Download presentation

Presentation is loading. Please wait.

Published byErin Blake Modified over 3 years ago

1
1 Key Escrow - like leaving your key with a neighbour in case of an emergency

2
2 t of n protocol A key is split into n pieces. Any t of the n pieces (1<=t<=n) are needed to recover the key. Any set of less than t key pieces should not reveal any information about the key.

3
3 2 of 2 protocol A key is split into 2 pieces. Both pieces are needed to recover the original key. Assume the key K is a b bit binary number K=k 1 k 2 k 3 ….. k b Each bit k i is either a 0 or a 1 The size of the key space is 2 b

4
4 1.The first key piece X 1 is a b-bit string chosen at random. 2.The second key piece X 2 is computed by XORing K and X 1 X 2 = K X 1 3.The key K is recovered by XORing the two key pieces together. K = X 1 X 2 4.Neither X 1 nor X 2 reveal any information about K on their own since they are both random strings of 0s and 1s.

5
5 Example (2 of 2 protocol) Generation of Key Pieces The key K = 10110101 Key part X 1 = 01011010 Key part X 2 = 11101111 Recovery of Key Key part X 1 = 01011010 Key part X 2 = 11101111 The key K = 10110101

6
6 n of n protocol The 2 of 2 protocol can be generalised to an n of n protocol. n key pieces X 1, X 2,……,X n are created and all are need to recover the original key. The first n-1 key pieces are chosen at random. The final key piece is computed by XORing the key K with X 1, X 2, …, X n X n = K X 1 X 2 …… X n-1 The key K is recovered by XORing all of the key pieces together

7
7 Example (4 of 4 protocol) Generation of Key Parts K = 10100110 X 1 = 11010101 X 2 = 00110100 X 3 = 00110011 X 4 = 01110100 Recovery of the Key X 1 = 11010101 X 2 = 00110100 X 3 = 00110011 X 4 = 01110100 K = 10100110

8
8 2 of 3 protocol Three key pieces are generated. Any two of the three pieces are needed to recover the original key. This time, think of the key K as a decimal number. We need a parameter p which is a prime greater than K. The value of p does not need to be secret.

9
9 2 of 3 protocol 1.Alice, the holder of the key K generates a random number a and 3 further random numbers x 1, x 2 and x 3 all different and all between 0 and p. 2.Alice computes k i = (a*x i +K) mod p for i=1,2,3. 3.Alice keeps the value a secret, and gives each of the 3 key holders a pair (x i, k i ).

10
10 Example (2 of 3 protocol) Generation of Key Parts K = 11, p = 19 a = 14, x 1 = 3, x 2 = 17, x 3 = 10 k 1 = (14*3 + 11) mod 19 = 53 mod 19 = 15 k 2 = (14*17 + 11) mod 19 = 249 mod 19 = 2 k 1 = (14*10 + 11) mod 19 = 151 mod 19 = 18 X 1 = {3,15} X 2 = {17,2} X 3 = {10,18}

11
11 Recovering K Each key holder has a pair (x i, k i ) and knows that k i = (a*x i + K) mod p, but without knowledge of a, this equation cannot be solved. There are p possible values for a and hence p possible values for K. However, if two key holders get together, they can form 2 equations in 2 unknowns which can be solved simultaneously for K.

12
12 Suppose the first two key holders share their information. Then they know: k 1 = (a*x 1 + K) mod p(1) k 2 = (a*x 2 + K) mod p (2) Multiplying the first equation by x 2 and the second equation by x 1 gives 2 more equations: (x 2 *k 1 ) = (a*x 1 *x 2 ) + (x 2 * K) mod p (3) (x 1 *k 1 ) = (a*x 1 *x 2 ) + (x 1 * K) mod p (4)

13
13 Now subtracting equation (4) from equation (3) gives (x 2 *k 1 ) = (a*x 1 *x 2 ) + (x 2 * K) mod p (3) (x 1 *k 1 ) = (a*x 1 *x 2 ) + (x 1 * K) mod p (4) (x 2 *k 1 - x 1 *k 1 ) = (x 2 * K) - (x 1 * K) mod p Or K = (x 2 *k 1 - x 1 *k 1 ) * (x 2 – x 1 ) -1 mod p

14
14 Example (2 of 3 protocol) Recovery of the Key Suppose key holders 1 and 2 decide to share their information so we know X 1 = {3,15} and X 2 = {17,2} We have the equations: 15 = 3a +K mod 19 (1) *17 2 = 17a+K mod 19 (2) * 3 (15*17) = (3*17*a) + 17K mod 19 (2*3) = (3*17*a) +3K mod 19 (15*17)-(2*3) = (17K-3K) mod 19 249 = 14K mod 19 The inverse of 14 mod 19 = 15 Therefore K = (249 * 15) mod 19 = (2*15) mod 19 = 30 mod 19 = 11

15
15 2 of n protocol The 2 of 3 protocol can be generalised to provide a 2 of n protocol. The key holders generates as many key pairs (k i, x i ) as necessary using the same method as for the 2 of 3 protocol. Any two key holders can retrieve the original key.

16
16 t of n protocol A similar protocol can be used for any values of t and n where 1< t < n. Alice needs to choose (t-1) random values a 1,a 2, …..,a t-1 and she generates key pairs such that each key holder has an equation in t unknowns (the values of a i and the value of K). Thus t key holders have to get together to form a set of t simultaneous equations which can be solved to find K.

Similar presentations

OK

PANEL DISCUSSION WoWMoM 2002 ARUP ACHARYA IBM T J WATSON RESEARCH CENTER

PANEL DISCUSSION WoWMoM 2002 ARUP ACHARYA IBM T J WATSON RESEARCH CENTER

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on number system class 10 Ppt on bill gates life Ppt on conservation of environment project Ppt on conservation of wildlife and natural vegetation regions Ppt on transformational leadership Ppt on desktop video conferencing Ppt on conservation of angular momentum Free ppt on smart note taker Ppt on cse related topics on personality Human brain anatomy and physiology ppt on cells