1 / 12

Secret Sharing Schemes

Secret Sharing Schemes. Russ Martin. Table of Contents. What is Secret Sharing? Traditional Schemes Shamir’s Blakley’s Simplified. What is Secret Sharing.

elisa
Download Presentation

Secret Sharing Schemes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secret Sharing Schemes Russ Martin

  2. Table of Contents • What is Secret Sharing? • Traditional Schemes • Shamir’s • Blakley’s • Simplified

  3. What is Secret Sharing • A method of distributing a key between a group of persons so that any subset of a specified size can access the key, and a subset of size smaller can not. • A (t,w) Threshold Scheme is a method of sharing a key K among w participants in such a way that any t participants can compute the value of K, but no group of t-1 participants can. [1]

  4. Traditional Schemes – Shamir’s • Based on polynomial interpolation – given t points on the plane, only one polynomial q(x) degree of t-1 exists that satisfies q(x) = y for all xi (the key given to each participant). • K = the data being hidden by the scheme, in numeric form • q(x) = a0 + a1x + … + ak-1xk-1, where K = a0

  5. Shamir’s Scheme – Key Distribution • To Distribute data: Choose w unique elements in Zp, where p>w. These are the x values. • For i in 1 to w: Give xi to each of the participants. These x values are public • Choose t-1 values in Zprandomly. These values are secret to the person distributing the shares. These are the a values. • Privately give each member y = q(x) corresponding to their x value, where

  6. Shamir’s Scheme – Key Reconstruction • Solving for K: • Goal is to solve for the a values used during distribution, notably a0 = K • With t participants, one can form t linear equations in the form: • With t equations and t unknowns, there is a unique solution. Proof that the solution is unique is from Lagrange interpolation.

  7. Shamir’s Scheme - Example • p = 19, t = 3, w =4, xi = i • K = a0 = 12 • Randomly Choose a1 = 14 , a2 = 3 • q(1) = 10, q(2) = 14 , q(3) = 5 , q(4) = 2

  8. Shamir’s Scheme – Example (Solving) • (1,2,3) • (1,3,4) • (1,2,4) • (2,3,4) • In all cases, Equations solve for 12, 14, and 3, the values chosen

  9. Shamir’s Scheme • Size of all shares are up to the size of the hidden key • Once used, needs to have all coefficients changed • For t-1 people, forms a line of possible answers – providing no information • If a person is “more important”, increase their ability by giving them multiple shares

  10. Traditional Schemes – Blakley’s

  11. Works Cited [1]Stinson, Douglas R. Cryptography: Theory and Practice. CRC Press 2006. [2]Shamir, Adi. How to Share a Secret. November 1979. [3]Krawczyk, Hugo. Secret Sharing Made Short. 1993. [4]RSA Laboratories. What are some secret sharing schemes?

  12. Questions?

More Related