{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T15:44:25Z","timestamp":1780069465568,"version":"3.54.0"},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2022,3,16]],"date-time":"2022-03-16T00:00:00Z","timestamp":1647388800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,3,16]],"date-time":"2022-03-16T00:00:00Z","timestamp":1647388800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2022,4]]},"DOI":"10.1007\/s00145-021-09395-y","type":"journal-article","created":{"date-parts":[[2022,3,16]],"date-time":"2022-03-16T20:02:41Z","timestamp":1647460961000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Multiparty Generation of an RSA Modulus"],"prefix":"10.1007","volume":"35","author":[{"given":"Megan","family":"Chen","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jack","family":"Doerner","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yashvanth","family":"Kondi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Eysa","family":"Lee","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Schuyler","family":"Rosefield","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Abhi","family":"Shelat","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ran","family":"Cohen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,3,16]]},"reference":[{"key":"9395_CR1","first-page":"417","volume":"2002","author":"Joy Algesheimer","year":"2002","unstructured":"Joy Algesheimer, Jan Camenisch, and Victor Shoup. Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In Advances in Cryptology \u2013 CRYPTO 2002, pages 417\u2013432, 2002.","journal-title":"Advances in Cryptology - CRYPTO"},{"key":"9395_CR2","doi-asserted-by":"publisher","unstructured":"Elaine Barker. Nist special publication 800-57, part 1, revision 4. https:\/\/doi.org\/10.6028\/NIST.SP.800-57pt1r4, 2016.","DOI":"10.6028\/NIST.SP.800-57pt1r4"},{"issue":"4","key":"9395_CR3","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/s00446-002-0083-3","volume":"16","author":"Michael Ben-Or","year":"2003","unstructured":"Michael Ben-Or and Ran El-Yaniv. Resilient-optimal interactive consistency in constant time. Distributed Computing, 16(4):249\u2013262, 2003.","journal-title":"Distributed Computing"},{"key":"9395_CR4","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/BFb0052253","volume":"1997","author":"Dan Boneh","year":"1997","unstructured":"Dan Boneh and Matthew\u00a0K. Franklin. Efficient generation of shared RSA keys. In Advances in Cryptology \u2013 CRYPTO 1997, pages 425\u2013439, 1997.","journal-title":"Advances in Cryptology - CRYPTO"},{"issue":"4","key":"9395_CR5","doi-asserted-by":"publisher","first-page":"702","DOI":"10.1145\/502090.502094","volume":"48","author":"Dan Boneh","year":"2001","unstructured":"Dan Boneh and Matthew\u00a0K. Franklin. Efficient generation of shared RSA keys. Journal of the ACM, 48(4):702\u2013722, 2001.","journal-title":"Journal of the ACM"},{"key":"9395_CR6","doi-asserted-by":"crossref","unstructured":"Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Rindal, and Peter Scholl. Efficient two-round OT extension and silent non-interactive secure computation. In Proceedings of the 26th ACM Conference on Computer and Communications Security, (CCS), pages 291\u2013308, 2019.","DOI":"10.1145\/3319535.3354255"},{"key":"9395_CR7","doi-asserted-by":"crossref","unstructured":"Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS), pages 136\u2013145, 2001.","DOI":"10.1109\/SFCS.2001.959888"},{"key":"9395_CR8","doi-asserted-by":"crossref","unstructured":"Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai. Universally composable two-party and multi-party secure computation. In Proceedings of the 34th Annual ACM Symposium on Theory of Computing (STOC), pages 494\u2013503, 2002.","DOI":"10.1145\/509907.509980"},{"key":"9395_CR9","doi-asserted-by":"crossref","unstructured":"Megan Chen, Ran Cohen, Jack Doerner, Yashvanth Kondi, Eysa Lee, Schuyler Rosefield, and abhi shelat. Muliparty generation of an RSA modulus. In Advances in Cryptology \u2013 CRYPTO 2020, part III, pages 64\u201393, 2020.","DOI":"10.1007\/978-3-030-56877-1_3"},{"key":"9395_CR10","doi-asserted-by":"crossref","unstructured":"Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, abhi shelat, Muthuramakrishnan Venkitasubramaniam, and Ruihan Wang. Diogenes: Lightweight scalable RSA modulus generation with a dishonest majority. http:\/\/eprint.iacr.org\/2020\/374, 2020.","DOI":"10.1109\/SP40001.2021.00025"},{"key":"9395_CR11","doi-asserted-by":"crossref","unstructured":"Clifford Cocks. Split knowledge generation of RSA parameters. In Proceedings of the 6th International Conference on Cryptography and Coding, pages 89\u201395, 1997.","DOI":"10.1007\/BFb0024452"},{"key":"9395_CR12","unstructured":"Clifford Cocks. Split generation of RSA parameters with multiple participants. http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.177.2600, 1998."