A Note About Trust Anchor Key Distribution
Thierry Moreau
thierry.moreau at connotech.com
Wed Jul 6 11:00:34 EDT 2005
To all:
Here is a scheme for a central organization
distributing a trust anchor public key with rollover
requirement. The suggested acronym for this scheme is
TAKREM for Trust Anchor Key REnewal Method.
We use the notation #R[i]# for the public "root" public
key #R[i]#, with the private key counterpart #r[i]#.
The central organization establishes key pairs
#<r[0],R[0]>#, #<r[1],R[1]>#, #<r[2],R[2]>#, ...,
#<r[n],R[n]>#, allocating the pair #<r[0],R[0]># as the
initial private/public trusted key pair, and reserving
each key pairs #<r[i],R[i]># for the cryptoperiod
starting with the #i#'th root key renewal, for
#1<=i<=n#.
A separate MASH (Modular Arithmetic Secure Hash)
instance #H[i]# is created for each #R[i]#. MASH is
defined in International standard document ISO/IEC
10118-4:1998, "Information technology - Security
techniques - Hash-functions - Part 4: Hash-functions
using modular arithmetic."
That is, the central organization selects a large
composite modulus number #N[i]# used in the MASH round
function and a prime number #P[i]# used in the MASH
final reduction function.
Then, the central organization selects a random salt
field #s[i]#.
A hash computation gives a root key digest #D[i]# :
#D[i]=H[i](s[i]|R[i]|N[i]|P[i])# .
The digest #D[i]# is like an advanced notice of future
trust anchor key #R[i]#.
The data tuple #<r[i],R[i],N[i],P[i],s[i]># is set
aside in dead storage.
The trust anchor key initial distribution is
#R[0], D[1], D[2], ..., D[n]# .
Security rationale: with data tuple
#<r[i],R[i],N[i],P[i],s[i]># totally concealed until
the usage period for key pair #<r[i],R[i]>#, an
adversary is left with the digest #D[i]# from which it
is deemed impossible to mount a brute force attack.
A root key rollover is triggered by the following
message:
#i,<R[i],N[i],P[i],s[i]># .
Upon receipt of this messsage, the end-user system
becomes in a position to validate the root key digest
#D[i]#.
More details are provided in
http://www.connotech.com/takrem.pdf.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list