Add to ORKGAbstract. We discuss the following problem: Given an integer φ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e −1 mod φ. The most interesting case is when φ is the Euler function of a known RSA modulus N, φ = φ(N). The problem has several applications, among which the construction of threshold variants for two recent signature schemes proposed by Gennaro-Halevi-Rabin and Cramer-Shoup. We present new and efficient protocols to solve this problem, improving over previous solutions by Boneh-Franklin and Frankel et al. Our basic protocol (secure against honest but curious players) requires only two rounds of communication and a single GCD computation. The robust protocol (secure again...
We show that if a set of players hold shares of a value a Î \mathbbFp aFpfor some prime p (where the...
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply...
Abstract. We address a lattice based method on small secret exponent attack on RSA scheme. Boneh and...
We present a new protocol for efficient distributed computation modulo a shared secret. We further p...
In literature, there are a number of cryptographic algorithms (RSA, ElGamal, NTRU, etc.) that requir...
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply...
Abstract—Function sharing deals with the problem of distribution of the computation of a function (s...
Given knowledge of one or more of the primes in a multiprime RSA modulus we show that the private ex...
Let us consider a system in which a group of entities have all the same encyption exponent e, but, e...
There has been renewed attention to threshold signature in recent years as the threshold version of ...
Function sharing deals with the problem of distribution of the computation of a function (such as de...
International audienceWe consider four variants of the RSA cryptosystem with an RSA modulus N = pq w...
Abstract. This paper describes new algorithms for computing a modular inverse e−1 mod f given coprim...
Abstract. We consider RSA-type schemes with modulus N = p r q for r ≥ 2. We present two new attacks ...
International audienceLet (n = pq, e = n^β) be an RSA public key with private exponent d = n^δ , whe...
We show that if a set of players hold shares of a value a Î \mathbbFp aFpfor some prime p (where the...
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply...
Abstract. We address a lattice based method on small secret exponent attack on RSA scheme. Boneh and...
We present a new protocol for efficient distributed computation modulo a shared secret. We further p...
In literature, there are a number of cryptographic algorithms (RSA, ElGamal, NTRU, etc.) that requir...
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply...
Abstract—Function sharing deals with the problem of distribution of the computation of a function (s...
Given knowledge of one or more of the primes in a multiprime RSA modulus we show that the private ex...
Let us consider a system in which a group of entities have all the same encyption exponent e, but, e...
There has been renewed attention to threshold signature in recent years as the threshold version of ...
Function sharing deals with the problem of distribution of the computation of a function (such as de...
International audienceWe consider four variants of the RSA cryptosystem with an RSA modulus N = pq w...
Abstract. This paper describes new algorithms for computing a modular inverse e−1 mod f given coprim...
Abstract. We consider RSA-type schemes with modulus N = p r q for r ≥ 2. We present two new attacks ...
International audienceLet (n = pq, e = n^β) be an RSA public key with private exponent d = n^δ , whe...
We show that if a set of players hold shares of a value a Î \mathbbFp aFpfor some prime p (where the...
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply...
Abstract. We address a lattice based method on small secret exponent attack on RSA scheme. Boneh and...