research-article

Improved Distributed RSA Key Generation Using the Miller-Rabin Test

Authors:

Jakob Burkhardt,

Tore Kasper Frederiksen,

Satrajit Ghosh,

Claudio OrlandiAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 2501 - 2515

https://doi.org/10.1145/3576915.3623163

Published: 21 November 2023 Publication History

Abstract

Secure distributed generation of RSA moduli (e.g., generating N=pq where none of the parties learns anything about p or q) is an important cryptographic task, that is needed both in threshold implementations of RSA-based cryptosystems and in other, advanced cryptographic protocols that assume that all the parties have access to a trusted RSA modulo. In this paper, we provide a novel protocol for secure distributed RSA key generation based on the Miller-Rabin test. Compared with the more commonly used Boneh-Franklin test (which requires many iterations), the Miller-Rabin test has the advantage of providing negligible error after even a single iteration of the test for large enough moduli (e.g., 4096 bits).

From a technical point of view, our main contribution is a novel divisibility test which allows to perform the primality test in an efficient way, while keeping p and q secret.

Our semi-honest RSA generation protocol uses any underlying secure multiplication protocol in a black-box way, and our protocol can therefore be instantiated in both the honest or dishonest majority setting based on the chosen multiplication protocol. Our semi-honest protocol can be upgraded to protect against active adversaries at low cost using existing compilers. Finally, we provide an experimental evaluation showing that for the honest majority case, our protocol is much faster than Boneh-Franklin.

References

[1]

Joy Algesheimer, Jan Camenisch, and Victor Shoup. 2002. Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products. In CRYPTO 2002 (LNCS, Vol. 2442), Moti Yung (Ed.). Springer, Heidelberg, 417--432. https://doi.org/10.1007/3--540--45708--9_27

[2]

AWS. 2023. Amazon EC2 On-Demand Pricing. https://aws.amazon.com/ec2/ pricing/on-demand/. Accessed: 2023-05-02.

[3]

Judit Bar-Ilan and Donald Beaver. 1989. Non-Cryptographic Fault-Tolerant Computing in Constant Number of Rounds of Interaction. In 8th ACM PODC, Piotr Rudnicki (Ed.). ACM, 201--209. https://doi.org/10.1145/72981.72995

Digital Library

[4]

Josh Cohen Benaloh and Michael de Mare. 1994. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract). In EUROCRYPT'93 (LNCS, Vol. 765), Tor Helleseth (Ed.). Springer, Heidelberg, 274--285. https://doi.org/10.1007/3--540--48285--7_24

[5]

Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. 2018. Verifiable Delay Functions. In CRYPTO 2018, Part I (LNCS, Vol. 10991), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 757--788. https://doi.org/10. 1007/978--3--319--96884--1_25

Digital Library

[6]

Dan Boneh, Benedikt Bünz, and Ben Fisch. 2019. Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains. In CRYPTO 2019, Part I (LNCS, Vol. 11692), Alexandra Boldyreva and Daniele Micciancio (Eds.). Springer, Heidelberg, 561--586. https://doi.org/10.1007/978--3-030--26948--7_20

Digital Library

[7]

Dan Boneh and Matthew K. Franklin. 1997. Efficient Generation of Shared RSA Keys (Extended Abstract). In CRYPTO'97 (LNCS, Vol. 1294), Burton S. Kaliski Jr. (Ed.). Springer, Heidelberg, 425--439. https://doi.org/10.1007/BFb0052253

[8]

Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Rindal, and Peter Scholl. 2019. Efficient Two-Round OT Extension and Silent NonInteractive Secure Computation. In ACM CCS 2019, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM Press, 291--308. https: //doi.org/10.1145/3319535.3354255

Digital Library

[9]

Jakob Burkhardt, Ivan Damgård, Tore Frederiksen, Satrajit Ghosh, and Claudio Orlandi. 2023. Improved Distributed RSA Key Generation Using the Miller-Rabin Test. Cryptology ePrint Archive, Paper 2023/644. https://eprint.iacr.org/2023/644

