PROTOCOL:
2pRSA: Two-Party RSA Signature Scheme

PURPOSE:

Secure signing protocol by including a trusted server as second party in the signing process  

REFERENCE:

 

MODELER:

 

ALICE_BOB:

0. BC -> S:  M.SM   with SM = {M}_inv(kc)
                    where S checks if BC has signed, i.e. {SM}_Kbc = M
1. S  -> BC: SSM    with SSM = {SM}_inv(ks)
2. BC -> C:  M.SSM  where C checks if S has signed, i.e. {{SSM}_Ks}_Kbc = M
 

LIMITATIONS:

Issues abstracted from:

Currently, algebraic equations involving exponentiation exp and its inverse, inv, cannot be handled. Therefore we use general public/private keys.

 

PROBLEMS:
1
 

ATTACKS:
None

 

NOTES:

The protocol uses the RSA-based signature scheme for signing a message by including a 3rd trusted party (Server) in the signing process. The RSA algorithm defines a modulus N and two exponents e,d such that m^(ed) = m modulo EulerFct(N). Here, e is the publicly known encryption exponent and d the corresponding secret decryption exponent. The signature of a message m is obtained by computing m^d. The basic idea now is to split d into dc,ds with dc*ds = d modulo EulerFct(N) and to give ds to the server and dc to the client. For computing a signature