{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T17:24:31Z","timestamp":1778693071195,"version":"3.51.4"},"reference-count":64,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2018,2,5]],"date-time":"2018-02-05T00:00:00Z","timestamp":1517788800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2019,4]]},"DOI":"10.1007\/s00145-017-9275-7","type":"journal-article","created":{"date-parts":[[2018,2,5]],"date-time":"2018-02-05T17:03:36Z","timestamp":1517850216000},"page":"265-323","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":52,"title":["Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting"],"prefix":"10.1007","volume":"32","author":[{"given":"Carmit","family":"Hazay","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gert L\u00e6ss\u00f8e","family":"Mikkelsen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tal","family":"Rabin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tomas","family":"Toft","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Angelo Agatino","family":"Nicolosi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,2,5]]},"reference":[{"key":"9275_CR1","doi-asserted-by":"crossref","unstructured":"J.\u00a0Algesheimer, J.\u00a0Camenisch, V.\u00a0Shoup, Efficient computation modulo a shared secret with application to the generation of shared safe-prime products, in M.\u00a0Yung, editor, CRYPTO. Lecture Notes in Computer Science, vol. 2442 (Springer, 2002), pp. 417\u2013432","DOI":"10.1007\/3-540-45708-9_27"},{"key":"9275_CR2","doi-asserted-by":"crossref","unstructured":"J.\u00a0Bar-Ilan, D.\u00a0Beaver, Non-cryptographic fault-tolerant computing in a constant number of rounds of interaction, in P. Rudnicki, editor, Proceedings of the Eighth Annual ACM Symposium on Principles of Distributed Computing (ACM Press, New York, 1989), pp 201\u2013209","DOI":"10.1145\/72981.72995"},{"key":"9275_CR3","unstructured":"S.\u00a0Blackburn, S.\u00a0Blake-Wilson, M.\u00a0Burmester, S.\u00a0Galbraith. Shared generation of shared RSA keys (1998). \n                    http:\/\/cacr.math.uwaterloo.ca\/techreports\/1998\/corr98-19.ps"},{"key":"9275_CR4","unstructured":"R.\u00a0Bendlin, I.\u00a0Damg\u00e5rd, C.\u00a0Orlandi, S.\u00a0Zakarias. Semi-homomorphic encryption and multiparty computation, in EUROCRYPT (2011), pp. 169\u2013188"},{"issue":"4","key":"9275_CR5","doi-asserted-by":"publisher","first-page":"702","DOI":"10.1145\/502090.502094","volume":"48","author":"D Boneh","year":"2001","unstructured":"D.\u00a0Boneh, M.\u00a0K. Franklin, Efficient generation of shared RSA keys. J. ACM\n                           48(4), 702\u2013722 (2001)","journal-title":"J. ACM"},{"key":"9275_CR6","doi-asserted-by":"crossref","unstructured":"O.\u00a0Baudron, P.\u00a0A. Fouque, D.\u00a0Pointcheval, G.\u00a0Poupard, J.\u00a0Stern. Practical multi-candidate election system, in PODC (ACM Press, 2001), pp. 274\u2013283","DOI":"10.1145\/383962.384044"},{"key":"9275_CR7","doi-asserted-by":"crossref","unstructured":"F.\u00a0Boudot. Efficient proofs that a committed number lies in an interval, in B.\u00a0Preneel, editor, EUROCRYPT. Lecture Notes in Computer Science, vol. 1807 (Springer, 2000), pp. 431\u2013444","DOI":"10.1007\/3-540-45539-6_31"},{"key":"9275_CR8","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/s001459910006","volume":"13","author":"R Canetti","year":"2000","unstructured":"R. Canetti, Security and composition of multi-party cryptographic protocols. J. Cryptol.\n                           13, 143\u2013202 (2000)","journal-title":"J. Cryptol."},{"key":"9275_CR9","unstructured":"R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in FOCS (2001), pp. 136\u2013145"},{"key":"9275_CR10","unstructured":"R.\u00a0Cramer, I.\u00a0Damg\u00e5rd, On the amortized complexity of zero-knowledge protocols, in CRYPTO (2009), pp. 177\u2013191"},{"key":"9275_CR11","unstructured":"R.\u00a0Cramer, I.\u00a0Damg\u00e5rd, J.