RSA Modulus Generation in the Two-Party Case
In this paper, secure two-party protocols are provided in order to securely generate a random k-bit RSA modulus n keeping its factorization secret. The authors show that most existing two-party protocols based on Boneh's test are not correct: an RSA modulus can be output in the malicious case. Recently, Hazay et al. proposed the first proven secure protocol against any polynomial active adversary. However, their protocol is very costly: several hours are required to output a 1024-bit RSA modulus on a standard platform. In this paper, they propose another approach consisting of post-processing efficient existing Boneh's based protocols. The running time of this post-processing can be neglected with respect to the running time of the whole protocol.