Results 1 
4 of
4
Efficient generation of shared RSA keys
 Advances in Cryptology  CRYPTO 97
, 1997
"... We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the ..."
Abstract

Cited by 132 (5 self)
 Add to MetaCart
We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption. Our protocols are efficient in computation and communication. All results are presented in the honest but curious settings (passive adversary).
How to Choose Secret Parameters for RSA and its Extensions to Elliptic Curves
, 2001
"... Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because ..."
Abstract
 Add to MetaCart
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because the underlying groups are not always cyclic.
The First Ten Years of PublicKey Cryptography
, 1988
"... Publickey cryptosystems separate the capacities for encryption and decryption so that 7) many people can encrypt messages in such a way that only one person can read them, or 2) one person can encrypt messages in such a way that many people can read them. This separation allows important improvemen ..."
Abstract
 Add to MetaCart
Publickey cryptosystems separate the capacities for encryption and decryption so that 7) many people can encrypt messages in such a way that only one person can read them, or 2) one person can encrypt messages in such a way that many people can read them. This separation allows important improvements in the management of cryptographic keys and makes it possible to ‘sign ’ a purely digital message. Public key cryptography was discovered in the Spring of 1975 and has followed a surprising course. Although diverse systems were proposed early on, the ones that appear both practical and secure today are all very closely related and the search for new and different ones has met with little success. Despite this reliance on a limited mathematical foundation publickey cryptography is revolutionizing communication security by making possible secure communication networks with hundreds of thousands of subscribers.
Security of Biased Sources for Cryptographic Keys
, 2001
"... Cryptographic schemes are based on keys which are highly involved in granting their security. It is in general assumed that the source producing these keys has uniformly distribution, that is, it produces keys from a given key space with equal probability. Consequently, deviations from uniform distr ..."
Abstract
 Add to MetaCart
Cryptographic schemes are based on keys which are highly involved in granting their security. It is in general assumed that the source producing these keys has uniformly distribution, that is, it produces keys from a given key space with equal probability. Consequently, deviations from uniform distribution of the key source may be regarded a priori as a potential security breach, even if no dedicated attack is known, which might take advantage of these deviations. We propose in this paper a model for biased key sources and show that it is possible to prove some results about tolerance of biases, which have the property of being inherent to the bias itself and not requiring assumptions about unknown attacks, using these biases. The model is based on comparing the average case complexities of generic attacks to some number theoretical problems, with respect to uniform and to biased distributions. We also show the connection to information entropy based analysis of biased ...