Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Key Escrow - like leaving your key with a neighbour in case of an emergency.

Published byErin Blake Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Key Escrow - like leaving your key with a neighbour in case of an emergency."— Presentation transcript:

1 1 Key Escrow - like leaving your key with a neighbour in case of an emergency

2 2 t of n protocol A key is split into n pieces. Any t of the n pieces (1<=t<=n) are needed to recover the key. Any set of less than t key pieces should not reveal any information about the key.

3 3 2 of 2 protocol A key is split into 2 pieces. Both pieces are needed to recover the original key. Assume the key K is a b bit binary number K=k 1 k 2 k 3 ….. k b Each bit k i is either a 0 or a 1 The size of the key space is 2 b

4 4 1.The first key piece X 1 is a b-bit string chosen at random. 2.The second key piece X 2 is computed by XORing K and X 1 X 2 = K X 1 3.The key K is recovered by XORing the two key pieces together. K = X 1 X 2 4.Neither X 1 nor X 2 reveal any information about K on their own since they are both random strings of 0s and 1s.

5 5 Example (2 of 2 protocol) Generation of Key Pieces The key K = 10110101 Key part X 1 = 01011010 Key part X 2 = 11101111 Recovery of Key Key part X 1 = 01011010 Key part X 2 = 11101111 The key K = 10110101

6 6 n of n protocol The 2 of 2 protocol can be generalised to an n of n protocol. n key pieces X 1, X 2,……,X n are created and all are need to recover the original key. The first n-1 key pieces are chosen at random. The final key piece is computed by XORing the key K with X 1, X 2, …, X n X n = K X 1 X 2 …… X n-1 The key K is recovered by XORing all of the key pieces together

7 7 Example (4 of 4 protocol) Generation of Key Parts K = 10100110 X 1 = 11010101 X 2 = 00110100 X 3 = 00110011 X 4 = 01110100 Recovery of the Key X 1 = 11010101 X 2 = 00110100 X 3 = 00110011 X 4 = 01110100 K = 10100110

8 8 2 of 3 protocol Three key pieces are generated. Any two of the three pieces are needed to recover the original key. This time, think of the key K as a decimal number. We need a parameter p which is a prime greater than K. The value of p does not need to be secret.

9 9 2 of 3 protocol 1.Alice, the holder of the key K generates a random number a and 3 further random numbers x 1, x 2 and x 3 all different and all between 0 and p. 2.Alice computes k i = (a*x i +K) mod p for i=1,2,3. 3.Alice keeps the value a secret, and gives each of the 3 key holders a pair (x i, k i ).

10 10 Example (2 of 3 protocol) Generation of Key Parts K = 11, p = 19 a = 14, x 1 = 3, x 2 = 17, x 3 = 10 k 1 = (14*3 + 11) mod 19 = 53 mod 19 = 15 k 2 = (14*17 + 11) mod 19 = 249 mod 19 = 2 k 1 = (14*10 + 11) mod 19 = 151 mod 19 = 18 X 1 = {3,15} X 2 = {17,2} X 3 = {10,18}

11 11 Recovering K Each key holder has a pair (x i, k i ) and knows that k i = (a*x i + K) mod p, but without knowledge of a, this equation cannot be solved. There are p possible values for a and hence p possible values for K. However, if two key holders get together, they can form 2 equations in 2 unknowns which can be solved simultaneously for K.

12 12 Suppose the first two key holders share their information. Then they know: k 1 = (a*x 1 + K) mod p(1) k 2 = (a*x 2 + K) mod p (2) Multiplying the first equation by x 2 and the second equation by x 1 gives 2 more equations: (x 2 *k 1 ) = (a*x 1 *x 2 ) + (x 2 * K) mod p (3) (x 1 *k 1 ) = (a*x 1 *x 2 ) + (x 1 * K) mod p (4)

13 13 Now subtracting equation (4) from equation (3) gives (x 2 *k 1 ) = (a*x 1 *x 2 ) + (x 2 * K) mod p (3) (x 1 *k 1 ) = (a*x 1 *x 2 ) + (x 1 * K) mod p (4) (x 2 *k 1 - x 1 *k 1 ) = (x 2 * K) - (x 1 * K) mod p Or K = (x 2 *k 1 - x 1 *k 1 ) * (x 2 – x 1 ) -1 mod p

