A Simple Approach to Secretly Sharing a Factoring Witness in Publicly-Verifiable manner
Bibliographic Information
- Other Title
-
- Simple Approach to Secretly Sharing a Factoring Witness in Publicly Verifiable manner
- 公開検証可RSA型鍵分散方式
Search this article
Abstract
RSA暗号の復号鍵を秘密分散することを考える。但しDealerは全ての情報を放送型通信路(Broadcast Channel)に流し、「任意の第三者」もDealerの行った秘密分散が正しいことを検証できるようにしたい。ここで、当然のことだが、分散されたshareは、各Playerの(公開)鍵で暗号化された上で送信されており.正規のPlayerのみが自分のshareを取り出せるようでなければいけない。本稿では、この問題に対して、安全で非常に効率の良い方式があることを示す。
We give a simple solution to secretly sharing a factoring witness (or RSA secret-key d) in a publicly verifiable manner. This PVSS protocol is useful for various cryptosystems such as the fair-cryptosystem of RSA and the threshold and proactive RSA. As a primitive, we present a proof-of-knowledge protocol that works in a cyclic group of an unknown order. For this kind of protocols, the proof of soundness seems to have been provided incompletely in the literature [11,17,6], even though they appear in many applications, for instance, PVSS [20,12], group signature [4,5] and optimistic fair-exchange [2,1]. We provide a rigorous proof for our protocol. As PVSS for factoring witness, our solution is conceptually simple and the first practical and provably-secure scheme under some reasonable assumptions and, as PVSS for discrete log, it is almost at simple as that in [18].
Journal
-
- 電子情報通信学会技術研究報告 = IEICE technical report : 信学技報
-
電子情報通信学会技術研究報告 = IEICE technical report : 信学技報 101 (47), 21-28, 2001-05-17
The Institute of Electronics, Information and Communication Engineers