Efficient Dealer-Less Threshold Sharing of Standard RSA

In [15] an efficient two-party, two-prime RSA function sharing protocol was proposed. The protocol proves efficiency over previously proposed protocols. When the sharing of standard RSA is considered, the protocol is faster than ever. In this paper, under the assumption that the adversary has eavesdropping and halting capabilities, we propose an efficient extension to the protocol of [15]. Our protocol enjoys the following properties (some of which are inherit from [15]): The protocol is fully distributed (i.e. does not require an honest dealer). It is a t-private and t-resilient (t, n)-threshold structure against a stationary adversary and also t-proactive (t, n)threshold structure against a mobile adversary, where the number of players n > 3t. The players jointly generate two-prime RSA modulus in a number of trials of O(`/lg`) since, the protocol avoids the inefficient distributed biprimality test. An extension of the protocol allows the generation of a RSA modulus which is a composite of two safe primes. Distributed primality tests are performed over a public modulus not a shared secret one, which reduces complexity on a per trial basis. We must emphasize that robustness against malicious adversaries (adversaries that masquerade the corrupted player by altering, deleting, sending wrong values, etc.) are beyond the scope of this paper.