Secure and practical threshold RSA

Jérôme Dossogne, Frédéric Lafitte, Dirk Van Heule

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This article describes a scheme that outputs RSA signatures using a threshold mechanism in which each share has a bitlength close to the bitlength of the RSA modulus. The scheme is proven unforgeable under the standard RSA assumption against an honest but curious adversary that has static corruption capabilities. Previous practical and prov-ably secure schemes require to introduce a factor n! [33] and 2kt [15] in the exponent when computing the partial signatures, where n is the RSA modulus, t+1 the threshold and k a fixed parameter. Our scheme requires only t + 1 modular exponentiations and l + 1 modular multiplications, with t the threshold and l the number of participants.

Original languageEnglish
Title of host publicationSIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks
Pages79-85
Number of pages7
DOIs
Publication statusPublished - 2013
Event6th International Conference on Security of Information and Networks, SIN 2013 - Aksaray, Turkey
Duration: 26 Nov 201328 Nov 2013

Publication series

NameSIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks

Conference

Conference6th International Conference on Security of Information and Networks, SIN 2013
Country/TerritoryTurkey
CityAksaray
Period26/11/1328/11/13

Keywords

  • Digital signature
  • Provable security
  • RSA
  • Threshold cryptography

Fingerprint

Dive into the research topics of 'Secure and practical threshold RSA'. Together they form a unique fingerprint.

Cite this