Efficient Sharing of RSA Keys and Diffie-Hellman Bit Security

高效共享 RSA 密钥和 Diffie-Hellman 位安全

• 批准号: 9732754
• 负责人: Dan Boneh
• 金额: $ 16.01万
• 依托单位: Stanford University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 1998
• 资助国家: 美国
• 起止时间: 1998-10-01 至 2001-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=9732754&HistoricalAwards=false
• 关键词: Efficient; Sharing; RSA; Keys; Diffie

The research focuses on two topics in Applied Cryptography: efficient generation of shared RSA keys and the bit security of the Diffie-Hellman secret. To protect a high security private key one may wish to share it among a few sites. If a small number of sites are compromised no harm is done. An obvious question is who generates the shared key? Traditionally, a "trusted dealer" generates an RSA key pair and then splits the private key among the sites. This project studies various protocols for enabling three or more parties to efficiently generate a shared RSA key WITHOUT a trusted dealer. At the end of the computation the participants have an RSA modulus N=pq. They are all convinced that N is the product of two large distinct primes; however no proper coalition knows the factorization of N. The protocols should be appropriate for small, low bandwidth devices such as smartcards or Personal Digital Assistants (PDA's). The project's second topic is the bit security of the Diffie- Hellman secret. The Diffie-Hellman protocol enables two parties to exchange a secret. Although an adversary may not be able to compute the entire secret, she may be able to infer certain information about it. The proposed research will provide bounds on the amount of information an adversary can infer. To do so one shows that if an adversary can recover certain bits of the Diffie-Hellman secret then she can also break the entire protocol. The techniques needed for such reductions involve lattices and the LLL algorithm.

本文的研究主要集中在应用密码学中的两个主题：共享RSA密钥的高效生成和Diffie-Hellman秘密的比特安全性。 为了保护高安全性私钥，可能希望在几个站点之间共享它。如果少数站点受到危害，则不会造成损害。一个明显的问题是谁生成共享密钥？传统上，“可信经销商”生成RSA密钥对，然后在站点之间分割私钥。 本项目研究各种协议，使三方或多方能够在没有可信经销商的情况下有效地生成共享RSA密钥。 在计算结束时，参与者具有RSA模数N=pq。他们都相信N是两个大的不同素数的乘积;然而没有一个正确的联盟知道N的因式分解。 这些协议应该适合于小型、低带宽的设备，如智能卡或个人数字助理（PDA）。 该项目的第二个主题是Diffie-Hellman秘密的比特安全性。 Diffie-Hellman协议允许双方交换秘密。 虽然对手可能无法计算出整个秘密，但她可能能够推断出有关它的某些信息。拟议的研究将提供对手可以推断的信息量的界限。 这样做表明，如果对手可以恢复Diffie-Hellman秘密的某些比特，那么她也可以破坏整个协议。 这种减少所需的技术涉及格和LLL算法。