Abstract
We present two efficient protocols which implement robust threshold RSA signature schemes, where the power to sign is shared by N players such that any subset of T or more signers can collaborate to produce a valid RSA signature on any given message, but no subset of fewer than T corrupted players can forge a signature. Our protocols are robust in the sense that the correct signature is computed even if up to T − 1 players behave in arbitrarily malicious way during the signature protocol. This in particular includes the cases of players that refuse to participate or that generate incorrect partial signatures. Our robust protocols achieve optimal resiliency as they can tolerate up to (N − 1)/2 faults, and their efficiency is comparable to the efficiency of the underlying threshold RSA signature scheme.
Robust threshold signature schemes have very important applications, since they provide increased security and availability for a signing server (e.g. a certification authority or an electronic cash provider). Solutions for the case of the RSA signature scheme are especially important because of its widespread use. In addition, these techniques apply to shared RSA decryption as well, thus leading to efficient key escrow schemes for RSA.
Our schemes are based on some interesting extensions that we devised for the information checking protocol of T. Rabin and Ben-Or [Rab94], [RB89], and the undeniable signature work initiated by Chaum and van Antwerpen [CA90]. These extensions have some attractive properties, and hence are of independent interest.
A Complete version of the paper is available from http://www.re.search.ibm.com/security/.
Chapter PDF
Similar content being viewed by others
References
G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. JCSS, 37(2): 156–189, 1988.
J. Boyar, D. Chaum, I. Damgård, and T. Pedersen. Convertible undeniable signatures. In A.J. Menezes and S. A. Vanstone, editors, Proc. CRYPTO 90, pages 189–205. Springer-Verlag, 1991. Lecture Notes in Computer Science No. 537.
M. Blum and S. Kannan, Program correctness checking and the design of programs that check their work. In Proc. of the 21st ACM Symposium on Theory of Computing, 1989.
C. Boyd, Digital Multisignatures. In H. Baker and F. Piper, editors, Cryptography and Coding, pages 241–246, Claredon Press, 1986.
M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Eurocrypt’94, 1994.
David Chaum and Hans Van Antwerpen. Undeniable signatures. In G. Brassard, editor, Proc. CRYPTO 89, pages 212–217. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.
D. Chaum. Zero-knowledge undeniable signatures. In Proc. EUROCRYPT 90, pages 458–464. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 473.
Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung. How to share a function securely. In Proc. 26th ACM Symp. on Theory of Computing, pages 522–533, Santa Fe, 1994. IEEE.
Yvo G. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457, July 1994.
Yvo Desmedt and Yair Frankel, Threshold cryptosystems. In G. Brassard, editor, Proc. CRYPTO 89, pages 307–315. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.
Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Proc. CRYPTO 91, pages 457–469, Springer, 1992. Lecture Notes in Computer Science No. 576.
P. Feldman. A Practical Scheme for Non-Interactive Verifiable Secret Sharing. In Proceeding 28th Annual Symposium on the Foundations of Computer Science, pages 427–437. IEEE, 1987.
Y. Frankel, P. Gemmell, and M. Yung. Witness-based Cryptographic Program Checking and Robust Function Sharing. To appear in proceedings of STOC96, 1996.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold dss signatures. To appear in Eurocrypt’96, 1996.
S. Goldwasser and S. Micali. Probabilistic encryption. JCSS, 28(2):270–299, April 1984.
Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281–308, April 1988.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. SIAM. J. Computing, 18(1):186–208, February 1989.
O. Goldreich, S. Micali, and A. Wigderson. Proofs that Yield Nothing but the Validity of the Assertion, and a Methodology of Cryptographic Protocol Design. In Proceeding 27th Annual Symposium on the Foundations of Computer Science, pages 174–187. ACM, 1986.
O. Goldreich, S. Micali, and A. Wigderson. How to Play Any Mental Game. In Proceeding 19th Annual Symposium on the Theory of Computing, pages 218–229. ACM, 1987.
Oded Goldreich. Foundation of Cryptography — Fragments of a Book. Electronic Colloquium on Computational Complexity, February 1995. Available online from http://www.eccc.uni-trier.de/eccc/.
Silvio Micali. Fair public-key cryptosystems. In Emest F. Brickell, editor, Proc. CRYPTO 92, pages 113–138. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.
T. Pedersen. Distributed provers with applications to undeniable signatures. In Eurocrypt’91, 1991.
T. Rabin. Robust Sharing of Secrets When the Dealer is Honest or Faulty. Journal of the ACM, 41(6):1089–1109, 1994.
T. Rabin and M. Ben-Or. Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. In Proceeding 21st Annual Symposium on the Theory of Computing, pages 73–85. ACM, 1989.
A. Shamir. How to Share a Secret. Communications of the ACM, 22:612–613, 1979.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T. (1996). Robust and Efficient Sharing of RSA Functions. In: Koblitz, N. (eds) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, vol 1109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68697-5_13
Download citation
DOI: https://doi.org/10.1007/3-540-68697-5_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61512-5
Online ISBN: 978-3-540-68697-2
eBook Packages: Springer Book Archive