Notes - MCS
Applied Cryptography
Notes - MCS
Applied Cryptography
  • Applied Cryptography
  • Classical (Symmetric) Cryptography
    • Terminology
    • The Players
    • Use Cases
    • Information-Theoretic Security
    • Computational Security
    • Cryptanalysis
    • Practical Approaches
    • Cryptographic Robustness
    • Ciphers
      • Mono-Alphabetic
      • Polylphabetic
    • Rotor Machines
    • Stream Ciphers
  • Modern Symmetric Cryptography
    • Types
    • Symmetric Ciphers
    • Symmetric Block Ciphers
    • Feistel Networks
    • DES (Data Encryption Standard)
    • AES (Advanced Encryption Standard)
    • Stream Ciphers
    • Uniform Random Access
    • Linear Feedback Shift Register (LFSR)
  • Cipher Modes
    • Deployment of (Symmetric) Block Ciphers
    • Stream Cipher Modes
    • Security Reinforcement
  • Cryptographic Hashing
    • Digest functions
    • Rainbow Tables
    • Message Authentication Codes (MAC)
    • Authenticated Encryption
    • Encryption + Authentication
  • RSA & Related Subjects
    • Modular Arithmetic
    • Fast Modular Multiplication
    • The Extended Euclid's Algorithm
    • Linear Maps
    • Fermat's Little Theorem
    • Chinese Remainder Theorem
    • Fermat's Little Theorem
    • Modular Exponentiation
    • Multiplicative Order
    • The Discrete Logarithm Problem
    • Primality tests
    • The Diffie-Hellman Key Exchange Protocol
    • ElGamal Public Key Cryptosystem
    • The Rivest-Shamir-Adleman Cryptosystem
    • Finite Fields
    • Elliptic Curves
    • Diffie-Hellman using elliptic curves
    • Can we do RSA-like things with elliptic curves?
    • The discrete logarithm problem for elliptic curves
    • Secret sharing
    • Quadratic Residues
    • Zero-Knowledge proofs
      • One of two oblivious transfer
      • Coin flipping
      • Zero-knowledge proofs of identity
    • Homomorphic encryption
  • Asymmetric Key Management
    • Design Principles
    • Exploitation of private keys
    • Distribution of public keys
    • Public key (digital) certificates
    • Key pair usage
    • Certification Authorities (CA)
    • Certification Hierarchies
    • Refreshing of asymmetric key pairs
    • Certificate revocation lists (CRL)
    • Validity of signatures
    • Distribution of public key certificates
    • Time Stamping Authority (TSA)
    • PKI (Public Key Infrastructure)
  • Digital Signatures
    • Fundamental Approach
    • Signature Schemes
    • Key Elements
    • The document to sign
    • The signature date
    • The identity of the signatory
    • Optional elements of a digital signature
    • Algorithms
    • RSA signatures
    • ASN.1 digest algorithm prefixes
    • Digital Signature Standard (DSS)
    • Blind Signatures
    • Chaum Blind Signatures
    • Qualified electronic signature
      • Signature devices
    • PKCS #11
    • Microsoft Cryptographic API (CAPI)
    • Long-Term Validation (LTV)
    • LTV Advanced Electronic Signatures (AdES)
Powered by GitBook
On this page
  • Idea 1 - n = t
  • Idea 2
  • Idea 3
  • Polynomial Interpolation
  1. RSA & Related Subjects

Secret sharing

Problem:

  • nnn persons want to share a secret.

  • Any group of ttt persons can recover the secret.

  • Obviously, n≥1n \ge 1n≥1 and 1≤t≤n1 \le t \le n1≤t≤n.

  • On a computer program, the secret will ultimately be an integer.

How to do it:

  • A trusted central entity prepares and distributes part of the secret (a secret share) to each person.

Hurdles to overcome:

  • Knowing t−1t - 1 t−1 shares of the secret must not give any information about the secret.

