We discuss the following problem: Given an integer ϕ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e−1 mod ϕ. The most interesting case is when ϕ is the Euler function of a known RSA modulus N, ϕ = ϕ(N). The problem has several applications, among which the construction of threshold variants for two recent signature schemes proposed by Gennaro-Halevi-Rabin and Cramer-Shoup. We present new and efficient protocols to solve this problem, improving over previous solutions by Boneh-Franklin and Frankel et al. Our basic protocol (secure against honest but curious players) requires only two rounds of communication and a single GCD computation. The robust protocol (secure against malicious players) adds only a couple of rounds and a few modular exponentiations to the computation.
CITATION STYLE
Catalano, D., Gennaro, R., & Halevi, S. (2000). Computing inverses over a shared secret modulus. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1807, pp. 190–206). Springer Verlag. https://doi.org/10.1007/3-540-45539-6_14
Mendeley helps you to discover research relevant for your work.