\u00a0B. Nielsen, Multiparty computation from threshold homomorphic encryption, in EUROCRYPT (2001), pp. 280\u2013299"},{"key":"9275_CR12","unstructured":"D.\u00a0Catalano, R.\u00a0Gennaro, N.\u00a0Howgrave-Graham, P.\u00a0Q. Nguyen, Paillier\u2019s cryptosystem revisited, in ACM Conference on Computer and Communications Security (2001), pp. 206\u2013214"},{"key":"9275_CR13","unstructured":"R.\u00a0Cramer, R.\u00a0Gennaro, B.\u00a0Schoenmakers, A secure and optimally efficient multi-authority election scheme, in EUROCRYPT (1997), pp. 103\u2013118"},{"key":"9275_CR14","unstructured":"J.\u00a0Camenisch, A.\u00a0Kiayias, M.\u00a0Yung, On the portability of generalized Schnorr proofs, in EUROCRYPT 2009 (2009), pp. 425\u2013442"},{"key":"9275_CR15","unstructured":"R.\u00a0Cleve, Limits on the security of coin flips when half the processors are faulty (extended abstract), in STOC (1986), pp. 364\u2013369"},{"key":"9275_CR16","unstructured":"C.\u00a0Cocks, Split generation of RSA parameters with multiple participants, in Proceedings of 6th IMA Conference on Cryptography and Coding. LNCS 1355 (1997), pp. 200\u2013212"},{"key":"9275_CR17","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"D.\u00a0Coppersmith, Small exponents to polynomial equations, and low exponent RSA vulnerabilities, J. Cryptol.\n                           10, 233\u2013260 (1997)","journal-title":"J. Cryptol."},{"key":"9275_CR18","unstructured":"D. Chaum, T.\u00a0P. Pedersen, Wallet databases with observers, in CRYPTO (1992), pp. 89\u2013105"},{"key":"9275_CR19","unstructured":"N.\u00a0DeBruijn, On the number of uncanceled elements in the sieve of eratosthenes, in Proc. Neder. Akad. Wetensh. (53), pp. 803\u2013812. (Reviewed in LeVeque Reviews in Number Theory, 4, N-28, page 221)"},{"issue":"4","key":"9275_CR20","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1002\/ett.4460050407","volume":"5","author":"YG Desmedt","year":"1994","unstructured":"Y.\u00a0G. Desmedt, Threshold cryptography. Eur. Trans. Telecommun.\n                           5(4), 449\u2013457 (1994)","journal-title":"Eur. Trans. Telecommun."},{"key":"9275_CR21","unstructured":"I.\u00a0Damg\u00e5rd, E.\u00a0Fujisaki, A statistically-hiding integer commitment scheme based on groups with hidden order, in ASIACRYPT (2002), pp. 125\u2013142"},{"issue":"6","key":"9275_CR22","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W Diffie","year":"1976","unstructured":"W.\u00a0Diffie, M.\u00a0E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory\n                           22(6), 644\u2013654 (1976)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9275_CR23","unstructured":"I.\u00a0Damg\u00e5rd, M.\u00a0Jurik, A generalisation, a simplification and some applications of Paillier\u2019s probabilistic public-key system, in Public Key Cryptography (2001), pp. 119\u2013136"},{"key":"9275_CR24","unstructured":"I.\u00a0Damg\u00e5rd, M.\u00a0Jurik, Client\/server tradeoffs for online elections, in Public Key Cryptography (2002), pp. 125\u2013140"},{"key":"9275_CR25","unstructured":"I.\u00a0Damg\u00e5rd, G.\u00a0L. Mikkelsen, Efficient, robust and constant-round distributed RSA key generation, in TCC (2010), pp. 183\u2013200"},{"key":"9275_CR26","unstructured":"I.\u00a0Damg\u00e5rd, J.\u00a0B. Nielsen, Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor, in CRYPTO (2002), pp. 581\u2013596"},{"key":"9275_CR27","unstructured":"I.\u00a0Damg\u00e5rd, J.\u00a0B. Nielsen, Universally composable efficient multiparty computation from threshold homomorphic encryption, in CRYPTO (2003), pp. 247\u2013264"},{"key":"9275_CR28","unstructured":"I. Damg\u00e5rd, V. Pastro, N.\u00a0P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in CRYPTO (2012), pp. 643\u2013662"},{"key":"9275_CR29","unstructured":"Ecrypt II, yearly report on algorithms and keysizes, 2010 (2011). \n                    http:\/\/www.ecrypt.eu.org\/documents"},{"key":"9275_CR30","unstructured":"T.\u00a0ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans.