(Short) Intro and question

[Steven M. Bellovin]

On Sat, 06 Jan 2007 13:13:32 -0800
Allen <netsecurity at sound-by-design.com> wrote:

> Hi everyone,
> 
> I'm Allen Schaaf and I'm primarily an information security analyst -
> I try to look at things like a total stranger and ask all the dumb
> questions hoping to stumble on one or two that hadn't been asked
> before that will reveal a potential risk.
> 
> I'm currently consulting at a very large HMO and finding that there
> are lots of questions that have not been asked so I'm having fun.
> 
> One of the questions that I have been raising is trust and how to
> ensure that that it is not misplaced or eroded over time. Which leads
> me to my question for the list: I can see easily how to do split key
> for 2 out of x for key recovery, but I can't seem to find a reference
> to the 3 out of x problem.
> 
> In case I have not been clear enough, it is commonly known that it is
> harder to get collusion when three people need to act together than
> when there are just two. For most encryption 2 out x is just fine,
> but some things need a higher level of security than 2 out of x can
> provide.
> 
There's a vast literature on the subject.  The classic paper is "How to
Share a Secret", by Shamir, Comm. ACM 22:11, Nov 1979.  Gus Simmons
published a survey of the field about 10 years ago, but I don't have
the citation handy.  I've always been fond of "Cryptographic sealing
for information secrecy and authentication", David Gifford, Comm. ACM
25:4, April 1982, but remarkably few people seem to have heard of it --
even Simmons was surprised when I mentioned it to him.




		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com