Adi Shamir
Abstract
In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
- 1 Aho, A., Hopcroft, J., and Ullman, J. The Design and Analysis of Computer AIgorithms. Addison-Wesley, Reading, Mass., 1974. Google Scholar
Digital Library
- 2 Blakley, G.R. Safeguarding cryptographic keys. Proc. AFIPS 1979 NCC, Vol. 48, Arlington, Va., June 1979, pp. 313-317.Google Scholar
- 3 Knuth, D. The Art of Computer Programming, Vol. 2: SeminumericalAlgorithms. Addison-Wesley, Reading, Mass., 1969. Google ScholarDigital Library
- 4 Liu, C.L. Introduction to Combinatorial Mathematics. McGraw- Hill, New York, 1968.Google Scholar
- 5 Rivest, R., Shamir, A., and Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Comm. A CM 21, 2 (Feb. 1978), 120-126. Google ScholarDigital Library
Index Terms
- How to share a secret
Recommendations
Encrypting Keys Securely
Encryption keys are sometimes encrypted themselves; doing that properly requires special care. Although it might look like an oversight at first, the broadly accepted formal security definitions for cryptosystems don't allow encryption of key-dependent ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part IDesign a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Towards the Forgery of a Group Signature without Knowing the Group Center's Secret
ICICS '01: Proceedings of the Third International Conference on Information and Communications SecurityA group signature scheme allows the group member to sign messages on behalf of a group. In 1996, Kim et al. proposed a new type of group signature, called "convertible group signature". Recently, Saeednia pointed out that there are weaknesses in a ...
Comments