# Experimenting with Shared Generation of RSA keys

**Authors:**

*M. Malkin, T. Wu, and D. Boneh*

** Abstract: **

We describe an implementation of a distributed algorithm to generate a
shared RSA key. At the end of the computation, an RSA modulus N=pq is
publicly known. All servers involved in the computation are convinced
that N is a product of two large primes, however none of them know
the factorization of N. In addition a public encryption exponent is
publicly known and each server holds a share of the private exponent.
Such a sharing of an RSA key has many applications and can be used to
secure sensitive private keys. Previously, the only known method to
generate a shared RSA key was through a trusted dealer. Our
implementation demonstrates the effectiveness of shared RSA key
generation eliminating the need for a trusted dealer.

** Reference:**

In proceedings of the *Internet Society's 1999 Symposium on Network and Distributed System Security (NDSS)*, pp. 43--56

**Full paper:**
PostScript
[first posted
10/1998 ]

**Related papers:**
See the full paper describing the
algorithm.