\u00a0Info.\u00a0Theory, IT 31, 469\u2013472 (1985)"},{"issue":"2","key":"9275_CR31","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/BF02351717","volume":"1","author":"U Feige","year":"1988","unstructured":"U.\u00a0Feige, A.\u00a0Fiat, A.\u00a0Shamir, Zero-knowledge proofs of identity. J. Cryptol.\n                           1(2), 77\u201394 (1988)","journal-title":"J. Cryptol."},{"key":"9275_CR32","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Frankel, P.\u00a0D. Mackenzie, M.\u00a0Yung, Robust efficient distributed RSA-key generation, in STOC 98 (ACM Press, 1998), pp. 663\u2013672","DOI":"10.1145\/276698.276882"},{"key":"9275_CR33","unstructured":"E.\u00a0Fujisaki, T.\u00a0Okamoto, Statistical zero knowledge protocols to prove modular polynomial relations, in CRYPTO (1997), pp. 16\u201330"},{"key":"9275_CR34","doi-asserted-by":"crossref","unstructured":"P.\u00a0A. Fouque, G.\u00a0Poupard, J.\u00a0Stern, Decryption in the context of voting or lotteries, in Financial Crypto\u201900 (Springer, 2000)","DOI":"10.1007\/3-540-45472-1_7"},{"key":"9275_CR35","unstructured":"A.\u00a0Fiat, A.\u00a0Shamir, How to prove yourself: practical solutions to identification and signature problems, in CRYPTO (1986), pp. 186\u2013194"},{"key":"9275_CR36","unstructured":"N.\u00a0Gilboa, Two party RSA key generation, in CRYPTO (1999), pp. 116\u2013129"},{"issue":"1","key":"9275_CR37","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1006\/inco.2000.2881","volume":"164","author":"R Gennaro","year":"2001","unstructured":"R.\u00a0Gennaro, S.\u00a0Jarecki, H.\u00a0Krawczyk, T.\u00a0Rabin, Robust threshold DSS signatures. Inf. Comput.\n                           164(1), 54\u201384 (2001)","journal-title":"Inf. Comput."},{"key":"9275_CR38","doi-asserted-by":"crossref","unstructured":"R.\u00a0Gennaro, S.\u00a0Jarecki, H.\u00a0Krawczyk, T.\u00a0Rabin, Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol.\n                           20(1), 51\u201383 (2007)","DOI":"10.1007\/s00145-006-0347-3"},{"key":"9275_CR39","doi-asserted-by":"crossref","unstructured":"R.\u00a0Gennaro, H.\u00a0Krawczyk, T.\u00a0Rabin, Robust and efficient sharing of RSA functions. J. Cryptol.\n                           13(2), 273\u2013300 (2000)","DOI":"10.1007\/s001459910011"},{"key":"9275_CR40","doi-asserted-by":"crossref","unstructured":"O.\u00a0Goldreich. Foundations of Cryptography, vol. 2 (Cambridge University Press, 2004). Preliminary version. \n                    http:\/\/philby.ucsd.edu\/cryptolib.html\/","DOI":"10.1017\/CBO9780511721656"},{"key":"9275_CR41","unstructured":"C. Hazay, Oblivious polynomial evaluation and secure set-intersection from algebraic PRFS, in TCC (2015), pp. 90\u2013120"},{"key":"9275_CR42","unstructured":"C. Hazay, Y. Lindell, Efficient oblivious polynomial evaluation with simulation-based security. IACR Cryptol. ePrint Arch. \n                           2009, 459 (2009)"},{"key":"9275_CR43","doi-asserted-by":"crossref","unstructured":"C. Hazay, Y. Lindell, Efficient Secure Two-Party Protocols\u2014Techniques and Constructions (Springer, 2010)","DOI":"10.1007\/978-3-642-14303-8"},{"key":"9275_CR44","unstructured":"S.\u00a0Jarecki, X.\u00a0Liu, Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection, in TCC (2009), pp. 577\u2013594"},{"key":"9275_CR45","unstructured":"S.\u00a0Jarecki, V.\u00a0Shmatikov, Efficient two-party secure computation on committed inputs, in EUROCRYPT (2007), pp. 97\u2013114"},{"key":"9275_CR46","doi-asserted-by":"crossref","unstructured":"N. Koblitz, A.\u00a0J. Menezes, Y.-H. Wu, R.\u00a0J. Zuccherato. Algebraic Aspects of Cryptography (Springer, New York, 1998)","DOI":"10.1007\/978-3-662-03642-6"},{"key":"9275_CR47","doi-asserted-by":"crossref","unstructured":"N. Koblitz, A Course in Number Theory and Cryptography (Springer, New York, 1987)","DOI":"10.1007\/978-1-4684-0310-7"},{"key":"9275_CR48","unstructured":"Y. Lindell, Fast cut-and-choose based protocols for malicious and covert adversaries, in CRYPTO (2013), pp. 1\u201317"},{"key":"9275_CR49","unstructured":"H.