\begin{thebibliography}{10}

\bibitem{AielloBFH98}
W.~Aiello, D.~Boneh, M.~Franklin, and J.~Horwitz.
\newblock Protocols for secure generation of shared rsa keys.
\newblock In {\em DARPA Technical Information Report, Data Item A007, Contract
  F306002-97-C-0326 (Intrusion Tolerance via Threshold Cryptography)}, 1998.

\bibitem{BellareR93}
Mihir Bellare and Phillip Rogaway.
\newblock Entity authentication and key distribution.
\newblock In Douglas~R. Stinson, editor, {\em Advances in
  Cryptology---CRYPTO~'93}, volume 773 of {\em Lecture Notes in Computer
  Science}, pages 232--249. Springer-Verlag, 22--26~August 1993.

\bibitem{Berkovits91}
Shimshon Berkovits.
\newblock How to broadcast a secret.
\newblock In D.~W. Davies, editor, {\em Advances in Cryptology---EUROCRYPT~91},
  volume 547 of {\em Lecture Notes in Computer Science}, pages 535--541.
  Springer-Verlag, 8--11~April 1991.

\bibitem{Blakley79}
G.~Blakley.
\newblock Safeguarding cryptographic keys.
\newblock In {\em Proceedings of AFIPS 1979 National Computer Conference},
  pages 313--317, 1979.

\bibitem{BF97}
D.~Boneh and M.~Franklin.
\newblock Efficient generation of shared rsa keys.
\newblock In Kaliski~Jr. \cite{CRYPTO97}, pages 425--439.

\bibitem{Boyd89}
C.~Boyd.
\newblock Digital multisignatures.
\newblock In H.~Baker and F.~Piper, editors, {\em Cryptography and Coding},
  pages 241--246. Claredon Press, 1989.

\bibitem{CanettiH94}
R.~Canetti and A.~Herzberg.
\newblock Maintaining security in the presence of transient faults.
\newblock In Yvo~G. Desmedt, editor, {\em Advances in Cryptology---CRYPTO~'94},
  volume 839 of {\em Lecture Notes in Computer Science}, pages 425--438.
  Springer-Verlag, 21--25~August 1994.

\bibitem{CerecedoMI93}
M.~Cerecedo, T.~Matsumoto, and H.~Imai.
\newblock Efficient and secure multiparty generation of digital signatures.
\newblock {\em IEICE Trans.\ Fundamentals}, E76-A(4):532--545, 1993.

\bibitem{ChorGMA85}
Benny Chor, Shafi Goldwasser, Silvio Micali, and Baruch Awerbuch.
\newblock Verifiable secret sharing and achieving simultaneity in the presence
  of faults (extended abstract).
\newblock In {\em 26th Annual Symposium on Foundations of Computer Science},
  pages 383--395, Portland, Oregon, 21--23 October 1985. IEEE.

\bibitem{CroftH89}
R.~Croft and S.~Harris.
\newblock Public key cryptography and re-usable shared secrets.
\newblock In H.~Baker and F.~Piper, editors, {\em Cryptography and Coding},
  pages 189--201. Claredon Press, 1989.

\bibitem{Desmedt87}
Yvo Desmedt.
\newblock Society and group oriented cryptography: A new concept.
\newblock In Carl Pomerance, editor, {\em Advances in Cryptology---CRYPTO~'87},
  volume 293 of {\em Lecture Notes in Computer Science}, pages 120--127.
  Springer-Verlag, 1988, 16--20~August 1987.

\bibitem{DesmedtF89}
Yvo Desmedt and Yair Frankel.
\newblock Threshold cryptosystems.
\newblock In G.~Brassard, editor, {\em Advances in Cryptology---CRYPTO~'89},
  volume 435 of {\em Lecture Notes in Computer Science}, pages 307--315.
  Springer-Verlag, 1990, 20--24~August 1989.

