A simplified approach to threshold and proactive RSA [chapter]

Tal Rabin
1998 Lecture Notes in Computer Science  
We present a solution to both the robust threshold RSA and proactive RSA problems. Our solutions are conceptually simple, and allow for an easy design of the system. The signing key, in our solution, is shared at all ~imes in additive form, which allows for simple signing and for a particularly efficient and straightforward refreshing process for proactivization. The key size is (up to a very small constant) the size of the RSA modulus, and the protocol runs in constant time, even when faults
more » ... cur, unlike previous protocols where either the size of the key has a linear blow-up (at best) in the number of players or the run time of the protocol is linear in the number of faults. The protocol is optimal in its resilience as it can tolerate a minority of faulty players. Furthermore, unlike previous solutions, the existence and availability of the key throughout the lifetime of the system, is guaranteed without probability of error. These results are derived from a new general technique for transforming distributed computations for which there is a known n-out-n solution into threshold and robust computations.
doi:10.1007/bfb0055722 fatcat:br5gnkaoizbtbcicpsiq3jghs4