Attack Against Ibrahim's Distributed Key Generation for RSA

Distributed RSA key generation protocols aim to generate RSA keys in such a way that no single participant of the protocol can learn factorization of the RSA modulus. In this paper, the authors show that two recent protocols of this kind fail their security target. They present an attack that can be launched by any protocol participant after terminating distributed key generation process. One motivation for this kind of protocols is to generate RSA numbers in a situation that a user cannot fully trust any single hardware/software unit.