\bibitem{Feldman87}
Paul Feldman.
\newblock A practical scheme for non-interactive verifiable secret sharing.
\newblock In {\em 28th Annual Symposium on Foundations of Computer Science},
  pages 427--437, Los Angeles, California, 12--14 October 1987. IEEE.

\bibitem{Frankel89}
Y.~Frankel.
\newblock A practical protocol for large group oriented networks.
\newblock In J.-J. Quisquater and J.~Vandewalle, editors, {\em Advances in
  Cryptology---EUROCRYPT~89}, volume 434 of {\em Lecture Notes in Computer
  Science}, pages 56--61. Springer-Verlag, 1990, 10--13~April 1989.

\bibitem{FrankelD92}
Y.~Frankel and Y.~Desmedt.
\newblock Parallel reliable threshold multisignature.
\newblock In {\em Department of EE \& CS, University of Wisconsin-Milwaukee,
  Tech. Report TR-92-04-02}, Department of EE \& CS, University of
  Wisconsin-Milwaukee, 1992.

\bibitem{FrankelGMY97b}
Yair Frankel, Peter Gemmell, Philip~D. MacKenzie, and Moti Yung.
\newblock Optimal-resilience proactive public-key cryptosystems.
\newblock In {\em 38th Annual Symposium on Foundations of Computer Science},
  pages 384--393, Miami Beach, Florida, 20--22 October 1997. IEEE.

\bibitem{FrankelGMY97}
Yair Frankel, Peter Gemmell, Philip~D. MacKenzie, and Moti Yung.
\newblock Proactive {RSA}.
\newblock In Kaliski~Jr. \cite{CRYPTO97}, pages 440--454.

\bibitem{FrankelGY96}
Yair Frankel, Peter Gemmell, and Moti Yung.
\newblock Witness-based cryptographic program checking and robust function
  sharing.
\newblock In {\em Proceedings of the Twenty-Eighth Annual ACM Symposium on the
  Theory of Computing}, pages 499--508, Philadelphia, Pennsylvania, 22--24 May
  1996.

\bibitem{GennaroJKR96}
Rosario Gennaro, Stanis{\l}aw Jarecki, Hugo Krawczyk, and Tal Rabin.
\newblock Robust and efficient sharing of {RSA} functions.
\newblock In Neal Koblitz, editor, {\em Advances in Cryptology---CRYPTO~'96},
  volume 1109 of {\em Lecture Notes in Computer Science}, pages 157--172.
  Springer-Verlag, 18--22~August 1996.

\bibitem{GennaroJKR96b}
Rosario Gennaro, Stanis{\l}aw Jarecki, Hugo Krawczyk, and Tal Rabin.
\newblock Robust threshold {DSS} signatures.
\newblock In Ueli Maurer, editor, {\em Advances in Cryptology---EUROCRYPT~96},
  volume 1070 of {\em Lecture Notes in Computer Science}, pages 354--371.
  Springer-Verlag, 12--16~May 1996.

\bibitem{GoldreichMW91}
Oded Goldreich, Silvio Micali, and Avi Wigderson.
\newblock Proofs that yield nothing but their validity or all languages in {NP}
  have zero-knowledge proof systems.
\newblock {\em Journal of the ACM}, 38(3):691--729, July 1991.

\bibitem{GoldwasserM84}
Shafi Goldwasser and Silvio Micali.
\newblock Probabilistic encryption.
\newblock {\em Journal of Computer and System Sciences}, 28(2):270--299, April
  1984.

\bibitem{Harn94}
L.~Harn.
\newblock Group oriented $(t,n)$ digital signature scheme.
\newblock {\em IEEE Proc. Comput. Digit. Tech.}, 141(5), Sept 1994.

\bibitem{HerzbergJJKY97}
Amir Herzber, M.~Jakobsson, Satnislaw Jarecki, Hugo Krawczyk, and Moti Yung.
\newblock Proactive public key and signature systems.
\newblock In {\em 1997 ACM Conference on Computers and Communication Security},
  1997.