14 14 Example (2 of 3 protocol) Recovery of the Key Suppose key holders 1 and 2 decide to share their information so we know X 1 = {3,15} and X 2 = {17,2} We have the equations: 15 = 3a +K mod 19 (1) *17 2 = 17a+K mod 19 (2) * 3 (15*17) = (3*17*a) + 17K mod 19 (2*3) = (3*17*a) +3K mod 19 (15*17)-(2*3) = (17K-3K) mod 19 249 = 14K mod 19 The inverse of 14 mod 19 = 15 Therefore K = (249 * 15) mod 19 = (2*15) mod 19 = 30 mod 19 = 11

15 15 2 of n protocol The 2 of 3 protocol can be generalised to provide a 2 of n protocol. The key holders generates as many key pairs (k i, x i ) as necessary using the same method as for the 2 of 3 protocol. Any two key holders can retrieve the original key.

16 16 t of n protocol A similar protocol can be used for any values of t and n where 1< t < n. Alice needs to choose (t-1) random values a 1,a 2, …..,a t-1 and she generates key pairs such that each key holder has an equation in t unknowns (the values of a i and the value of K). Thus t key holders have to get together to form a set of t simultaneous equations which can be solved to find K.

Download ppt "1 Key Escrow - like leaving your key with a neighbour in case of an emergency."

Similar presentations

Unit 2 Week 5 Key Words. Unit 2 Week 5 damages Key Words.

Unit 2 Week 5 Key Words. Unit 2 Week 5 damages Key Words.
The Internet.

The Internet.
Service Bus Service Bus Access Control.

Service Bus Service Bus Access Control.
White to move… Checkmate in one move…. Solution Click Solution to see which piece to move. Click it again to see where to move.

White to move… Checkmate in one move…. Solution Click Solution to see which piece to move. Click it again to see where to move.
Developing a MapReduce Application – packet dissection.

Developing a MapReduce Application – packet dissection.
1 23 456 789. What have you learnt this lesson that can be linked to a previous lesson.

What have you learnt this lesson that can be linked to a previous lesson.
Additional notes on Hashing And notes on HW4. Selected Answers to the Last Assignment The records will hash to the following buckets: K h(K) (bucket number)

Additional notes on Hashing And notes on HW4. Selected Answers to the Last Assignment The records will hash to the following buckets: K h(K) (bucket number)
Information Assurance Management Key Escrow Digital Cash Week 12-1.

Information Assurance Management Key Escrow Digital Cash Week 12-1.
Lesson 6 Learning Target: Plants have parts with specific functions.

Lesson 6 Learning Target: Plants have parts with specific functions.
KEY STAGE 1 Fractions (linked to sharing) Heather Ross University of Greenwich September 2013.

KEY STAGE 1 Fractions (linked to sharing) Heather Ross University of Greenwich September 2013.
Olympia School District Data Warehouse A vision for our document management solution.

Olympia School District Data Warehouse A vision for our document management solution.
Key Escrow System “like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira.

Key Escrow System “like leaving your key with a neighbour in case of an emergency” SSIN – MIEIC Micael Fernando Fonseca Oliveira.
188, 1 128 2 18 2, 18 125 2 8 5, 91 1891 8 125 2 8 32 911832 8 125 2 8 27 9132 27 8 32 1827 Adding values Insertion grading Subtract 5 points for each.

188, , , Adding values Insertion grading Subtract 5 points for each.
A File System. A Programming Interface We will model the programming interface to a file system. This is a list of operations upon the file system, complete.

A File System. A Programming Interface We will model the programming interface to a file system. This is a list of operations upon the file system, complete.
Plants can reproduce asexually with stems, leaves, or roots.

Plants can reproduce asexually with stems, leaves, or roots.
Fractions An Interactive Activity introducing thirds.

Fractions An Interactive Activity introducing thirds.
Grade 6 Module 1 Lesson 8 Homework Answer Key.

Grade 6 Module 1 Lesson 8 Homework Answer Key.
Mr Gordana Zalad WRITING A SUMMARY. What is a summary? A summary is a brief restatement – in your own words – of the contents of a passage.

Mr Gordana Zalad WRITING A SUMMARY. What is a summary? A summary is a brief restatement – in your own words – of the contents of a passage.
Another method to solve quadratics. Why isn’t the last picture a square? Is this a square? What about this one?This one?

Another method to solve quadratics. Why isn’t the last picture a square? Is this a square? What about this one?This one?
Enzymes Layth Rustom 9C.

Enzymes Layth Rustom 9C.

Similar presentations

Ads by Google