Results 1 
8 of
8
Efficient generation of shared RSA keys
 Advances in Cryptology  CRYPTO 97
, 1997
"... We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the ..."
Abstract

Cited by 132 (5 self)
 Add to MetaCart
We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption. Our protocols are efficient in computation and communication. All results are presented in the honest but curious settings (passive adversary).
The Round Complexity of Secure Protocols
, 1990
"... ) Donald Beaver Harvard University Silvio Micali y MIT Phillip Rogaway y MIT Abstract In a network of n players, each player i having private input x i , we show how the players can collaboratively evaluate a function f(x 1 ; : : : ; xn ) in a way that does not compromise the privacy of the pla ..."
Abstract

Cited by 99 (2 self)
 Add to MetaCart
) Donald Beaver Harvard University Silvio Micali y MIT Phillip Rogaway y MIT Abstract In a network of n players, each player i having private input x i , we show how the players can collaboratively evaluate a function f(x 1 ; : : : ; xn ) in a way that does not compromise the privacy of the players' inputs, and yet requires only a constant number of rounds of interaction. The underlying model of computation is a complete network of private channels, with broadcast, and a majority of the players must behave honestly. Our solution assumes the existence of a oneway function. 1 Introduction Secure function evaluation. Assume we have n parties, 1; : : : ; n; each party i has a private input x i known only to him. The parties want to correctly evaluate a given function f on their inputs, that is to compute y = f(x 1 ; : : : ; xn ), while maintaining the privacy of their own inputs. That is, they do not want to reveal more than the value y implicitly reveals. Secure function evaluat...
Fair Exchange with a SemiTrusted Third Party (Extended Abstract)
 4TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY
, 1997
"... We present new protocols for two parties to exchange documents with fairness, i.e., such that no party can gain an advantage by quitting prematurely or otherwise misbehaving. We use a third party that is "semitrusted", in the sense that it may misbehave on its own but will not conspire wi ..."
Abstract

Cited by 92 (2 self)
 Add to MetaCart
We present new protocols for two parties to exchange documents with fairness, i.e., such that no party can gain an advantage by quitting prematurely or otherwise misbehaving. We use a third party that is "semitrusted", in the sense that it may misbehave on its own but will not conspire with either of the main parties. In our solutions, disruption by any one of the three parties will not allow the disrupter gain any useful new information about the documents. Our solutions are efficient and can be based on any of several cryptographic assumptions (e.g., factoring, discrete log, graph isomorphism). We also discuss the application of our techniques to electronic commerce protocols to achieve fair payment.
Electronic Auctions with Private Bids
, 1998
"... Auctions are a fundamental electronic commerce technology. We describe a set of protocols for performing sealedbid electronic auctions which preserve the privacy of the submitted bids using a form of secure distributedcomputation. Bids are never revealed to any party, even after the auction is comp ..."
Abstract

Cited by 67 (5 self)
 Add to MetaCart
(Show Context)
Auctions are a fundamental electronic commerce technology. We describe a set of protocols for performing sealedbid electronic auctions which preserve the privacy of the submitted bids using a form of secure distributedcomputation. Bids are never revealed to any party, even after the auction is completed. Both #rstprice and secondprice #Vickrey# auctions are supported, and the computational costs of the methods are low enough to allow their use in many realworld auction situations. 1 Introduction Auctions are a fundamental technology for electronic commerce. They have been suggested as a technology for controlling allocation of bandwidth #5, 10# and are increasingly seen on the web. If we could have an ideal auction, what properties mightwe desire? Here are some desiderata #not a complete list# for an ideal auction: # Economic design wewant the auction to be designed on solid economic principles and for participants to have incentives to bid as they truly value the item  t...
Secure Group Barter: MultiParty Fair Exchange with SemiTrusted Neutral Parties
 Lecture Notes in Computer Science
, 1998
"... The recent surge in popularity of ecommerce prompted a lot of activity in the area of electronic payments. Solutions have been developed for cash, credit card and checkbased electronic transactions. Much less attention has been paid to nonmonetary commerce such as barter. In this paper we discuss ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
(Show Context)
The recent surge in popularity of ecommerce prompted a lot of activity in the area of electronic payments. Solutions have been developed for cash, credit card and checkbased electronic transactions. Much less attention has been paid to nonmonetary commerce such as barter. In this paper we discuss the notion of "secure group barter" or multiparty fair exchange. We develop a classification of types of barter schemes and present new cryptographic protocols for multiparty exchange with fairness. These protocols assume the presence of a "semitrusted neutral party". 1 Introduction This paper is concerned with the barter of digital goods among groups of participants in the electronic world. The kind of barter we envision is an instantaneous, onetime, discrete trade arrangement by an ad hoc group of participants. A crucial issue for this kind of barter situation is "fairness". This is a kind of atomicity property for the exchange, whereby no participant gives anything away unless she g...
Efficient Generation of Shared RSA keys (Extended Abstract)
 In Kaliski [103
"... We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N . In addition a public encryption exponent is publicly known and each party holds a share o ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N . In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption. Our protocols are efficient in computation and communication.
Donald Beaver* Harvard University
"... In a network of n players, each player i having private input zi, we show how the players can collaboratively evaluate a function f(zl,..., zn) in a way that does not compromise the privacy of the players ' inputs, and yet requires only a constant number of rounds of interaction. The underlying ..."
Abstract
 Add to MetaCart
In a network of n players, each player i having private input zi, we show how the players can collaboratively evaluate a function f(zl,..., zn) in a way that does not compromise the privacy of the players ' inputs, and yet requires only a constant number of rounds of interaction. The underlying model of computation is a complete network of private channels, with broadcast, and a majority of the players must behave honestly. Our solution assumes the existence of a oneway function. 1