You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Alice learns shares p1 and q1, and Bob learns shares p2 and q2, such that p=p1+p2 and q=q1+q2 are primes, and N=pq. None of the parties has any other information about the shares of the other party. Alice and Bob then run a short protocol for computing shares d1, d2 of the decryption exponent.
If the protocol is not extensible to more than two parties, Alice and Bob can further split their d1 and d2 such that the additional parties have parts from each Alice and Bob, but neither Alice nor Bob know any of the private shares.
The text was updated successfully, but these errors were encountered:
Looks like the authors of that particular paper have a company selling distributed HSM products, which is why they didn't publish any source code to go with it. Boo.
There are lots of papers on using oblivious transfer or other mechanisms to generate the private key so that it never lives in one place. An example protocol: https://medium.com/@benny.pinkas/fast-distributed-rsa-key-generation-against-malicious-adversaries-faaaab96821d
If the protocol is not extensible to more than two parties, Alice and Bob can further split their d1 and d2 such that the additional parties have parts from each Alice and Bob, but neither Alice nor Bob know any of the private shares.
The text was updated successfully, but these errors were encountered: