applied cryptography - protocols, algorithms, and source code in c

Walter can verify the elgamal signature he confirms

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: the quadratic polynomial has three unknown coefficients, a, b, and M, any three shadows can be used to create three equations. Two shadows cannot. One shadow cannot. Four or five shadows are redundant. For example, let M be 11. To construct a (3, 5)-threshold scheme, where any three of five people can reconstruct M, first generate a quadratic equation (7 and 8 were chosen randomly): F(x) = (7x2 + 8x + 11) mod 13 The five shadows are: k1 = F(1) = 7 + 8 + 11 a 0 (mod 13) k2 = F(2) = 28 + 16 + 11 a 3 (mod 13) k3 = F(3) = 63 + 24 + 11 a 7 (mod 13) k4 = F(4) = 112 + 32 + 11 a 12 (mod 13) k5 = F(5) = 175 + 40 + 11 a 5 (mod 13) To reconstruct M from three of the shadows, for example k2 , k3 , and k5 , solve the set of linear equations: a * 22 + b * 2 + M a 3 (mod 13) a * 32 + b * 3 + M a 7 (mod 13) a * 52 + b * 5 + M a 5 (mod 13) The solution will be a =7, b =8, and M =11. So M is recovered. This sharing scheme can be easily implemented for larger numbers. If you want to divide the message into 30 equal parts such that any six can get together and reproduce the message, give each of the 30 people the evaluation of a polynomial of degree 6. F(x) = (ax6 + bx5 + cx4 + dx3 + ex2 + fx + M) mod p Six people can solve for the six unknowns (including M); five people cannot learn anything about M. The most mind-boggling aspect of secret sharing is that if the coefficients are picked randomly, five people with infinite computing power can’t learn anything more than the length of the message (which each of them knows anyway). This is as secure as a one-time pad; an attempt at exhaustive search (that is, trying all possible sixth shadows) will reveal that any conceivable message could be the secret. This is true for all the secret-sharing schemes presented here. Vector Scheme George Blakley invented a scheme using points in space [182]. The message is defined as a point in m-dimensional space. Each shadow is the equation of an (m -1)-dimensional hyperplane that includes the point. The intersection of any m of the hyperplanes exactly determines the point. Fo...
View Full Document

Ask a homework question - tutors are online