D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. J. ACM, 48(4):702--722, 2001.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....resists the conspiracy attack because the revocation manager can trace all the corrupted members involved in a forged signature. 1 Introduction The threshold signature scheme is very important in practice on behalf of a group. Almost all of the threshold signatures are based on secret sharing [1, 12, 23, 25, 26] . These schemes usually have a common weakness that they cannot avoid of the conspiracy attack which is first described in [20] The conspiracy attack means that, if t or more members of the group conspire, the secret of the group will be retrieved. Once these members get the group secret, they ....

D. Boneh, M. Franklin, Efficient generation of the shared RSA keys, Proc. Of Crypto'97, Springer-Verlag LNCS 1233.

....protocols [19, 3, 8] the resulting solutions would hardly be practical. BONEH FRANKLIN. The first to address the issue of an efficient solution for this problem were Boneh and Franklin, who in a breakthrough result show how n 3 parties can jointly generate an RSA key without a trusted dealer [5]. In particular, as part of their solution they show how the parties jointly compute d = e mod (N ) where N; e are the RSA modulus and public exponent, respectively, and (N ) is shared among the parties. Our solution improves on some of the features of the Boneh Franklin protocol. In ....

....the parties. Our solution improves on some of the features of the Boneh Franklin protocol. In particular: 1. We only use a single invocation of the BGW [3] multiplication protocol, while their protocol needs two of them. Hence the round complexity of our protocol is half that of the protocol in [5]. 2. The Boneh Franklin protocol is based on an n out of n solution where a single crash could prevent the protocol from completing. To obtain a t out of n solution, they suggest using the share backup approach of Rabin [21] but this approach has some known problems. For one thing, it ....

[Article contains additional citation context not shown here]

D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. In Advances in Cryptology - Crypto '97, LNCS vol. 1294, Springer, 1997, pages 425-439. Extended version available from http://crypto.stanford.edu/ dabo/pubs.html

....key. Improvements to the random generation of private keys for public key cryptography usually fall into two areas : the distribution of a secret for discrete log based cryptosystems and the distribution of RSA keys. The latter case is partially solved by the nice paper of Boneh and Franklin [4]. However, the protocol does not allow to efficiently share RSA modulus with strong primes and is not robust against cheaters. Following this paper, two articles provide robustness using different techniques. The first one by Frankel et al. 11] is based on the same methods as [4] and uses the ....

....and Franklin [4] However, the protocol does not allow to efficiently share RSA modulus with strong primes and is not robust against cheaters. Following this paper, two articles provide robustness using different techniques. The first one by Frankel et al. 11] is based on the same methods as [4] and uses the protocol of Ben Or, Goldwasser and Widgerson [2] with private channels between each pair of participants. Frankel et al. also propose protocols that make the scheme proactive in [11, 10, 12] In [22] Poupard and Stern present a protocol for two players which avoids private channels. ....

D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. In Crypto '97, LNCS 1294, pages 425--439. Springer-Verlag, 1997. 11

....RSA. This solves an open problem where one needs to cope with requirements that do not match. On one hand, at Eurocrypt 00, Shoup describes a practical threshold signature scheme in [37] where the primes of the RSA modulus should be safe. On the other hand, Boneh and Franklin at Crypto 97 [4] describe a protocol to share the key generation of an RSA modulus. However, the generation of safe modulus seems to be hard with this protocol. The present work takes a different path by proposing a method to enhance the key generation with some additional properties and revisits Shoup s protocol ....

....the key generation protocol in order to guarantee the secrecy of Shamir s secret sharing. Shared Generation of RSA Keys. This raises the question of generating RSA moduli for Shoup s threshold scheme without a trusted dealer. There exist protocols that generate RSA keys in a distributive manner [4, 18, 9, 10, 3, 30, 23]. Boneh and Franklin in [4] designed such protocol for the generation of an RSA modulus in the honest but curious model. Later, Frankel, MacKenzie and Yung in [18] made this algorithm robust against malicious servers. In [30] Poupard and Stern also provided a protocol to compute a shared modulus ....

[Article contains additional citation context not shown here]

D. Boneh and M. Franklin. Efficient Generation of Shared RSA keys. In Crypto '97, LNCS 1233, pages 425--439. Springer-Verlag, 1997.

....increases as a larger is adopted. In military environments, the privilege for every node is inherently hierarchical and heterogeneous. For example, a lieutenant usually hold more confidential information than a private. This Though shared key generation schemes are available in literatures [12, 58], the result key pair is revealed to the key generation requester. Besides, it is an open question who has the authority to annul current signing key. implies that an asymmetric function sharing model is more reasonable. In UAV MBN networks, the MBN nodes could hold more shares of the backup DCA ....

D. Boneh and M. K. Franklin. Efficient Generation of Shared RSA Keys. In CRYPTO, pages 425--439, 1997.

....requirements in a repudiable manner. Case II: A shared public key for the coalition AA. In this case, the coalition AA has a shared public key whose corresponding private key is split among the member domains. That is, in Figure 1, employing the distributed shared key generation algorithm of [8], domains D1, D2, and D3 generate a public key for the coalition AA while retaining distributed shares of the corresponding private key such that no single domain has unilateral access to the For example, Anderson and Kuhn [3] and Bond [7] discuss protocol failures where the application of a ....

