Skip to Main content Skip to Navigation
Journal articles

Cryptanalysis of Server-Aided RSA Protocols with Private-Key Splitting

Abstract : We analyze the security and the efficiency of interactive protocols where a client wants to delegate the computation of an RSA signature given a public key, a public message and the secret signing exponent. We consider several protocols where the secret exponent is splitted using some algebraic decomposition. We first provide an exhaustive analysis of the delegation protocols in which the client outsources a single RSA exponentiation to the server. We then revisit the security of the protocols RSA-S1 and RSA-S2 that were proposed by Matsumoto, Kato and Imai in 1988. We present an improved lattice-based attack on RSA-S1 and we propose a simple variant of this protocol that provides better efficiency for the same security level. Eventually, we present the first attacks on the protocol RSA-S2 that employs the Chinese Remainder Theorem to speed up the client's computation. The efficiency of our (heuristic) attacks has been validated experimentally.
Document type :
Journal articles
Complete list of metadatas

Cited literature [44 references]  Display  Hide  Download
Contributor : Damien Vergnaud <>
Submitted on : Sunday, May 10, 2020 - 11:36:12 AM
Last modification on : Thursday, June 11, 2020 - 3:46:32 AM


Files produced by the author(s)



Thierry Mefenza Nountu, Damien Vergnaud. Cryptanalysis of Server-Aided RSA Protocols with Private-Key Splitting. The Computer Journal, Oxford University Press (UK), 2019, 62 (8), pp.1194-1213. ⟨10.1093/comjnl/bxz040⟩. ⟨hal-02082342⟩



Record views


Files downloads