Re: How to refresh secret shares?
From: Henrick Hellström (henrick.hellstrm_at_telia.com)
Date: 05/04/03
- Next message: David Wagner: "Re: In 802.11 WEP, why is the IV transmitted plaintext?"
- Previous message: Jim Steuert: "Re: Key Exchange with Very Small (3-bit or 8x8) Transitive Quasigroups"
- In reply to: David Wagner: "Re: How to refresh secret shares?"
- Next in thread: David Wagner: "Re: How to refresh secret shares?"
- Reply: David Wagner: "Re: How to refresh secret shares?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 04 May 2003 21:12:39 GMT
David Wagner wrote:
> Sounds like you want proactive security / proactive cryptography.
> See the references I posted just a few weeks ago.
>
> (It sounds like one might be able to achieve your desired criterion by
> computing a random sharing of 0, i.e., r0 + ... + rn = 0, then asking
> everyone to replace their old zi by the new value zi + ri.)
How? I know you can do that with the sub shares sij that can be
reconstructed into the zi values, but how do you do that with the zi
values themselves?
A Shamir sharing of 0 will be based on a polynomial with a zero order
coefficient equal to zero. It will not necessarily be such that the sum
of all shares equals zero.
A trivial counter example: Use f(k) = 0 + k (mod 7) to share the secret
zero among three share holders. The shares will be f(1), f(2) and f(3),
and they will sum up to 6 (mod 7).
- Next message: David Wagner: "Re: In 802.11 WEP, why is the IV transmitted plaintext?"
- Previous message: Jim Steuert: "Re: Key Exchange with Very Small (3-bit or 8x8) Transitive Quasigroups"
- In reply to: David Wagner: "Re: How to refresh secret shares?"
- Next in thread: David Wagner: "Re: How to refresh secret shares?"
- Reply: David Wagner: "Re: How to refresh secret shares?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
