Efficient Sharing of RSA Keys and Diffie-Hellman Bit Security

高效共享 RSA 密钥和 Diffie-Hellman 位安全

• 批准号: 9732754
• 负责人: Dan Boneh
• 金额: $ 16.01万
• 依托单位: Stanford University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 1998
• 资助国家: 美国
• 起止时间: 1998-10-01 至 2001-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=9732754&HistoricalAwards=false
• 关键词: Efficient; Sharing; RSA; Keys; Diffie

The research focuses on two topics in Applied Cryptography: efficient generation of shared RSA keys and the bit security of the Diffie-Hellman secret. To protect a high security private key one may wish to share it among a few sites. If a small number of sites are compromised no harm is done. An obvious question is who generates the shared key? Traditionally, a "trusted dealer" generates an RSA key pair and then splits the private key among the sites. This project studies various protocols for enabling three or more parties to efficiently generate a shared RSA key WITHOUT a trusted dealer. At the end of the computation the participants have an RSA modulus N=pq. They are all convinced that N is the product of two large distinct primes; however no proper coalition knows the factorization of N. The protocols should be appropriate for small, low bandwidth devices such as smartcards or Personal Digital Assistants (PDA's). The project's second topic is the bit security of the Diffie- Hellman secret. The Diffie-Hellman protocol enables two parties to exchange a secret. Although an adversary may not be able to compute the entire secret, she may be able to infer certain information about it. The proposed research will provide bounds on the amount of information an adversary can infer. To do so one shows that if an adversary can recover certain bits of the Diffie-Hellman secret then she can also break the entire protocol. The techniques needed for such reductions involve lattices and the LLL algorithm.

该研究重点介绍了应用密码学中的两个主题：有效地生成共享的RSA钥匙和Diffie-Hellman Secret的位安全性。 为了保护高安全私钥，一个人可能希望在几个站点中分享它。如果少量地点被损害，则不会造成任何伤害。一个明显的问题是谁生成共享密钥？传统上，“值得信赖的经销商”会产生一个RSA密钥对，然后将私钥分开。 该项目研究了各种协议，以使三个或多个政党在没有信任的经销商的情况下有效地生成共享的RSA密钥。 在计算结束时，参与者的RSA模量n = pq。他们都坚信n是两个大型素数的产物。但是，没有适当的联盟知道N的分解。协议应适用于小型，低带宽设备，例如智能卡或个人数字助手（PDA）。 该项目的第二个主题是Diffie-Hellman Secret的位安全性。 Diffie-Hellman协议使两个方可以交换秘密。 尽管对手可能无法计算整个秘密，但她可能能够推断出有关它的某些信息。 拟议的研究将为对手可以推断的信息量提供界限。 为此，人们表明，如果对手可以恢复Diffie-Hellman Secret的某些位，那么她也可以打破整个协议。 此类减少所需的技术涉及晶格和LLL算法。