|
|
|
|
|
|
by doomrobo
1207 days ago
|
|
|
This is a great question. To rephrase: is it possible to come up with an RSA modulus that even you don't know the factorization of? The answer, I believe, is we have no way of doing that so far. The closest thing that exists is "multiparty" or "distributed" generation of an RSA modulus. Roughly, in the two party case of Alice and Bob, this means Alice picks some pair of numbers (P1, Q1) and Bob similarly picks some (P2, Q2). Then, Alice and Bob engage in some secure multiparty computation protocol whereby they obliviously a) check P1+P2 and Q1+Q2 are prime, and b) if so, output N=(P1+P2)(Q1+Q2) to both Alice and Bob. At the end of the protocol (after repeating enough times that it succeeds), both parties have derived an N whose factorization they don't know. I don't know much about this area of study, but searching multiparty RSA modulus generation should bring up relevant papers. |
|
|