BugTraq
Joint encryption? Feb 18 2005 07:42AM
John Richard Moser (nigelenki comcast net) (7 replies)
Re: Joint encryption? Feb 20 2005 12:09PM
Ruud H.G. van Tol (rvtol isolution nl)
Re: Joint encryption? Feb 20 2005 06:21AM
Valdis Kletnieks vt edu (1 replies)
Re: Joint encryption? Feb 20 2005 06:00PM
John Richard Moser (nigelenki comcast net)
RE: Joint encryption? Feb 19 2005 08:13PM
David Schwartz (davids webmaster com) (1 replies)
Re: Joint encryption? Feb 19 2005 09:59PM
John Richard Moser (nigelenki comcast net)
Re: Joint encryption? Feb 19 2005 07:21PM
Gandalf The White (gandalf digital net)
Re: Joint encryption? Feb 19 2005 04:32PM
Damian Menscher (menscher uiuc edu) (1 replies)
On Fri, 18 Feb 2005, John Richard Moser wrote:

> The authentication works as below:
>
> - N users may authenticate to access the data
> - A magnitude M of authenticated users is needed to access the data
> - N >= 3 > M >= 2
>
> Are there any known ways to do this?

Google for secret sharing or secret splitting. In particular, look for
Shamir's scheme, which seems to be the simplest. And there's always
Wikipedia: http://en.wikipedia.org/wiki/Secret_sharing

A brief overview of Shamir's scheme (it's so cool I can't resist):
Consider the M-th order polynomial:
N = c_{M-1} x^{M-1} + ... + c_1 x^1 + c_0 x^0
This polynomial is defined by c_0 .. c_{M-1}. So, M unknowns should
require M unknowns, right? Now let's say I tell you that I'm using M=2
(so N = c_1 x + c_0) and also tell you that:
N(1) = -1
N(2) = 1
and ask you for the password: c_0, c_1. You have two equations and two
unknowns, so you can solve it. What if person 2 was hit by a bus, and we
had to call in person 3 to access the data?
N(1) = -1
N(3) = 3
Either way, you can recover the coefficients (assuming you know
high-school math). And yet each individual person has zero knowledge.

> <EXAMPLE>
> N=3
> M=2
> Users X, Y, Z
> Key: [xxxx][yyyy][zzzz]
> X provides a key which decrypts xxxx
> Y provides a key which decrypts yyyy
> Z provides a key which decrypts zzzz

Very bad idea: each person knows enough to reduce the brute-force search
space dramatically.

As a side note, you mentioned that malicious attackers might have access
to the hardware. This is fine if they can only steal it and run their own
attacks on it. But an intelligent attacker would simply install a
keystroke logger, and grab a few keys. Guarding against this is left as
an exercise to the reader, but might involve splitting the secret amongst
multiple machines running different OSes in different locations adminned
by different people, possibly even running the secret-sharing software
written by different people. ;)

Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <menscher (at) uiuc (dot) edu [email concealed]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-

[ reply ]
Re: Joint encryption? Feb 19 2005 05:04PM
John Richard Moser (nigelenki comcast net)
Re: Joint encryption? Feb 19 2005 10:44AM
devnull Rodents Montreal QC CA (1 replies)
Re: Joint encryption? Feb 19 2005 12:24PM
John Richard Moser (nigelenki comcast net) (1 replies)
Re: Joint encryption? Feb 21 2005 08:02PM
peter zulu (peterzulu gmail com)
Re: Joint encryption? Feb 19 2005 10:24AM
Casper Dik Sun COM (1 replies)
Re: Joint encryption? Feb 19 2005 12:17PM
John Richard Moser (nigelenki comcast net) (1 replies)
Re: Joint encryption? Feb 21 2005 11:42AM
Robert C. Helling (R Helling damtp cam ac uk)


 

Privacy Statement
Copyright 2010, SecurityFocus