests for primality. Journal of computer and system sciences 13, 3 (1976), 300--317.Google ScholarDigital Library
Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In EUROCRYPT'99 (LNCS, Vol. 1592), Jacques Stern (Ed.). Springer, Heidelberg, 223--238. https://doi.org/10.1007/3--540--48910-X_16Google ScholarCross Ref
Guillaume Poupard and Jacques Stern. 1998. Generation of Shared RSA Keys by Two Parties. In ASIACRYPT (Lecture Notes in Computer Science, Vol. 1514), Kazuo Ohta and Dingyi Pei (Eds.). Springer, 11--24. https://doi.org/10.1007/3- 540--49649--1_2Google ScholarCross Ref
Michael O Rabin. 1980. Probabilistic algorithm for testing primality. Journal of number theory 12, 1 (1980), 128--138.Google ScholarCross Ref
Ronald L Rivest, Adi Shamir, and Leonard Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (1978), 120--126.Google ScholarDigital Library
Ronald L Rivest, Adi Shamir, and David A Wagner. 1996. Time-lock puzzles and timed-release crypto. (1996).Google Scholar
Lawrence Roy. 2022. SoftSpokenOT: Quieter OT Extension from Small-Field Silent VOLE in the Minicrypt Model. In CRYPTO 2022, Part I (LNCS, Vol. 13507), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer, Heidelberg, 657--687. https://doi.org/10.1007/978--3-031--15802--5_23Google ScholarDigital Library
Omer Shlomovits. 2020. Diogenes Octopus*: Playing Red Team for Eth2.0 VDF. Medium blog post. https://medium.com/zengo/diogenes-octopus-playing-redteam-for-eth2-0-vdf-part-1-dac3f2e3cc7bGoogle Scholar
Omer Shlomovits. 2020. DogByte Attack: Playing Red Team for Eth2.0 VDF. Medium blog post. https://medium.com/zengo/dogbyte-attack-playing-redteam-for-eth2-0-vdf-ea2b9b2152afGoogle Scholar
Benjamin Wesolowski. 2019. Efficient Verifiable Delay Functions. In EUROCRYPT 2019, Part III (LNCS, Vol. 11478), Yuval Ishai and Vincent Rijmen (Eds.). Springer, Heidelberg, 379--407. https://doi.org/10.1007/978--3-030--17659--4_13Google ScholarDigital Library

Index Terms

Improved Distributed RSA Key Generation Using the Miller-Rabin Test
1. Security and privacy
  1. Cryptography

Recommendations

Secure and practical threshold RSA
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

This article describes a scheme that outputs RSA signatures using a threshold mechanism in which each share has a bitlength close to the bitlength of the RSA modulus. The scheme is proven unforgeable under the standard RSA assumption against an honest ...
Read More
Efficient generation of shared RSA keys

We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is ...
Read More
Password-authenticated key exchange based on RSA
Special Issue on Special Purpose Protocols;Guest Editor:Moti Yung

There have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only ones ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
November 2023
3722 pages
ISBN:9798400700507
DOI:10.1145/3576915
General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences
Copyright © 2023 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 November 2023
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
rsa
secure multiparty computation
threshold cryptography
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,261of6,999submissions,18%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 131
  Total Downloads
- Downloads (Last 12 months)131
- Downloads (Last 6 weeks)21
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Improved Distributed RSA Key Generation Using the Miller-Rabin Test

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Secure and practical threshold RSA

Efficient generation of shared RSA keys

Password-authenticated key exchange based on RSA

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Improved Distributed RSA Key Generation Using the Miller-Rabin Test

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Secure and practical threshold RSA

Efficient generation of shared RSA keys

Password-authenticated key exchange based on RSA

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media