Cryptanalysis of Server-Aided RSA Protocols with Private-Key Splitting

Abstract : We analyze the security and the efficiency of interactive protocols where a client wants to delegate the computation of an RSA signature given a public key, a public message and the secret signing exponent. We consider several protocols where the secret exponent is splitted using some algebraic decomposition. We first provide an exhaustive analysis of the delegation protocols in which the client outsources a single RSA exponentiation to the server. We then revisit the security of the protocols RSA-S1 and RSA-S2 that were proposed by Matsumoto, Kato and Imai in 1988. We present an improved lattice-based attack on RSA-S1 and we propose a simple variant of this protocol that provides better efficiency for the same security level. Eventually, we present the first attacks on the protocol RSA-S2 that employs the Chinese Remainder Theorem to speed up the client's computation. The efficiency of our (heuristic) attacks has been validated experimentally.
Document type :
Journal articles
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-02082342
Contributor : Damien Vergnaud <>
Submitted on : Thursday, March 28, 2019 - 11:03:52 AM
Last modification on : Monday, August 26, 2019 - 11:15:50 AM

Identifiers

Citation

Thierry Mefenza Nountu, Damien Vergnaud. Cryptanalysis of Server-Aided RSA Protocols with Private-Key Splitting. The Computer Journal, Oxford University Press (UK), 2019, 62 (8), pp.1194-1213. ⟨10.1093/comjnl/bxz040⟩. ⟨hal-02082342⟩

Share

Metrics

Record views

40