Visible to the public Secure Delegation to a Single Malicious Server: Exponentiation in RSA-Type Groups

TitleSecure Delegation to a Single Malicious Server: Exponentiation in RSA-Type Groups
Publication TypeConference Paper
Year of Publication2019
AuthorsDi Crescenzo, Giovanni, Khodjaeva, Matluba, Kahrobaei, Delaram, Shpilrain, Vladimir
Conference Name2019 IEEE Conference on Communications and Network Security (CNS)
ISBN Number978-1-5386-7117-7
Keywordscloud computing application scenarios, cloud server computation, cryptographic protocols, cryptography, cryptography algorithms, cyclic groups, delegation protocol, discrete logarithm problem, exponentiation, fixed-exponent exponentiation, group exponentiation, group theory, modular exponentiations, noncyclic groups, probability, pubcrawl, public key cryptography, public-key cryptosystems, Resiliency, RSA, RSA-based group cryptosystems, Scalability, secure delegation, secure outsourcing, server computation, single malicious server, statistical parameter
Abstract

In cloud computing application scenarios involving computationally weak clients, the natural need for applied cryptography solutions requires the delegation of the most expensive cryptography algorithms to a computationally stronger cloud server. Group exponentiation is an important operation used in many public-key cryptosystems and, more generally, cryptographic protocols. Solving the problem of delegating group exponentiation in the case of a single, possibly malicious, server, was left open since early papers in the area. Only recently, we have solved this problem for a large class of cyclic groups, including those commonly used in cryptosystems proved secure under the intractability of the discrete logarithm problem. In this paper we solve this problem for an important class of non-cyclic groups, which includes RSA groups when the modulus is the product of two safe primes, a common setting in applications using RSA-based cryptosystems. We show a delegation protocol for fixed-exponent exponentiation in such groups, satisfying natural correctness, security, privacy and efficiency requirements, where security holds with exponentially small probability. In our protocol, with very limited offline computation and server computation, a client can delegate an exponentiation to an exponent of the same length as a group element by only performing two exponentiations to an exponent of much shorter length (i.e., the length of a statistical parameter). We obtain our protocol by a non-trivial adaptation to the RSA group of our previous protocol for cyclic groups.

URLhttps://ieeexplore.ieee.org/document/8802691
DOI10.1109/CNS.2019.8802691
Citation Keydi_crescenzo_secure_2019