},{"key":"9395_CR13","unstructured":"Ran Cohen, Sandro Coretti, Juan Garay, and Vassilis Zikas. Round-preserving parallel composition of probabilistic-termination cryptographic protocols. In Proceedings of the 44th International Colloquium on Automata, Languages, and Programming (ICALP), pages 37:1\u201337:15, 2017."},{"issue":"3","key":"9395_CR14","doi-asserted-by":"publisher","first-page":"690","DOI":"10.1007\/s00145-018-9279-y","volume":"32","author":"Ran Cohen","year":"2019","unstructured":"Ran Cohen, Sandro Coretti, Juan\u00a0A. Garay, and Vassilis Zikas. Probabilistic termination and composability of cryptographic protocols. Journal of Cryptology, 32(3):690\u2013741, 2019.","journal-title":"Journal of Cryptology"},{"key":"9395_CR15","doi-asserted-by":"crossref","unstructured":"Ran Cohen, Iftach Haitner, Eran Omri, and Lior Rotem. From fairness to full security in multiparty computation. In Proceedings of the 11th Conference on Security and Cryptography for Networks (SCN), pages 216\u2013234, 2018.","DOI":"10.1007\/978-3-319-98113-0_12"},{"issue":"4","key":"9395_CR16","doi-asserted-by":"publisher","first-page":"1157","DOI":"10.1007\/s00145-016-9245-5","volume":"30","author":"Ran Cohen","year":"2017","unstructured":"Ran Cohen and Yehuda Lindell. Fairness versus guaranteed output delivery in secure multiparty computation. Journal of Cryptology, 30(4):1157\u20131186, 2017.","journal-title":"Journal of Cryptology"},{"key":"9395_CR17","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1007\/978-3-540-30576-7_19","volume":"2005","author":"Ronald Cramer","year":"2005","unstructured":"Ronald Cramer, Ivan Damg\u00e5rd, and Yuval Ishai. Share conversion, pseudorandom secret-sharing and applications to secure computation. In Proceedings of the Second Theory of Cryptography Conference, TCC 2005, pages 342\u2013362, 2005.","journal-title":"Proceedings of the Second Theory of Cryptography Conference, TCC"},{"key":"9395_CR18","doi-asserted-by":"crossref","unstructured":"Ivan Damg\u00e5rd and Gert\u00a0L\u00e6ss\u00f8e Mikkelsen. Efficient, robust and constant-round distributed RSA key generation. In Proceedings of the 7th Theory of Cryptography Conference, TCC 2010, pages 183\u2013200, 2010.","DOI":"10.1007\/978-3-642-11799-2_12"},{"key":"9395_CR19","doi-asserted-by":"crossref","unstructured":"Jack Doerner, Yashvanth Kondi, Eysa Lee, and Abhi Shelat. Secure two-party threshold ECDSA from ECDSA assumptions. In Proceedings of the 39th IEEE Symposium on Security and Privacy, (S&P), pages 980\u2013997, 2018.","DOI":"10.1109\/SP.2018.00036"},{"key":"9395_CR20","doi-asserted-by":"crossref","unstructured":"Jack Doerner, Yashvanth Kondi, Eysa Lee, and Abhi Shelat. Threshold ECDSA from ECDSA assumptions: The multiparty case. In Proceedings of the 40th IEEE Symposium on Security and Privacy, (S&P), 2019.","DOI":"10.1109\/SP.2019.00024"},{"issue":"6","key":"9395_CR21","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1145\/3812.3818","volume":"28","author":"Shimon Even","year":"1985","unstructured":"Shimon Even, Oded Goldreich, and Abraham Lempel. A randomized protocol for signing contracts. Communications of the ACM, 28(6):637\u2013647, 1985.","journal-title":"Communications of the ACM"},{"key":"9395_CR22","doi-asserted-by":"crossref","unstructured":"Yair Frankel, Philip\u00a0D. MacKenzie, and Moti Yung. Robust efficient distributed RSA-key generation. In Proceedings of the 17th Annual ACM Symposium on Principles of Distributed Computing (PODC), page 320, 1998.","DOI":"10.1145\/277697.277779"},{"key":"9395_CR23","doi-asserted-by":"crossref","unstructured":"Tore\u00a0Kasper Frederiksen, Yehuda Lindell, Valery Osheter, and Benny Pinkas. Fast distributed RSA key generation for semi-honest and malicious adversaries. In Advances in Cryptology \u2013 CRYPTO 2018, part II, pages 331\u2013361, 2018.","DOI":"10.1007\/978-3-319-96881-0_12"},{"key":"9395_CR24","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/3-540-48405-1_8","volume":"1999","author":"Niv Gilboa","year":"1999","unstructured":"Niv Gilboa. Two party RSA key generation. In Advances in Cryptology \u2013 CRYPTO 1999, pages 116\u2013129, 1999.","journal-title":"Advances in Cryptology - CRYPTO"},{"key":"9395_CR25","doi-asserted-by":"crossref","unstructured":"Oded Goldreich. The Foundations of Cryptography - Volume 1: Basic Techniques. Cambridge University Press, 2001.","DOI":"10.1017\/CBO9780511546891"},{"key":"9395_CR26","doi-asserted-by":"crossref","unstructured":"Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or A completeness theorem for protocols with honest majority. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), pages 218\u2013229, 1987.","DOI":"10.1145\/28395.28420"},{"issue":"3","key":"9395_CR27","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s00145-005-0319-z","volume":"18","author":"Shafi Goldwasser","year":"2005","unstructured":"Shafi Goldwasser and Yehuda Lindell. Secure multi-party computation without agreement. Journal of Cryptology, 18(3):247\u2013287, 2005.","journal-title":"Journal of Cryptology"},{"key":"9395_CR28","doi-asserted-by":"crossref","unstructured":"Carmit Hazay, Gert\u00a0L\u00e6ss\u00f8e Mikkelsen, Tal Rabin, and Tomas Toft. Efficient RSA key generation and threshold Paillier in the two-party setting. In Topics in Cryptology - CT-RSA 2012 - The Cryptographers\u2019 Track at the RSA Conference, pages 313\u2013331, 2012.","DOI":"10.1007\/978-3-642-27954-6_20"},{"issue":"2","key":"9395_CR29","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/s00145-017-9275-7","volume":"32","author":"Carmit Hazay","year":"2019","unstructured":"Carmit Hazay, Gert\u00a0L\u00e6ss\u00f8e Mikkelsen, Tal Rabin, Tomas Toft, and Angelo\u00a0Agatino Nicolosi. Efficient RSA key generation and threshold paillier in the two-party setting. Journal of Cryptology, 32(2):265\u2013323, 2019.","journal-title":"Journal of Cryptology"},{"key":"9395_CR30","doi-asserted-by":"crossref","unstructured":"Carmit Hazay, Peter Scholl, and Eduardo Soria-Vazquez. Low cost constant round MPC combining BMR and oblivious transfer. In Advances in Cryptology \u2013 ASIACRYPT 2017, part I, pages 598\u2013628, 2017.","DOI":"10.1007\/978-3-319-70694-8_21"},{"issue":"4","key":"9395_CR31","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/BF00189260","volume":"9","author":"Russell Impagliazzo","year":"1996","unstructured":"Russell Impagliazzo and Moni Naor. Efficient cryptographic schemes provably as secure as subset sum. Journal of Cryptology, 9(4):199\u2013216, 1996.","journal-title":"Journal of Cryptology"},{"key":"9395_CR32","doi-asserted-by":"crossref","unstructured":"Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. Secure multi-party computation with identifiable abort. In Advances in Cryptology \u2013 CRYPTO 2014, part II, pages 369\u2013386, 2014.","DOI":"10.1007\/978-3-662-44381-1_21"},{"key":"9395_CR33","unstructured":"Marc Joye and Richard Pinch. Cheating in split-knowledge RSA parameter generation. In Workshop on Coding and Cryptography, pages 157\u2013163, 1999."},{"key":"9395_CR34","unstructured":"Jonathan Katz and Yehuda Lindell. Introduction to Modern Cryptography, Second Edition, chapter Digital Signature Schemes, pages 443\u2013486. Chapman & Hall\/CRC, 2015."},{"key":"9395_CR35","doi-asserted-by":"crossref","unstructured":"Marcel Keller, Emmanuela Orsini, and Peter Scholl. Actively secure OT extension with optimal overhead. In Advances in Cryptology \u2013 CRYPTO 2015, part I, pages 724\u2013741, 2015.","DOI":"10.1007\/978-3-662-47989-6_35"},{"key":"9395_CR36","unstructured":"Donald\u00a0E. Knuth. The Art of Computer Programming, Volume II: Seminumerical Algorithms. Addison-Wesley, 1969."},{"key":"9395_CR37","unstructured":"Michael Malkin, Thomas Wu, and Dan Boneh. Experimenting with shared RSA key generation. In Proceedings of the Internet Society\u2019s 1999 Symposium on Network and Distributed System Security, pages 43\u201356, 1999."},{"issue":"3","key":"9395_CR38","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1016\/S0022-0000(76)80043-8","volume":"13","author":"Gary L Miller","year":"1976","unstructured":"Gary\u00a0L. Miller. Riemann\u2019s hypothesis and tests for primality. J. Comput. Syst. Sci., 13(3):300\u2013317, 1976.","journal-title":"J. Comput. Syst. Sci."