....for joint administration of access policies. 3. Using Shared Public Key Techniques In this section we discuss the use of shared public key techniques, which have recently been used for intrusiontolerant applications [27] We give a brief overview of the shared public key generation algorithm of [8] and discuss the costs of using shared key techniques and the usefulness of the m of n private key sharing scheme. 3.1. Shared RSA public key generation algorithm Here we review some of the features of the shared RSA public key generation algorithm of [8, 21] The algorithm enables n domains to ....

[Article contains additional citation context not shown here]

D. Boneh and M. Franklin, "Efficient Generation of Shared RSA Keys", Advances in Cryptology - Crypto' 97, Lecture Notes in Computer Science, Vol. 1233, Springer-Verlag, 1997, pp. 425--439.

....is the product of quasi safe primes, i.e. primes p and q for which (p 1) 2 and (q 1) 2 is a prime power. However, their protocol can not guarantee that (p 1) 2 and (q 1) 2 are indeed primes which is what we are aiming for. Let us further mention the work of Boneh and Franklin [2], who provide a proof that a distributively generated number n indeed consists of two primes (without further showing that these primes are of special form) It should be noted that all these solutions assume that n is publicly known. 2 Tools 2.1 Commitment Schemes Our schemes build use ....

D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In

....availability: In the infrastructureless mode, the communication overhead is minimal when a ground node has at least one hop partial CAs. Otherwise, any of the partial CA can serve as a proxy and use its own trust to bring in 2 Though shared key generation schemes are available in literatures [1, 25], the result key pair is revealed to the key generation requester. Besides, it is an open question who has the authority to annul current signing key. more partial CAs, though the communication overhead is increased in this scenario. False accusations: As described before, should be ....

D. Boneh and M. K. Franklin. Efficient Generation of Shared RSA Keys. In CRYPTO, pages 425--439, 1997.

....2 . Fortunately, proactive secret share update [16, 9, 8, 31] and selfinitialization [23, 19] allow the network to periodically update all the secret shares without compromising the shared secret. As long as there are less than 2 Though shared key generation schemes are available in literatures [1, 24], the result key pair is revealed to the key generation requester. Besides, it is an open question who has the authority to annul current signing key. K ground nodes broken between two consecutive secret share updates, the backup signing key SK 0 ff is protected against break ins and can remain ....

D. Boneh and M. K. Franklin. Efficient Generation of Shared RSA Keys. In CRYPTO, pages 425--439, 1997.

....are not very efficient. For example, in the [22] protocol, both the number of rounds and communication complexity are polynomial in the size of the circuit computing the functionality. Thus some research has focused on finding efficient protocols for specific problems of secure computation. See [7, 10, 13, 28] for just a few examples. This direction is not the focus of our work. Other research has considered the efficiency of generic solutions themselves and as such also addresses fundamental questions regarding efficiency considerations (e.g. the possibility of obtaining protocols with only a ....

D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In Crypto97, SpringerVerlag LNCS Vol. 1233, pages 425--439, 1997.

....holds. Clearly with this scheme, to split the TA s key amongst a set of TAs we need to produce an RSA modulus N and a public exponent e such that no individual TA knows the factors of N and each TA has a share d i of the private exponent d. Protocols exist for this problem, see for example [1] [2] and [5] but they are usually relatively inefficient. For the identity based signature schemes described in this paper the situation is different as there is a natural, simple and elegant way to split the TAs master key into a set of shares. This is because our security is based on discrete ....

D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. In Advances in Cryptology - CRYPTO '97, Springer-Verlag LNCS 1294, 425--439, 1997.

No context found.

D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. J. ACM, 48(4):702--722, 2001.

No context found.

Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In Crypto'97 (1997) 425--439.

No context found.

Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In Crypto'97 (1997) 425--439.

No context found.

Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In Crypto'97 (1997) 425--439.

No context found.

Boneh D, Franklin MK. Efficient generation of shared RSA keys. In CRYPTO, 1997; pp. 425 -- 439.

No context found.

D.Boneh and M. Franklin. Efficient generation of shared RSA keys. In Journal of the ACM (JACM), Vol. 48, pp. 702 ---722, July 2001.

No context found.

D. Boneh and M. Franklin. Efficient generation of shared rsa keys. In CRYPTO, 1997.

No context found.

D. Boneh and M. Franklin. Efficient generation of shared RSA keys. Crypto '97, Lecture Notes in Computer Science, Springer Verlag, 1233:425--439, 1997.

No context found.

D.Boneh,M.Franklin. "Efficient generation of shared RSA keys." Crypo'97, p425-439 LNCS 1294

No context found.

D. Boneh and M. Franklin, Efficient generation of shared RSA keys, Proc. Advances in Cryptology: CRYPTO'97, Santa Barbara, USA, 1997, 425--439.

No context found.

D. BONEH, M. FRANKLIN. Efficient generation of shared RSA keys. In Proceedings Crypo'97, pp. 425-439.

No context found.

D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In Crypto '97, pages 425--439, 1997. Springer-Verlag. LNCS No. 1294.

No context found.

D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. In Advances in Cryptology - CRYPTO '97, Springer-Verlag LNCS 1294, 425--439, 1997.

No context found.

Dan Boneh and Matthew Franklin, "Efficient Generation of Shared RSA Keys," Advances in Cryptology -CRYPTO'97, Springer-Verlag, 1997, pp. 425-439

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC