A New Distributed Primality Test for Shared RSA Keys Using Quadratic Fields

  • Ingrid Biehl
  • Tsuyoshi Takagi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


In the generation method for RSA-moduli proposed by Boneh and Franklin in [BF97] the partial signing servers generate random shares pi, qi and compute as candidate for an RSA-modulus n = pq where p = (∑ pi) and q = (∑ qi). Then they perform a time-consuming distributed primality test which simultaneously checks the primality both of p and q by computing g (p−1)(q−1) = 1 mod n. The primality test proposed in [BF97] cannot be generalized to products of more than two primes. A more complicated one for products of three primes was presented in [BH98].

In this paper we propose a new distributed primality test, which can independently prove the primality of p or q for the public modulus n = pq and can be easily generalized to products of arbitrarily many factors, i.e., the Multi-Prime RSA of PKCS #1 v2.0 Amendment 1.0 [PKCS]. The proposed scheme can be applied in parallel for each factor p and q. We use properties of the group Cl(−8n 2), which is the class group of the quadratic field with discriminant −8n 2.

As it is the case with the Boneh-Franklin protocol our protocol is ⌊k−1/2⌋-private, i.e. less than ⌊k−1/2⌋ colluding servers cannot learn any information about the primes of the generated modulus. The security of the proposed scheme is based on the intractability of the discrete logarithm problem in Cl(−8n 2) and on the intractability of a new number theoretic problem which seems to be intractable too.


Distributed RSA primality test parallel computation quadratic fields 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BB97]
    I. Biehl and J. Buchmann, “An analysis of the reduction algorithms for binary quadratic forms”, Technical Report No. TI-26/97, Technische Universität Darmstadt, (1997).Google Scholar
  2. [BGW88]
    M. Ben-Or, S. Goldwasser and A. Wigderson, “Completeness theorems for non-cryptographic fault tolerant distributed computation”, STOC, (1988), pp. 1–10.Google Scholar
  3. [BF97]
    D. Boneh and M. Franklin, “Efficient generation of shared RSA keys”, CRYPTO’ 97, LNCS 1294, (1997), Springer, pp. 425–439.Google Scholar
  4. [BH98]
    D. Boneh and J. Horwitz, “Generating a product of three primes with an unknown factorization”, The third Algorithmic Number Theory Symposium, ANTS III, LNCS 1423, (1998), Springer, pp. 237–251.CrossRefGoogle Scholar
  5. [BW88]
    J. Buchmann and H. C. Williams, “A key-exchange system based on imaginary quadratic fields”, Journal of Cryptology, 1, (1988), Springer, pp. 107–118.zbMATHCrossRefMathSciNetGoogle Scholar
  6. [CGH00]
    D. Catalano, R. Gennaro, S. Halevi, “Computing Inverses over a Shared Secret Modulus,” EUROCRYPT 2000, LNCS 1807, (2000), pp. 190–206.CrossRefGoogle Scholar
  7. [Cox89]
    D. A. Cox: Primes of the form x2 + ny2, John Wiley & Sons, New York, (1989).Google Scholar
  8. [DK01]
    I. Dåmgard and M. Koprowski, “Practical Threshold RSA Signatures without a Trusted Dealer,” EUROCRYPT 2001, LNCS 2045, (2001), pp. 152–165.CrossRefGoogle Scholar
  9. [FS01]
    P.-A. Fouque and J. Stern, “Fully Distributed Threshold RSA under Standard Assumptions,” ASIACRYPT 2001, LNCS 2248, (2001), pp. 310–330.CrossRefGoogle Scholar
  10. [Jac99]
    M. J. Jacobson, Jr., “Subexponential Class Group Computation in Quadratic Orders”, PhD Thesis, Technical University of Darmstadt, (1999).Google Scholar
  11. [JJ99]
    E. Jaulmes and A. Joux, “A NICE cryptanalysis”, EUROCRYPT 2000, LNCS 1807, (2000), pp. 382–391.CrossRefGoogle Scholar
  12. [LiDIA]
    LiDIA-A library for computational number theory. Technische Universität Darmstadt, Germany.Google Scholar
  13. [MSY01]
    S. Miyazaki, K. Sakurai, and M. Yung, “On Distributed Cryptographic Protocols for Threshold RSA Signing and Decrypting with No Dealer,” IEICE Transaction, Vol. E84-A, No. 5, (2001), pp. 1177–1183.Google Scholar
  14. [Rie94]
    H. Riesel, Prime Numbers and Computer Methods for Factorization, Second Edition, Prog. in Math. 126, Birkhäuser, 1994.Google Scholar
  15. [PKCS]
    PKCS, Public-Key Cryptography Standards, RSA Laboratories,
  16. [Sho99]
    V. Shoup, “Practical Threshold Signatures,” Eurocrypt 2000, LNCS 1807, (2000), pp. 207–220.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Ingrid Biehl
    • 1
  • Tsuyoshi Takagi
    • 1
  1. 1.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations