Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret Sharing and Applications

Published byErika Jovanović Modified over 6 years ago

Similar presentations

Presentation on theme: "Secret Sharing and Applications"— Presentation transcript:

1 Secret Sharing and Applications

2 Secret Sharing- Threshold Scheme
The safety of all keys stored in the system- and the entire system-may depend on a single master key. This has two serious drawbacks. First, if the master key is accidentally or maliciously exposed, the entire system is vulnerable. Second, if the master key is lost or destroyed, all information in the system becomes inaccessible. The latter problem can be solved by giving copies of the key to “trustworthy” users. But in so doing, the system becomes vulnerable to betrayal.

3 Secret Sharing- Threshold Scheme
The solution is to break a key k into n shadows ( pieces) k1,……..kn in such a way that: 1. With knowledge of any t of the ki, computing k is easy; and 2. With knowledge of any t-1 or fewer of the ki,determining k is impossible because of lack information. The n shadows are given to n users. Because t shadows are required to reconstruct the key, exposure of a shadow does not endanger the key, and no group of less than t of the users can conspire to get the key. At the same time, if a shadow is lost or destroyed, key recovery is still possible. Such schemes are called (t , n ) threshold schemes.

4 Two Extreme Cases (1, n) threshold scheme can be constructed by duplicating the same key k to all users. (n , n) threshold scheme can be constructed by randomly selecting k1, k2,……….,kn-1, and determining kn=k  k1  k2 ………. kn-1.

5 Secret Sharing based on the Lagrange Interpolating Polynomial
Shamir has proposed a scheme based on the Lagrange interpolating polynomial. The shadows are derived from a random polynomial of degree t-1: with constant term a0=k . All arithmetic is done in the Galois field GF(p), where p is a prime number larger than both k and n. Given h(x), the key k is easily compute by k=h(0). The n shadows are computed by evaluating h(x) at n distinct values x1,……….., xn : ki=h(xi) i= 1,2,……….,n.

6 Secret Sharing based on the Lagrange Interpolating Polynomial
Given t shadows ki1,………,ki t, h(x)is reconstructed from the Lagrange Interpolating polynomial:

7 Secret Sharing based on the Lagrange Interpolating Polynomial
Example: Let t=3, n=5, p=17, k=13, and h(x)=(2x²+10x+13) mod 17 with random coefficients 2 and 10. Evaluating h(x) at x=1,2…,5 , we get five shadows: k1=h(1)=( )mod 17=8 k2=h(2)=( )mod 17=7 k3=h(3)=( )mod 17=10 k4=h(4)=( )mod 17=0 k5=h(5)=( )mod 17=11 we can reconstruct h(x) from any three of the shadows. Using k1,k3,and k5 we have:

8 Secret Sharing based on the Lagrange Interpolating Polynomial
(continue)

9 Secret Sharing Without the Assistance of a Mutually Trusted Party
In case no trusted dealer is available, how to establish a secret sharing scheme? Example: Four users A, B, C and D need to set up a (2, 4) secret sharing without the assistance of a mutually trusted party. Each user selects a private key, ki, for i= A, B, C, D. Then secretly enters the private key one by one, and the system key is determined by k=kAkBkCkD.

10 Secret Sharing Without the Assistance of a Mutually Trusted Party
Then each user becomes the dealer and computes shares for other users using (2, 3) threshold scheme. Thus, they have users keys A B C D kA kA,B kA,C kA,D shares kB kB,A kB,C kB,D based on kC kC,A kC,B kC,D (2, 3) kD kD,A kD,B kD,C threshold scheme

11 Secret Sharing Without the Assistance of a Mutually Trusted Party
Later, for example, when A, B work together, they know kA, kB . In addition, from kC,A and kC,B, they can reconstruct kC. Similarly, from kD,A and kD,B , they can reconstruct kD. “Secret” can be either encryption key, like DES key, or private key, like DSS private key. If it is a DES key, then each share can only be used once. Efficiency is very low. If it is a DSS signing key, then due to the mathematical structure of public-key algorithm, each share does not need to be revealed directly.

Download ppt "Secret Sharing and Applications"

Similar presentations

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Ch12. Secret Sharing Schemes

Ch12. Secret Sharing Schemes
Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.
1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.

1 Intro To Encryption Exercise Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.
Secret Sharing Algorithms

Secret Sharing Algorithms
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --

Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN 317 12-03-2003.

Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.

Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.
Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security (CS435) Part Eight (Key Management)
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
A novel DRM framework for peer-to- per music content delivery Authors: Jung-Shian Li, Che-Jen Hsieh, Cheng-Fu Hung Source: 2010, Journal of Systems and.

A novel DRM framework for peer-to- per music content delivery Authors: Jung-Shian Li, Che-Jen Hsieh, Cheng-Fu Hung Source: 2010, Journal of Systems and.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Similar presentations

Ads by Google