春节顺口溜大全
儿童营养晚餐ELEC5616 COMPUTER & NETWORK SECURITY
Lecture 14:
前台工作总结
Cryptographic Protocols II
SECRET SPLITTING
Problem: You are the CEO of Coca-Cola. You’re responsible for keeping the formula cret from Pepsi’s industrial spies. You could tell your most trusted employees, – They could defect to the opposition – They could fall to rubber ho cryptanalysis How can we split a cret among two or more parties where each piece by itlf is uless?
SECRET SPLITTING
Simple XOR Algorithm: Assume Trent wishes to protect message m: 1. Trent generates a random bit string r, the same length m 2. Trent computes s = m ⊕ r 3. Trent gives Alice r 4. Trent gives Bob s Each piece is called a shadow To reconstruct m, Alice and Bob XOR their shadows together If r is truly random, the system is perfectly cure (OTP) To extend the scheme to n people, generate n random bit strings (e.g. m ⊕ r ⊕ s ⊕ t = u)
SECRET SPLITTING
Secret splitting aims to enhance reliability without increasing risk through distributing trust Issues: The system is adjudicated by Trent
Trent can hand out rubbish and say it’s part of the cret He can hand out a piece to Alice, Bob, Carol and Dave, and later tell everyone that only the first three pieces are needed and Dave is fired
消防演练观后感All parties know the length of the message备孕吃哪种叶酸好>深圳居住证网上续签
分子力It’s the same length as their piece of message
The message is malleable质量报告
Alice can manipulate her shadow to “blind” it or alter bits in a known way (like flipping)
All parties are required to recover message (bus factor = 1)
SECRET SHARING
Problem: You are responsible for a small third-world country’s nuclear weapons program. You want t
o ensure that no single lunatic can launch a missile. You want to ensure that no two lunatics can collude to launch a missile. You want at least three of five officers to be lunatics before a missile can be launched (bus factor = 3) We call this a (3,5)-threshold scheme
SHAMIR’S [T,N]-THRESHOLD SCHEME
Bad on polynomial interpolation, and the fact that a polynomial y=f(x) of degree t-1 is uniquely defined by t points (x,y) Trent wishes to distribute message m amongst n urs, where any group of t urs can recover m (bus factor = n-t+1) Setup – Trent choos a prime p > max(m, n) – Trent ts a0 = m – Trent lects t-1 random, independent coefficients (a1…at-1 (0 ≤ aj ≤ p-1), defining the polynomial f(x) = Σj=0t-1 ajxj ) – Trent computes yi = f(xi) mod p (1 ≤ xi ≤ p-1) (just any random points on the curve ) – Trent nds share (xi,yi) to ur i