Resilience to tampering:

  • To destroy the secret n−t+1n - t + 1n−t+1 secret shares have to be corrupted.

Idea 1 - n = t

Let the secret be the integer SSS, and let it have kkk bits.

Let the first n−1n-1n−1 shares of the secret, s1s_1s1​to sn−1s_{n-1}sn−1​, be random integers with kkk bits.

Let the last share of the secret be the exclusive-or of the secret with all the other shares of the secret (⊕\oplus ⊕donates here the bit-wise exclusive-or binar operator)

sn=S⊕s1⊕s2⊕...⊕sn−1s_n = S \oplus s_1 \oplus s_2 \oplus ... \oplus s_{n-1}sn​=S⊕s1​⊕s2​⊕...⊕sn−1​

To recover the secret it is only necessary to perform an exclusive-or of all secret shares.

sn=s1⊕s2⊕...⊕sns_n = s_1 \oplus s_2 \oplus ... \oplus s_{n}sn​=s1​⊕s2​⊕...⊕sn​

Knowledge of n−1n-1n−1 secret shares does not give any information about the secret.

It is possible to replace the bit-wise exclusive-or operations with additions and subtractions modulo mmm. In this case, the first n−1n-1n−1 secret shares are random integers from 0 to m−1m-1m−1, and the last secret share is (S−s1−s2−...−sn−1)modm(S-s_1-s_2-...-s_{n-1})mod m(S−s1​−s2​−...−sn−1​)modm. To recover the secret it is only necessary to add all secret shares (modulo mmm, of course). If mmm is a prime number, we can replace addition by multiplication.

Idea 2

Blakley's secret sharing scheme:

  • The secret is a point a PPP in a ttt-dimensional space.

  • Each share of the secret is a linear equation (with ttt unkowns) that has PPP has one of its solutions.

  • Putting together ttt equations allows us to find PPP.

  • It is necessary to ensure that the system of equations has a unique solution for all possible Ctn=n!t!(n−t)!C^n_t= \frac{n!}{t!(n-t)!}Ctn​=t!(n−t)!n!​ possible combinations of ttt equations chosen from the nnn equations, and that is cumbersome.

  • Each share of the secret is composed by t+1t + 1t+1 numbers.

  • Improved security: the secret is kept only in one of the coordinates of the point PPP.

  • Modular arithmetic should be used.

Idea 3

Shamir’s secret sharing scheme:

  • The secret in the independent coefficient a0a_0a0​ of a polynomial of degree t−1t − 1t−1,

  • A(x)=∑k=0t−1=akxkA(x) = \sum^{t-1}_{k=0}= a_kx^kA(x)=∑k=0t−1​=ak​xk

  • Each secret share in the pair (xk,A(x−k))(x_k, A(x-k))(xk​,A(x−k)).

  • Again, modular arithmetic should be used.

  • Each share of the secret is composed by only 2 numbers.

Things to think about:

  • Can we do it using square matrices for the aka^kak coefficients?

  • And how about for the ak coefficients and the xkx_kxk​ values?

Polynomial Interpolation

Given points (xk,yk)(x_k,y_k)(xk​,yk​), for k=0,1,...,nk = 0, 1, ... , nk=0,1,...,n, with xi≠xjx_i \ne x_jxi​=xj​ for i≠ji \ne ji=j , compute the unique polynomial of degree nnn that passes through these points.

  • Newton’s interpolation formula:

    • P0(x)=y0P_0(x) = y_0P0​(x)=y0​, and for k=1,2,...,nk = 1, 2, ..., nk=1,2,...,n

  • Lagrange’s interpolation formula:

If arithmetic modulo ppp is used we must have xi≠xj(modp)x_i \ne x_j (mod p)xi​=xj​(modp) for i≠ji \ne ji=j . If so, all modular inverses needed by Newton’s or Lagrange’s interpolation formulas exist.

Last updated 1 year ago