Abstract
We consider threshold cryptosystems over a composite modulus N where the factors of N are shared among the participants as the secret key. This is a new paradigm for threshold cryptosystems based on a composite modulus, differing from the typical treatment of RSA-based systems where a “decryption exponent” is shared among the participants. Our approach yields solutions to some open problems in threshold cryptography; in particular, we obtain the following:
-
1
Threshold Homomorphic Encryption. A number of applications (e.g., electronic voting or efficient multi-party computation) require threshold homomorphic encryption schemes. We present a protocol for threshold decryption of the homomorphic Goldwasser-Micali encryption scheme [34], answering an open question of [21].
-
2
Threshold Cryptosystems as Secure as Factoring. We describe a threshold version of a variant of the signature standards ISO 9796-2 and PKCS#1 v1.5 (cf. [39, Section 11.3.4]), thus giving the first threshold signature scheme whose security (in the random oracle model) is equivalent to the hardness of factoring [12]. Our techniques may be adapted to distribute the Rabin encryption scheme [44] whose semantic security may be reduced to the hardness of factoring.
-
3
Efficient Threshold Schemes without a Trusted Dealer. Because our schemes only require sharing of N - which furthermore need not be a product of strong primes - our schemes are very efficient (compared to previous schemes) when a trusted dealer is not assumed and key generation is done in a distributed manner.
Extensions to achieve robustness and proactivation are also possible with our schemes.
Work done while at Columbia University and Telcordia Technologies
Chapter PDF
Similar content being viewed by others
References
J. Algesheimer, J. Camenisch, and V. Shoup. Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products. Crypto 2002.
D. Beaver and S. Haber. Cryptographic Protocols Provably Secure Against Dynamic Adversaries. Eurocrypt’ 92.
M. Bellare and P. Rogaway. The Exact Security of Digital Signatures-How to Sign with RSA and Rabin. Eurocrypt’ 96.
S.R. Blackburn. Combinatorics and Threshold Cryptography. In Combinatorial Designs and their Applications, F.C. Holroyd, et al., eds., CRC Press, 1999.
D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys. Crypto’ 97.
C. Boyd. Digital Multisignatures. In H. Baker and F. Piper, eds., Cryptography and Coding, Clarendon Press, 1989.
R. Canetti, U. Feige, O. Goldreich, and M. Naor. Adaptively Secure Multi-Party Computation. STOC’ 96.
R. Canetti, R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Adaptive Security for Threshold Cryptosystems. Crypto’ 99.
R. Canetti and S. Goldwasser. An Efficient Threshold Public-Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack. Eurocrypt’ 99.
D. Catalano, R. Gennaro, and S. Halevi. Computing Inverses over a Shared Secret Modulus. Eurocrypt 2000.
D. Chaum and T. Pedersen. Wallet Databases and Observers. Crypto’ 92.
J.S. Coron. Security Proof for Partial-Domain Hash Signature Schemes. Crypto 2002.
R. Cramer, I. Damgård, and J.B. Nielson. Multiparty Computation from Threshold Homomorphic Encryption. Eurocrypt 2001.
I. Damgård and M. Jurik. A Generalization, a Simplification, and Some Applications of Paillier’s Probabilistic Public-Key System. PKC 2001.
I. Damgård and M. Koprowski. Practical Threshold RSA Signatures without a Trusted Dealer. Eurocrypt 2001.
A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to Share a Function Securely. STOC’ 94.
Y. Desmedt. Society and Group-Oriented Cryptography: A New Concept. Crypto’ 87.
Y. Desmedt and Y. Frankel. Threshold Cryptosystems. Crypto’ 89.
Y. Desmedt and Y. Frankel. Shared Generation of Authenticators and Signatures. Crypto’ 91.
P.-A. Fouque, and D. Pointcheval, Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks. Asiacrypt 2001.
P.-A. Fouque, G. Poupard, and J. Stern. Sharing Decryption in the Context of Voting or Lotteries. Financial Cryptography, 2000.
P.-A. Fouque and J. Stern. Fully Distributed Threshold RSA under Standard Assumptions. Asiacrypt 2001.
Y. Frankel. A Practical Protocol for Large Group-Oriented Networks. Eurocrypt’ 89.
Y. Frankel, P. Gemmell, and M. Yung. Witness-Based Cryptographic Program Checking and Robust Function Sharing. STOC’ 96.
Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Proactive RSA. Crypto’ 97.
Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Optimal-Resilience Proactive Public-Key Cryptography. FOCS’ 97.
Y. Frankel, P. MacKenzie, and M. Yung. Robust Efficient Distributed RSA Key Generation. STOC’ 98.
Y. Frankel, P. MacKenzie, and M. Yung. Adaptively-Secure Distributed Public-Key Systems. European Symposium on Algorithms’ 99.
M. Franklin and S. Haber. Joint Encryption and Message-Efficient Secure Computation. J. Crypto 9(4): 217–232 (1996).
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust Threshold DSS Signatures. Eurocrypt’ 96.
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and Efficient Sharing of RSA Functions. J. Crypto 13(2): 273–300 (2000).
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Secure Distributed Key Generation for Discrete-Log-Based Cryptosystems. Eurocrypt’ 99.
O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game. STOC’ 87.
S. Goldwasser and S. Micali. Probabilistic Encryption. JCSS 28(2): 270–299 (1984).
A. Herzberg, M. Jakobsson, S, Jarecki, H. Krawczyk, and M. Yung. Proactive Public Key and Signature Systems. CCCS’ 97.
S. Jarecki and A. Lysyanskaya, Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures. Eurocrypt 2000.
J. Katz, S. Myers, and R. Ostrovsky. Cryptographic Counters and Applications to Electronic Voting. Eurocrypt 2001.
E. Kushilevitz and R. Ostrovsky. Replication is not Needed: Single Database Computationally-Private Information Retrieval. FOCS’ 97.
A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography, CRC Press, 1999.
M. Naor and M. Yung. Public-key Cryptosystems Provably Secure Against Chosen Ciphertext Attacks. STOC’ 90.
R. Ostrovsky and M. Yung. How to Withstand Mobile Virus Attacks. PODC’ 91.
P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. Eurocrypt’ 99.
T. P. Pedersen. A Threshold Cryptosystem Without a Trusted Party. Eurocrypt’ 91.
M. O. Rabin. Digital Signatures and Public Key Functions as Intractable as Factoring. Technical Memo TM-212, Lab. for Computer Science, MIT, 1979.
T. Rabin. A Simplified Approach to Threshold and Proactive RSA. Crypto’ 98.
V. Shoup. Practical Threshold Signatures. Eurocrypt 2000.
V. Shoup and R. Gennaro. Securing Threshold Cryptosystems Against Chosen Ciphertext Attack. Eurocrypt’ 98.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katz, J., Yung, M. (2002). Threshold Cryptosystems Based on Factoring. In: Zheng, Y. (eds) Advances in Cryptology — ASIACRYPT 2002. ASIACRYPT 2002. Lecture Notes in Computer Science, vol 2501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36178-2_12
Download citation
DOI: https://doi.org/10.1007/3-540-36178-2_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00171-3
Online ISBN: 978-3-540-36178-7
eBook Packages: Springer Book Archive