\u00a0Lipmaa, On diophantine complexity and statistical zero-knowledge arguments, in ASIACRYPT (2003), pp. 398\u2013415"},{"key":"9275_CR50","unstructured":"Y.\u00a0Lindell, B.\u00a0Pinkas, Secure two-party computation via cut-and-choose oblivious transfer, in TCC (2011), pp. 329\u2013346"},{"key":"9275_CR51","unstructured":"Multiprecision integer and rational arithmetic C\/C++ library. \n                    http:\/\/www.shamus.ie\/"},{"key":"9275_CR52","unstructured":"National Institute of Standards and Technology, federal information processing standards: digital signature standard (2009). \n                    http:\/\/csrc.nist.gov\/encryption"},{"key":"9275_CR53","unstructured":"National Institute of Standards and Technology, recommended elliptic curves for federal government use (1999). \n                    http:\/\/csrc.nist.gov\/encryption"},{"key":"9275_CR54","unstructured":"T. Nishide, K. Sakurai. Distributed Paillier cryptosystem without trusted dealer, in WISA (2010), pp. 44\u201360"},{"key":"9275_CR55","unstructured":"P.\u00a0Paillier, Public-key cryptosystems based on composite degree residuosity classes, in EUROCRYPT (1999), pp. 223\u2013238"},{"key":"9275_CR56","doi-asserted-by":"crossref","unstructured":"G.\u00a0Poupard, J.\u00a0Stern, Generation of shared RSA keys by two parties, in Asiacrypt\u00a098 (Springer, 1998), pp. 11\u201324","DOI":"10.1007\/3-540-49649-1_2"},{"key":"9275_CR57","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1016\/0022-314X(80)90084-0","volume":"12","author":"MO Rabin","year":"1980","unstructured":"M.\u00a0O. Rabin, Probabilistic algorithm for testing primality. J. Number Theory\n                           12, 128\u2013138 (1980)","journal-title":"J. Number Theory"},{"key":"9275_CR58","unstructured":"M.\u00a0O. Rabin, How to Exchange Secrets with Oblivious Transfer. Techincal Report TR-81, Aiken Computation Lab, Harvard University (1981)"},{"key":"9275_CR59","unstructured":"T.\u00a0Rabin, A simplified approach to threshold and proactive RSA, in CRYPTO (1998), pp. 89\u2013104"},{"key":"9275_CR60","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"CP Schnorr","year":"1991","unstructured":"C.\u00a0P. Schnorr, Efficient signature generation by smart cards. J. Cryptol.\n                           4, 161\u2013174 (1991)","journal-title":"J. Cryptol."},{"key":"9275_CR61","unstructured":"Standards for efficient cryptography group, sec 2: recommended elliptic curve domain parameters. SECG2 (2000)"},{"key":"9275_CR62","unstructured":"V.\u00a0Shoup, Practical threshold signatures, in EUROCRYPT (2000), pp. 207\u2013220"},{"key":"9275_CR63","doi-asserted-by":"crossref","unstructured":"J.\u00a0H. Silverman, Advanced Topics in the Arithmetic of Elliptic Curves. Graduate Texts in Mathematics (Springer, 1994)","DOI":"10.1007\/978-1-4612-0851-8"},{"key":"9275_CR64","doi-asserted-by":"crossref","unstructured":"J.\u00a0H. Silverman, The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics (Springer, 2009)","DOI":"10.1007\/978-0-387-09494-6"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-017-9275-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-017-9275-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-017-9275-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:12:35Z","timestamp":1586333555000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-017-9275-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,2,5]]},"references-count":64,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["9275"],"URL":"https:\/\/doi.org\/10.1007\/s00145-017-9275-7","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,2,5]]},"assertion":[{"value":"28 November 2013","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 February 2018","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}