\bibitem{HerzbergJKY95}
Amir Herzberg, Stanis{\l}aw Jarecki, Hugo Krawczyk, and Moti Yung.
\newblock Proactive secret sharing, or: How to cope with perpetual leakage.
\newblock In Don Coppersmith, editor, {\em Advances in
  Cryptology---CRYPTO~'95}, volume 963 of {\em Lecture Notes in Computer
  Science}, pages 339--352. Springer-Verlag, 27--31~August 1995.

\bibitem{CRYPTO97}
Burton~S. Kaliski~Jr., editor.
\newblock {\em Advances in Cryptology---CRYPTO~'97}, volume 1294 of {\em
  Lecture Notes in Computer Science}. Springer-Verlag, 17--21~August 1997.

\bibitem{Kocher98}
Paul Kocher.
\newblock Differential power analysis.
\newblock {\em http://www.cryptography.com/dpa/index.html}, 1998.

\bibitem{Lenstra94}
Arjen~K. Lenstra.
\newblock Factoring.
\newblock In Gerard Tel and Paul M.~B. Vit{\'a}nyi, editors, {\em Distributed
  Algorithms, 8th International Workshop, WDAG '94}, volume 857 of {\em Lecture
  Notes in Computer Science}, pages 28--38, Terschelling, The Netherlands,
  29~September--1~October 1994. Springer.

\bibitem{LongW88}
Douglas~L. Long and Avi Wigderson.
\newblock The discrete logarithm hides {$O(\log n)$} bits.
\newblock {\em SIAM Journal on Computing}, 17(2):363--372, April 1988.

\bibitem{MWB98}
M.~Malkin, T.~Wu, and D.~Boneh.
\newblock Experimenting with shared rsa key generation.
\newblock In {\em preprint}, 1998.

\bibitem{MenezesVV}
A.~Menezes, P.~van Oorschot, and S.~Vanstone.
\newblock {\em Handbook of Applied Cryptography}.
\newblock CRC Press, 1997.

\bibitem{OstrovskyY91}
Rafail Ostrovsky and Moti Yung.
\newblock How to withstand mobile virus attacks (extended abstract).
\newblock In {\em Proceedings of the Tenth Annual ACM Symposium on Principles
  of Distributed Computing}, pages 51--59, Montreal, Quebec, Canada,
  19--21~August 1991.

\bibitem{Pedersen91}
Torben~Pryds Pedersen.
\newblock Non-interactive and information-theoretic secure verifiable secret
  sharing.
\newblock In J.~Feigenbaum, editor, {\em Advances in Cryptology---CRYPTO~'91},
  volume 576 of {\em Lecture Notes in Computer Science}, pages 129--140.
  Springer-Verlag, 1992, 11--15~August 1991.

\bibitem{Rabin98}
T.~Rabin.
\newblock A simpified appraoch to threshold and proactive rsa.
\newblock In {\em Advances in Cryptology---CRYPTO~'98}, Lecture Notes in
  Computer Science. Springer-Verlag, 1998.

\bibitem{RivestSA78}
R.~Rivest, A.~Shamir, and L.~Adleman.
\newblock A method for obtaining digital signatures and public-key
  crypto-systems.
\newblock In {\em Communications of the ACM}, pages 120--126, 1978.

\bibitem{Safekeyper}
Safekeyper.
\newblock See http://www.bbn.com.

\bibitem{DeSantisDFY94}
Alfredo~De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung.
\newblock How to share a function securely (extended summary).
\newblock In {\em Proceedings of the Twenty-Sixth Annual ACM Symposium on the
  Theory of Computing}, pages 522--533, Montr\'eal, Qu\'ebec, Canada, 23--25
  May 1994.

\bibitem{Shamir79}
A.~Shamir.
\newblock How to share a secret.
\newblock In {\em Communications of the ACM}, pages 612--613, 1979.

\end{thebibliography}