We propose a new method for shared RSA signing between the user and the server so that: (a) the server alone is unable to create valid signatures; (b) having the client’s share, it is not possible to create a signature without the server; (c) the server detects cloned client’s shares and blocks the service; (d) having the password-encrypted client’s share, the dictionary attacks cannot be performed without alerting the server; (e) the composite RSA signature “looks like” an ordinary RSA signature and verifies with standard crypto-libraries. We use a modification of the four-prime RSA scheme of Damgård, Mikkelsen and Skeltved from 2015, where the client and the server have independent RSA private keys. As their scheme is vulnerable to dictionary attacks, in our scheme, the client’s RSA private exponent is additively shared between server and client. Our scheme has been deployed and has over 200,000 users.
CITATION STYLE
Buldas, A., Kalu, A., Laud, P., & Oruaas, M. (2017). Server-supported RSA signatures for mobile devices. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10492 LNCS, pp. 315–333). Springer Verlag. https://doi.org/10.1007/978-3-319-66402-6_19
Mendeley helps you to discover research relevant for your work.