This preview shows page 1. Sign up to view the full content.
Unformatted text preview: be very large; it can be as small as 0. (2) Alice creates a (k + j + 1, 2k + j + 1) threshold scheme, with: K as the secret. The secret keys of the intended recipients as shadows. The secret keys of nonrecipients not as shadows. j randomly chosen shadows, not the same as any of the secret keys. (3) Alice broadcasts k + j randomly chosen shadows, none of which is any of the shadows listed in step (2). (4) All listeners who receive the broadcast add their shadow to the k + j shadows they received. If adding their shadow allows them to calculate the secret, then they have recovered the key. If it does not, then they haven’t. Another approach can be found in [885,886,1194]. For yet another approach, see [1000]. Conference Key Distribution
This protocol allows a group of n users to agree on a secret key using only insecure channels. The group shares two large primes, p and q, and a generator g the same size as q. (1) User i, where i goes from 1 to n, chooses a random ri less than q, and broadcasts zi = gri mod p (2) Every user verifies that zjqa 1 (mod p), for all i from 1 to n. (3) User i broadcasts xi = (zi+1/zi1)ri mod p (4) User i computes K = (zi1)nri * xin1 * xi+1n2 *...* xi2 mod p All index computations in the above protocol—i  1, i  2, and i + 1—should be computed mod n. At the end of the protocol, all honest users have the same K. No one else gets anything. However, this protocol falls to a maninthemiddle attack. Another protocol, not quite as pretty, is in [757]. TatebayashiMatsuzakiNewman
This key distribution protocol is suitable for networks [1521]. Alice wants to generate a session key with Bob using Trent, the KDC. All parties know Trent’s public key, n. Trent knows the two large primes that n factors to, and hence can easily take cube roots modulo n. A lot of the details are left out of the following protocol, but you get the idea. (1) Alice chooses a random number, rA, and sends Trent rA3 mod n (2) Trent tells Bob that someone wants to exchange a key with him. (3) Bob chooses a random numbe...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details