Cryptanalysis of Server-Aided RSA Key Generation Protocols at MADNES 2005

  • Fanyu Kong
  • Jia Yu
  • Baodong Qin
  • Daxing Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


At MADNES 2005, Y. Chen et al. proposed two improved server-aided RSA key generation protocols, which are claimed to be secure against collusion attack. However, at ISPEC 2006, T. Cao et al. presented a collusion attack on Chen’s standard server-aided RSA key generation protocol and can get the plaintext from a ciphertext. In this paper, we propose a full cryptanalysis of Chen’s two server-aided RSA key generation protocols. Firstly, we give a further analysis of Chen’s standard protocol and can recover the factorization of the RSA modulus N with the complexity O(log3(N)). Secondly, we propose two collusion attacks on Chen’s unbalanced RSA key generation protocol. It is proved that we can decrypt any ciphertext with the complexity O(log3(N)) and find the secret prime p with the complexity O(log4(N)). Therefore, neither of Chen’s two server-aided RSA key generation protocols can resist collusion attack.


Smart Card Euclidean Algorithm Modular Exponentiation Collusion Attack Extended Euclidean Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computation with insecure auxiliary devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 497–506. Springer, Heidelberg (1990)Google Scholar
  2. 2.
    Matsumoto, T., Imai, H., Laih, C.S., Yen, S.M.: On verifiable implicit asking protocols for RSA computation. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 296–307. Springer, Heidelberg (1993)Google Scholar
  3. 3.
    Kawamura, S., Shimbo, A.: Fast server-aided secret computation protocols for modular exponentiation. IEEE Journal on Selected Areas Communications 11(5), 778–784 (1993)CrossRefGoogle Scholar
  4. 4.
    Burns, J., Mitchell, C.J.: Parameter selection for server-aided RSA computation schemes. IEEE Transactions on Computers 43(2), 163–174 (1994)CrossRefGoogle Scholar
  5. 5.
    Beguin, P., Quisquater, J.J.: Fast Server-Aided RSA Signatures Secure Against Active Attacks. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 57–69. Springer, Heidelberg (1995)Google Scholar
  6. 6.
    Anderson, R.J.: Attack on Server-Assisted Authentication Protocols. IEE Electronics Letters 28(15), 1473 (1992)CrossRefGoogle Scholar
  7. 7.
    Pfitzmann, B., Waidner, M.: Attacks on protocols for server-aided RSA computation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 153–162. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  8. 8.
    Lim, C.H., Lee, P.J.: Security and Performance of Server-Aided RSA Computation Protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 70–83. Springer, Heidelberg (1995)Google Scholar
  9. 9.
    Nguyen, P., Stern, J.: The Beguin-Quisquater Server-Aided RSA Protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 372–379. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Modadugu, N., Boneh, D., Kim, M.: Generating RSA Keys on a Handheld Using an Untrusted Server. In: CT-RSA 2000 (2000), Available at:
  11. 11.
    Chen, Y., Safavi-Naini, R., Baek, J.: Server-Aided RSA Key Generation against Collusion Attack. In: Burmester, M., Yasinsac, A. (eds.) MADNES 2005. LNCS, vol. 4074, pp. 27–37. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Cao, T., Mao, X., Lin, D.: Security Analysis of a Server-Aided RSA Key Generation Protocol. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 314–320. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Shamir, A.: RSA for Paranoids. CryptoBytes 1(3), 1–4 (1995)Google Scholar
  15. 15.
    Simmons, G.J.: A weak privacy protocol using the RSA crypto algorithm. Cryptologia 7(2), 180–182 (1983)zbMATHCrossRefGoogle Scholar
  16. 16.
    Delaurentis, J.M.: A further weakness in the common modulus protocol for the RSA crypto algorithm. Cryptologia 8(3), 253–259 (1984)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Miller, G.L.: Reimanns hypothesis and tests for primality. J. Comput. System Sci. 13, 300–317 (1976)zbMATHMathSciNetGoogle Scholar
  18. 18.
    Cao, T., Mao, X.: Collusion Attack on a Server-Aided Unbalanced RSA Key Generation Protocol. In: International Conference on Communication Technology (2006) (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Fanyu Kong
    • 1
    • 2
  • Jia Yu
    • 3
  • Baodong Qin
    • 1
    • 2
  • Daxing Li
    • 1
    • 2
  1. 1.Institute of Network Security, Shandong University, 27 Shanda Nanlu Road, Jinan 250100China
  2. 2.Key Laboratory of Cryptographic Technology and Information Security, Ministry of Education, Jinan 250100China
  3. 3.College of Information Engineering, Qingdao University, Qingdao 266071China

Personalised recommendations