},{"key":"9395_CR39","doi-asserted-by":"crossref","unstructured":"Payman Mohassel and Matthew\u00a0K. Franklin. Efficiency tradeoffs for malicious two-party computation. In Proceedings of the 9th International Conference on the Theory and Practice of Public-Key Cryptography (PKC), pages 458\u2013473, 2006.","DOI":"10.1007\/11745853_30"},{"key":"9395_CR40","doi-asserted-by":"crossref","unstructured":"Michele Orr\u00f9, Emmanuela Orsini, and Peter Scholl. Actively secure 1-out-of-n OT extension with application to private set intersection. In Topics in Cryptology - CT-RSA 2017 - The Cryptographers\u2019 Track at the RSA Conference, pages 381\u2013396, 2017.","DOI":"10.1007\/978-3-319-52153-4_22"},{"key":"9395_CR41","unstructured":"Krzysztof Pietrzak. Simple verifiable delay functions. In Proceedings of the 10th Annual Innovations in Theoretical Computer Science (ITCS) conference, pages 60:1\u201360:15, 2019."},{"key":"9395_CR42","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/3-540-49649-1_2","volume":"1998","author":"Guillaume Poupard","year":"1998","unstructured":"Guillaume Poupard and Jacques Stern. Generation of shared RSA keys by two parties. In Advances in Cryptology \u2013 ASIACRYPT 1998, pages 11\u201324, 1998.","journal-title":"Advances in Cryptology - ASIACRYPT"},{"issue":"1","key":"9395_CR43","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1016\/0022-314X(80)90084-0","volume":"12","author":"Michael O Rabin","year":"1980","unstructured":"Michael\u00a0O. Rabin. Probabilistic algorithm for testing primality. Journal of Number Theory, 12(1):128\u2013138, 1980.","journal-title":"Journal of Number Theory"},{"key":"9395_CR44","unstructured":"Ronald\u00a0L. Rivest. A description of a single-chip implementation of the RSA cipher, 1980."},{"key":"9395_CR45","doi-asserted-by":"crossref","unstructured":"Ronald\u00a0L. Rivest. RSA chips (past\/present\/future). In Workshop on the Theory and Application of Cryptographic Techniques, pages 159\u2013165. Springer, 1984.","DOI":"10.1007\/3-540-39757-4_16"},{"issue":"2","key":"9395_CR46","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"Ronald L Rivest","year":"1978","unstructured":"Ronald\u00a0L. Rivest, Adi Shamir, and Leonard\u00a0M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120\u2013126, 1978.","journal-title":"Communications of the ACM"},{"key":"9395_CR47","first-page":"64","volume":"6","author":"J. Barkley Rosser","year":"1962","unstructured":"J.\u00a0Barkley Rosser and Lowell Schoenfeld. Approximate formulas for some functions of prime numbers. Illinois J. Math., 6:64\u201394, 1962.","journal-title":"Illinois J. Math."},{"key":"9395_CR48","unstructured":"Richard\u00a0I. Szabo and Nicholas\u00a0S. Tanaka. Residue Arithmetic and Its Application to Computer Technology. McGraw-Hill, 1967."},{"key":"9395_CR49","doi-asserted-by":"crossref","unstructured":"Xiao Wang, Samuel Ranellucci, and John Katz. Global-scale secure multiparty computation. In Proceedings of the 24th ACM Conference on Computer and Communications Security, (CCS), pages 39\u201356, 2017.","DOI":"10.1145\/3133956.3133979"},{"key":"9395_CR50","doi-asserted-by":"crossref","unstructured":"Benjamin Wesolowski. Efficient verifiable delay functions. In Advances in Cryptology \u2013 EUROCRYPT 2019, part III, pages 379\u2013407, 2019.","DOI":"10.1007\/978-3-030-17659-4_13"},{"key":"9395_CR51","doi-asserted-by":"crossref","unstructured":"Kang Yang, Xiao Wang, and Jiang Zhang. More efficient MPC from improved triple generation and authenticated garbling. In Proceedings of the 27th ACM Conference on Computer and Communications Security, (CCS), 2020.","DOI":"10.1145\/3372297.3417285"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09395-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-021-09395-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09395-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T18:08:49Z","timestamp":1650910129000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-021-09395-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,16]]},"references-count":51,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["9395"],"URL":"https:\/\/doi.org\/10.1007\/s00145-021-09395-y","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,16]]},"assertion":[{"value":"17 August 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 April 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 April 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 March 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"12"}}