b级成绩查询ELEC5616 COMPUTER & NETWORK SECURITY
Lecture 14:
Cryptographic Protocols II
SECRET SPLITTING
Problem: You are the CEO of Coca-Cola. You’re responsible for keeping the formula cret from Pepsi’s industrial spies. You could tell your most trusted employees, – They could defect to the opposition – They could fall to rubber ho cryptanalysis How can we split a cret among two or more parties where each piece by itlf is uless?
英语语法培训
SECRET SPLITTING学校消防
Simple XOR Algorithm: Assume Trent wishes to protect message m: 1. Trent generates a random bit string r, the same length m 2. Trent computes s = m ⊕ r 3. Trent gives Alice r 4. Trent gives Bob s Each piece is called a shadow To reconstruct m, Alice and Bob XOR their shadows together If r is truly random, the system is perfectly cure (OTP) To extend the scheme to n people, generate n random bit strings (e.g. m ⊕ r ⊕ s ⊕ t = u)
tempo丶topteam
SECRET SPLITTING
Secret splitting aims to enhance reliability without increasing risk through distributing trust Issues: The system is adjudicated by Trent
Trent can hand out rubbish and say it’s part of the cret He can hand out a piece to Alice, Bob, Carol and Dave, and later tell everyone that only the first three pieces are needed and Dave is fired
All parties know the length of the message
It’s the same length as their piece of message
orgasmThe message is malleable
Alice can manipulate her shadow to “blind” it or alter bits in a known way (like flipping)
turnaroundAll parties are required to recover message (bus factor = 1)
SECRET SHARING
insultProblem: You are responsible for a small third-world country’s nuclear weapons program. You want tbyr
o ensure that no single lunatic can launch a missile. You want to ensure that no two lunatics can collude to launch a missile. You want at least three of five officers to be lunatics before a missile can be launched (bus factor = 3) We call this a (3,5)-threshold scheme
constant是什么意思
SHAMIR’S [T,N]-THRESHOLD SCHEME国土安全第一季
Bad on polynomial interpolation, and the fact that a polynomial y=f(x) of degree t-1 is uniquely defined by t points (x,y) Trent wishes to distribute message m amongst n urs, where any group of t urs can recover m (bus factor = n-t+1) Setup – Trent choos a prime p > max(m, n) – Trent ts a0 = m – Trent lects t-1 random, independent coefficients (a1…at-1 (0 ≤ aj ≤ p-1), defining the polynomial f(x) = Σj=0t-1 ajxj ) – Trent computes yi = f(xi) mod p (1 ≤ xi ≤ p-1) (just any random points on the curve ) – Trent nds share (xi,yi) to ur i
