密码算法与协议6_阈值加密算法.

2017/10/8
6
Secret sharing schemes
Easy to see relationship between secret sharing and solving linear algebra equations (matrices) Finding f(0) requires t+1 distinct points on the line, where t is the order of function f Equations
2017/10/8
2
Example
Sending messages to an organization

Mor来自百度文库 than one authenticated individual required to read messages
Signing of messages by a group

Message requires a certain number of individuals to sign it before it can be verified
2017/10/8
5
Secret sharing schemes
(t,l) secret sharing schemes break up a secret (usually a private key) into l pieces These pieces are distributed amongst l individuals In order to recover the original secret, at least t individuals must cooperate Thus t is the “breaking point” for the secret
2017/10/8
4
Secret sharing
Secret sharing schemes form the basis for threshold cryptography. The idea is to split a secret into several shares, such that the secret can be reconstructed whenever a sufficient number of shares are available; if an insufficient number of shares is available, it should not be possible to reconstruct the secret, nor any part of it. In constructing secret sharing schemes one should be aware of several pitfalls, as demonstrated in the following example.
7
Secret sharing schemes
With t users communicating, we can solve the function for the initial secret, f(0). The problem is that once t individuals communicate, a malicious insider can take the secret key and now use it for other purposes This is a problem since now the insider can potentially forge the group signature, or read messages individually Need a system that provides decryption and signing without revealing the secret key
2017/10/8
3
Threshold cryptography
Threshold cryptography, or more generally group-oriented cryptography, comprises techniques to distribute basic cryptographic schemes among a number of parties. For example, in a threshold version of a digital signature scheme
25 20


f(x) = 5x - 2 f(x) = 4x2 + 3x + 1 f(x) = 3x3 - 2x2 + 4x - 3 f(x) = 2x4 - 3x3 + 4x2 + 6
15
10
5
0 -1.5 -1 -0.5 0 0.5 1 1.5 2 2.5
-5
-10
-15
2017/10/8


the private key is shared among ten parties, such that each subset of seven parties (or more) is able to issue signatures, while subsets of six parties (or less) cannot produce valid signatures.
Chapter 6.
Threshold Cryptography
2017/10/8
1
Motivation
In many situations it is undesirable that access to valuable items is controlled by a single party only. For example, opening a personal safe at a bank requires the use of two keys, one kept by the owner of the safe and one kept by a bank employee. Similarly, in many cryptographic schemes it is undesirable that ownership of a secret key is limited to a single party only. Instead, the ownership (i.e., knowledge) of a secret key needs to be distributed among a number of parties.