⇐
Previous Lecture Notes
|
⇑ Up |
Next Lecture Notes ⇒
|
Summary
|
|
---|---|
MENU
|
One of the most critical issues in the field of computer security is
secure distribution & management of a key in a
cryptosystem.
In 1979, Shamir and Blakley independently proposed the concept of
threshold secret sharing schemes
(refer to
Secret-Sharing Schemes: A Survey and
Secret Sharing Schemes).
It is useful to store confidential information (called a secret)
such as an encryption key by parties involved in communication
both securely and reliably.
If the confidential information is stored at a single site managed by a single party, then there is vulnerability such that the information is lost by a failure at the site. If it is replicated (at least partially) and dispersed over multiple sites, then the reliability is improved while a risk of information leakage increases by unauthorized access to some of the sites. Secret sharing creates shares from a secret so that the original secret can be reconstructed iff at least k shares are available, where k is called a threshold, and otherwise it is impossible. Each share includes partial information of the secret though, a share alone is useless and hence vulnerability due to leakage or loss of a share is avoided. Example 1: [proposed by Blakley] Consider a point in 3D space as a secret. Suppose that shares are planes including the point. If we have one or two planes, then we cannot determine the point. However, once we get three of the planes, we can easily determine the point that is an intersection of the 3 planes. This method can be generalized to an n-dimensional space where (n-1)-dimensional hyperplanes are used instead of planes. Example 2: [proposed by Shamir] Consider the first coefficient of a polynomial of degree t-1 as a secret. Suppose that the remaining t-1 coefficients are randomly chosen. Shares are distinct points that lie on the polynomial. Since a polynomial of degree t-1 is uniquely specified by t distinct points that lie on the polynomial, t shares are sufficient to reconstruct the polynomial of degree t-1 and hence the secret (i.e., the first coefficient) can be revealed. Secret sharing is also useful to secure communication in untrustworthy networks such as Peer-to-Peer (P2P) networks. Suppose that a computer sends a confidential message to another computer via P2P securely. Shares are generated from the message and delivered to the destination along distinct paths so that no intermediate computer receives a sufficient number of shares for reconstructing the message from the received shares. There is another application to cryptography called threshold cryptography. Regarding cryptography in general, refer to Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. |
3 ------- x + 2is pronunced as "three over ex plus two".
g(x) − 2 x g(x) + x2 g(x) = (20 - 80 x + 2 x2 + 40 x3) / [(1 - 4x)(1 - x)]