[10]

Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In CRYPTO 2002 (LNCS, Vol. 2442), Moti Yung (Ed.). Springer, Heidelberg, 61--76. https://doi.org/10.1007/3- 540--45708--9_5

[11]

Megan Chen, Jack Doerner, Yashvanth Kondi, Eysa Lee, Schuyler Rosefield, abhi shelat, and Ran Cohen. 2022. Multiparty Generation of an RSA Modulus. Journal of Cryptology 35, 2 (April 2022), 12. https://doi.org/10.1007/s00145-021-09395-y

Digital Library

[12]

Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, abhi shelat, Muthu Venkitasubramaniam, and Ruihan Wang. 2021. Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority. In 2021 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 590--607. https://doi.org/10.1109/SP40001.2021.00025

[13]

Ivan Damgård, Peter Landrock, and Carl Pomerance. 1993. Average case error estimates for the strong probable prime test. Mathematics of computation 61, 203 (1993), 177--194.

[14]

Ivan Damgård and Gert Læssøe Mikkelsen. 2010. Efficient, Robust and ConstantRound Distributed RSA Key Generation. In TCC 2010 (LNCS, Vol. 5978), Daniele Micciancio (Ed.). Springer, Heidelberg, 183--200. https://doi.org/10.1007/978--3- 642--11799--2_12

[15]

Ivan Damgård, Claudio Orlandi, and Mark Simkin. 2018. Yet Another Compiler for Active Security or: Efficient MPC Over Arbitrary Rings. In CRYPTO 2018, Part II (LNCS, Vol. 10992), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 799--829. https://doi.org/10.1007/978--3--319--96881-0_27

Digital Library

[16]

Cyprien Delpech de Saint Guilhem, Eleftheria Makri, Dragos Rotaru, and Titouan Tanguy. 2021. The Return of Eratosthenes: Secure Generation of RSA Moduli using Distributed Sieving. In ACM CCS 2021, Giovanni Vigna and Elaine Shi (Eds.). ACM Press, 594--609. https://doi.org/10.1145/3460120.3484754

Digital Library

[17]

Didier Deshommes. 2023. GMP-java. https://github.com/dfdeshom/GMP-java. Accessed: 2023-07--27.

[18]

Hendrik Eerikson, Marcel Keller, Claudio Orlandi, Pille Pullonen, Joonas Puura, and Mark Simkin. 2019. Use your brain! Arithmetic 3PC for any modulus with active security. Cryptology ePrint Archive (2019).

[19]

Hendrik Eerikson, Marcel Keller, Claudio Orlandi, Pille Pullonen, Joonas Puura, and Mark Simkin. 2020. Use Your Brain! Arithmetic 3PC for Any Modulus with Active Security. In ITC 2020, Yael Tauman Kalai, Adam D. Smith, and Daniel Wichs (Eds.). Schloss Dagstuhl, 5:1--5:24. https://doi.org/10.4230/LIPIcs.ITC.2020.5

[20]

Yair Frankel, Philip D. MacKenzie, and Moti Yung. 1998. Robust Efficient Distributed RSA-Key Generation. In STOC, Jeffrey Scott Vitter (Ed.). ACM, 663--672. https://doi.org/10.1145/276698.276882

Digital Library

[21]

Tore Kasper Frederiksen, Yehuda Lindell, Valery Osheter, and Benny Pinkas. 2018. Fast Distributed RSA Key Generation for Semi-honest and Malicious Adversaries. In CRYPTO 2018, Part II (LNCS, Vol. 10992), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 331--361. https://doi.org/10.1007/978--3- 319--96881-0_12

Digital Library

[22]

