We present protocols for threshold cryptography in the GBD public-key cryptosystem. Both threshold decryption and threshold key generation are covered, in the 'honest-but-curious' setting. This shows that it is possible to perform GBD computations in a distributed manner during both key generation and decryption, without revealing the private key to any party. GBD threshold decryption is similar to El-Gamal threshold decryption. GBD threshold key generation is based on adaptations of protocols for RSA key generation by Boneh and Franklin, and Catalano et al, and includes a new protocol for efficiently computing the inverse of a shared secret modulo another shared secret.\ud \ud We also show an application of GBD threshold cryptography to RSA key recovery. This is based on the use of GBD as a master cryptosystem, whose use allows generation by individual users of RSA moduli that can be factored by using the GBD private key as trapdoor information. This application requires RSA key generation to be tailored, but other operations are standard RSA. Clearly, compromise of the GBD private key would compromise all corresponding RSA private keys, so the security of the GBD master private key should be stronger than the security of the individual RSA keys, and this can be achieved using threshold methods. Finally, we point out two open problems in the RSA key recovery application
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.