PROTOCOL: 2pRSA: Two-Party RSA Signature Scheme
PURPOSE:
Secure signing protocol by including a trusted server as second party
in the signing process
REFERENCE:
MODELER:
- Peter Warkentin, Siemens CT IC 3, December 2004
ALICE_BOB:
0. BC -> S: M.SM with SM = {M}_inv(kc)
where S checks if BC has signed, i.e. {SM}_Kbc = M
1. S -> BC: SSM with SSM = {SM}_inv(ks)
2. BC -> C: M.SSM where C checks if S has signed, i.e. {{SSM}_Ks}_Kbc = M
LIMITATIONS:
Issues abstracted from:
- General public/private keys instead of RSA exponentiation
- Only MCS,HCS (client starts signing process)
Currently, algebraic equations involving exponentiation exp and its inverse,
inv, cannot be handled. Therefore we use general public/private keys.
PROBLEMS: 1
ATTACKS: None
NOTES:
The protocol uses the RSA-based signature scheme for signing a message by
including a 3rd trusted party (Server) in the signing process.
The RSA algorithm defines a modulus N and two exponents e,d such that
m^(ed) = m modulo EulerFct(N). Here, e is the publicly known encryption
exponent and d the corresponding secret decryption exponent.
The signature of a message m is obtained by computing m^d.
The basic idea now is to split d into dc,ds with dc*ds = d modulo EulerFct(N)
and to give ds to the server and dc to the client.
For computing a signature