Rosario Gennaro, Michael O. Rabin, and Tal Rabin. 1998. Simplified VSS and FastTrack Multiparty Computations with Applications to Threshold Cryptography. In 17th ACM PODC, Brian A. Coan and Yehuda Afek (Eds.). ACM, 101--111. https://doi.org/10.1145/277697.277716

Digital Library

[23]

Niv Gilboa. 1999. Two Party RSA Key Generation. In CRYPTO'99 (LNCS, Vol. 1666), Michael J. Wiener (Ed.). Springer, Heidelberg, 116--129. https://doi.org/10.1007/3- 540--48405--1_8

[24]

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CT-RSA (Lecture Notes in Computer Science, Vol. 7178), Orr Dunkelman (Ed.). Springer, 313--331. https://doi.org/10.1007/978--3--642--27954--6_20

[25]

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CTRSA 2012 (LNCS, Vol. 7178), Orr Dunkelman (Ed.). Springer, Heidelberg, 313--331. https://doi.org/10.1007/978--3--642--27954--6_20

[26]

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, Tomas Toft, and Angelo Agatino Nicolosi. 2019. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. Journal of Cryptology 32, 2 (April 2019), 265--323. https: //doi.org/10.1007/s00145-017--9275--7

Digital Library

[27]

Yuval Ishai, Manoj Prabhakaran, and Amit Sahai. 2009. Secure Arithmetic Computation with No Honest Majority. In TCC 2009 (LNCS, Vol. 5444), Omer Reingold (Ed.). Springer, Heidelberg, 294--314. https://doi.org/10.1007/978--3--642-00457- 5_18

[28]

Mitsuru Ito, Akira Saito, and Takao Nishizeki. 1989. Secret sharing scheme realizing general access structure. Electronics and Communications in Japan (Part III: Fundamental Electronic Science) 72, 9 (1989), 56--64. https://doi.org/10.1002/ecjc.4430720906 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/ecjc.4430720906

[29]

Marcel Keller, Emmanuela Orsini, and Peter Scholl. 2015. Actively Secure OT Extension with Optimal Overhead. In CRYPTO 2015, Part I (LNCS, Vol. 9215), Rosario Gennaro and Matthew J. B. Robshaw (Eds.). Springer, Heidelberg, 724-- 741. https://doi.org/10.1007/978--3--662--47989--6_35

Digital Library

[30]

Michael Malkin, Thomas D. Wu, and Dan Boneh. 1999. Experimenting with Shared Generation of RSA Keys. In NDSS'99. The Internet Society.

[31]

Gary L Miller. 1976. Riemann's hypothesis and tests for primality. Journal of computer and system sciences 13, 3 (1976), 300--317.

Digital Library

[32]

Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In EUROCRYPT'99 (LNCS, Vol. 1592), Jacques Stern (Ed.). Springer, Heidelberg, 223--238. https://doi.org/10.1007/3--540--48910-X_16

[33]

Guillaume Poupard and Jacques Stern. 1998. Generation of Shared RSA Keys by Two Parties. In ASIACRYPT (Lecture Notes in Computer Science, Vol. 1514), Kazuo Ohta and Dingyi Pei (Eds.). Springer, 11--24. https://doi.org/10.1007/3- 540--49649--1_2

[34]

Michael O Rabin. 1980. Probabilistic algorithm for testing primality. Journal of number theory 12, 1 (1980), 128--138.

[35]

Ronald L Rivest, Adi Shamir, and Leonard Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (1978), 120--126.

Digital Library

[36]

Ronald L Rivest, Adi Shamir, and David A Wagner. 1996. Time-lock puzzles and timed-release crypto. (1996).

