# A New Distributed Primality Test for Shared RSA Keys Using Quadratic Fields

## Abstract

In the generation method for RSA-moduli proposed by Boneh and Franklin in [BF97] the partial signing servers generate random shares *pi*, *qi* and compute as candidate for an RSA-modulus *n* = *pq* where *p* = (∑ *pi*) and *q* = (∑ *qi*). Then they perform a time-consuming distributed primality test which *simultaneously* checks the primality both of *p* and *q* by computing *g* ^{(p−1)(q−1)} = 1 mod *n*. The primality test proposed in [BF97] cannot be generalized to products of more than two primes. A more complicated one for products of three primes was presented in [BH98].

In this paper we propose a new distributed primality test, which can *independently* prove the primality of *p* or *q* for the public modulus *n* = *pq* and can be easily generalized to products of arbitrarily many factors, i.e., the Multi-Prime RSA of PKCS #1 v2.0 Amendment 1.0 [PKCS]. The proposed scheme can be applied *in parallel* for each factor *p* and *q*. We use properties of the group *Cl*(−8*n* ^{2}), which is the class group of the quadratic field with discriminant −8*n* ^{2}.

As it is the case with the Boneh-Franklin protocol our protocol is ⌊*k*−1/2⌋-private, i.e. less than ⌊*k*−1/2⌋ colluding servers cannot learn any information about the primes of the generated modulus. The security of the proposed scheme is based on the intractability of the discrete logarithm problem in *Cl*(−8*n* ^{2}) and on the intractability of a new number theoretic problem which seems to be intractable too.

## Keywords

Distributed RSA primality test parallel computation quadratic fields## Preview

Unable to display preview. Download preview PDF.

## References

- [BB97]I. Biehl and J. Buchmann, “An analysis of the reduction algorithms for binary quadratic forms”, Technical Report No. TI-26/97, Technische Universität Darmstadt, (1997).Google Scholar
- [BGW88]M. Ben-Or, S. Goldwasser and A. Wigderson, “Completeness theorems for non-cryptographic fault tolerant distributed computation”, STOC, (1988), pp. 1–10.Google Scholar
- [BF97]D. Boneh and M. Franklin, “Efficient generation of shared RSA keys”, CRYPTO’ 97, LNCS 1294, (1997), Springer, pp. 425–439.Google Scholar
- [BH98]D. Boneh and J. Horwitz, “Generating a product of three primes with an unknown factorization”, The third Algorithmic Number Theory Symposium, ANTS III, LNCS 1423, (1998), Springer, pp. 237–251.CrossRefGoogle Scholar
- [BW88]J. Buchmann and H. C. Williams, “A key-exchange system based on imaginary quadratic fields”, Journal of Cryptology, 1, (1988), Springer, pp. 107–118.zbMATHCrossRefMathSciNetGoogle Scholar
- [CGH00]D. Catalano, R. Gennaro, S. Halevi, “Computing Inverses over a Shared Secret Modulus,” EUROCRYPT 2000, LNCS 1807, (2000), pp. 190–206.CrossRefGoogle Scholar
- [Cox89]
- [DK01]I. Dåmgard and M. Koprowski, “Practical Threshold RSA Signatures without a Trusted Dealer,” EUROCRYPT 2001, LNCS 2045, (2001), pp. 152–165.CrossRefGoogle Scholar
- [FS01]P.-A. Fouque and J. Stern, “Fully Distributed Threshold RSA under Standard Assumptions,” ASIACRYPT 2001, LNCS 2248, (2001), pp. 310–330.CrossRefGoogle Scholar
- [Jac99]M. J. Jacobson, Jr., “Subexponential Class Group Computation in Quadratic Orders”, PhD Thesis, Technical University of Darmstadt, (1999).Google Scholar
- [JJ99]E. Jaulmes and A. Joux, “A NICE cryptanalysis”, EUROCRYPT 2000, LNCS 1807, (2000), pp. 382–391.CrossRefGoogle Scholar
- [LiDIA]LiDIA-A library for computational number theory. Technische Universität Darmstadt, Germany.Google Scholar
- [MSY01]S. Miyazaki, K. Sakurai, and M. Yung, “On Distributed Cryptographic Protocols for Threshold RSA Signing and Decrypting with No Dealer,” IEICE Transaction, Vol. E84-A, No. 5, (2001), pp. 1177–1183.Google Scholar
- [Rie94]H. Riesel,
*Prime Numbers and Computer Methods for Factorization*, Second Edition, Prog. in Math. 126, Birkhäuser, 1994.Google Scholar - [PKCS]PKCS, Public-Key Cryptography Standards, RSA Laboratories, http://www.rsasecurity.com/rsalabs/pkcs/index.html.
- [Sho99]V. Shoup, “Practical Threshold Signatures,” Eurocrypt 2000, LNCS 1807, (2000), pp. 207–220.CrossRefGoogle Scholar