Computing inverses over a shared secret modulus

Computing inverses over a shared secret modulus (2000)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Dario Catalano , Rosario Gennaro , Shai Halevi

Citations:

26 - 0 self

BibTeX

@INPROCEEDINGS{Catalano00computinginverses,
    author = {Dario Catalano and Rosario Gennaro and Shai Halevi},
    title = {Computing inverses over a shared secret modulus},
    booktitle = {},
    year = {2000},
    pages = {190--206},
    publisher = {Springer-Verlag}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Abstract. We discuss the following problem: Given an integer φ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e −1 mod φ. The most interesting case is when φ is the Euler function of a known RSA modulus N, φ = φ(N). The problem has several applications, among which the construction of threshold variants for two recent signature schemes proposed by Gennaro-Halevi-Rabin and Cramer-Shoup. We present new and efficient protocols to solve this problem, improving over previous solutions by Boneh-Franklin and Frankel et al. Our basic protocol (secure against honest but curious players) requires only two rounds of communication and a single GCD computation. The robust protocol (secure against malicious players) adds only a couple of rounds and a few modular exponentiations to the computation. 1

Citations

2506	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
1231	Theory of Linear and Integer Programming - Schrijver - 1986
574	A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation - Ben-Or, Goldwasser, et al. - 1988
350	How to play any mental game - Goldreich, Micali, et al. - 1987
298	Non-interactive and information-theoretic secure verifiable secret sharing - Pedersen - 1998
148	Collision-free accumulators and fail-stop signature schemes without trees - Baric, Pfitzmann - 1997
127	Signature schemes based on the strong RSA assumption - Cramer, Shoup
118	T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations - Fujisaki, Okamoto - 1997
112	Efficient generation of shared rsa keys - Boneh, Franklin
106	Secure hash-and-sign signatures without the random oracle - Gennaro, Halevi, et al. - 1999
101	Non-cryptographic fault-tolerant computing in constant number of rounds of interaction - Bar-Ilan, Beaver - 1989
96	Error correction of algebraic block codes - Berlekamp, Welch - 1986
93	Society and group oriented cryptography: A new concept - Desmedt - 1988
83	Threshold Cryptography - Desmedt - 1994
66	Robust and efficient sharing of RSA functions - Gennaro, Jarecki, et al.
64	E cient checking of polynomials and proofs and the hardness of approximation problems - Sudan - 1992
44	Robust Efficient Distributed RSA-Key Generation - Frankel, MacKenzie, et al. - 1998
41	Optimal Resilience Proactive Public-Key Cryptosystems - Frankel, Gemmell, et al. - 1997
37	Adaptive Security for Threshold Cryptosystems - Canetti, Gennaro, et al. - 1999
33	An introduction to threshold cryptography, Cryptobytes - Gemmell - 1997
26	Witness-based Cryptographic Program Checking and Robust Function Sharing Proc. of Symposium on the Theory of Computation - Frankel, Gemmell, et al. - 1996
12	New efficient and secure protocols for verifiable signature sharing and other applications - Catalano, Gennaro
6	A Simplified Approach to Threshold and - Rabin - 1998
1	chooses a random τ ∈ [−M 2 - unknown authors
1	proves in zero-knowledge (to a verifier V ) that D is correct w.r.t. A, B as follows (a) P chooses α, ˆα, β, ˆ β, ˆγ at random in [−M 6 , M 6 ], and send to V the values M1 = G α H ˆα , M2 = G β H ˆ β , M3 = B α H ˆγ . (b) V chooses a random d in [0, M] a - unknown authors
1	reveals f = ab + ec and ˆ f = τ + eĉ. The value is accepted if and only if G f H ˆ f = DC e mod M - unknown authors
1	chooses a random τ - unknown authors
1	proves in zero-knowledge (to a verifier V )thatD is correct w.r.t. A, B as follows (a) P chooses α, ˆα, β, ˆ β, ˆγ at random in [−M 6 ,M 6 ],andsendtoV the values M1 = G α H ˆα , M2 = G β H ˆ β , M3 = B α H ˆγ . (b) V chooses a random d in [0,M] and sends - unknown authors
1	reveals f = ab + ec and ˆf = τ + eĉ. The value is accepted if and only if G f H ˆ f = DC e mod M - unknown authors