[37]

Lawrence Roy. 2022. SoftSpokenOT: Quieter OT Extension from Small-Field Silent VOLE in the Minicrypt Model. In CRYPTO 2022, Part I (LNCS, Vol. 13507), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer, Heidelberg, 657--687. https://doi.org/10.1007/978--3-031--15802--5_23

Digital Library

[38]

Omer Shlomovits. 2020. Diogenes Octopus*: Playing Red Team for Eth2.0 VDF. Medium blog post. https://medium.com/zengo/diogenes-octopus-playing-redteam-for-eth2-0-vdf-part-1-dac3f2e3cc7b

[39]

Omer Shlomovits. 2020. DogByte Attack: Playing Red Team for Eth2.0 VDF. Medium blog post. https://medium.com/zengo/dogbyte-attack-playing-redteam-for-eth2-0-vdf-ea2b9b2152af

[40]

Benjamin Wesolowski. 2019. Efficient Verifiable Delay Functions. In EUROCRYPT 2019, Part III (LNCS, Vol. 11478), Yuval Ishai and Vincent Rijmen (Eds.). Springer, Heidelberg, 379--407. https://doi.org/10.1007/978--3-030--17659--4_13

Digital Library

Cited By

Zhu HTian JChen QTian ZLuo WLi M(2025)A zero-trust based scheme for detecting illegal terminals in the Internet of Things of smart gridPeerJ Computer Science10.7717/peerj-cs.273611(e2736)Online publication date: 7-Mar-2025
https://doi.org/10.7717/peerj-cs.2736
Delahaye J(2024)Des premiers aux pseudo-premiersPour la Science10.3917/pls.558.0080N° 558 – Avril:4(80-85)Online publication date: 28-Mar-2024
https://doi.org/10.3917/pls.558.0080
Liu TLiu QChen T(2024)Security Management Method of Public Sentiment Analysis Based on Blockchain and Edge ComputingIEEE Transactions on Cybernetics10.1109/TCYB.2024.340392354:11(6397-6409)Online publication date: Nov-2024
https://doi.org/10.1109/TCYB.2024.3403923
Show More Cited By

Index Terms

Improved Distributed RSA Key Generation Using the Miller-Rabin Test
1. Security and privacy
  1. Cryptography

Recommendations

Secure and practical threshold RSA
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

This article describes a scheme that outputs RSA signatures using a threshold mechanism in which each share has a bitlength close to the bitlength of the RSA modulus. The scheme is proven unforgeable under the standard RSA assumption against an honest ...
RSA-Based Undeniable Signatures

We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems. In ...
Efficient generation of shared RSA keys

We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Danish Independent Research Council
European Research Council
Carlsbergfondet
Concordium Blockchain Research Center
EU Horizon 2020

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
248
Total Downloads

Downloads (Last 12 months)148
Downloads (Last 6 weeks)10

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhu HTian JChen QTian ZLuo WLi M(2025)A zero-trust based scheme for detecting illegal terminals in the Internet of Things of smart gridPeerJ Computer Science10.7717/peerj-cs.273611(e2736)Online publication date: 7-Mar-2025
https://doi.org/10.7717/peerj-cs.2736
Delahaye J(2024)Des premiers aux pseudo-premiersPour la Science10.3917/pls.558.0080N° 558 – Avril:4(80-85)Online publication date: 28-Mar-2024
https://doi.org/10.3917/pls.558.0080
Liu TLiu QChen T(2024)Security Management Method of Public Sentiment Analysis Based on Blockchain and Edge ComputingIEEE Transactions on Cybernetics10.1109/TCYB.2024.340392354:11(6397-6409)Online publication date: Nov-2024
https://doi.org/10.1109/TCYB.2024.3403923
Friedman OMarmor AMutzari DScaly YSpiizer YYanai A(2024)Tiresias: Large Scale, UC-Secure Threshold PaillierAdvances in Cryptology – ASIACRYPT 202410.1007/978-981-96-0891-1_5(141-173)Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1007/978-981-96-0891-1_5
Cohen RDoerner JKondi YShelat A(2024)Secure Multiparty Computation with Identifiable Abort via Vindicating ReleaseAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68397-8_2(36-73)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68397-8_2

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten