[Cryptography] Key escrow scheme
Phillip Hallam-Baker
phill at hallambaker.com
Sun Apr 9 10:06:36 EDT 2017
On Sat, Apr 8, 2017 at 2:01 PM, Harlan Lieberman-Berg <hlieberman at setec.io>
wrote:
> Phillip Hallam-Baker <phill at hallambaker.com> writes:
> > Making such a scheme usable is somewhat tricky because we would want to
> > make the shares used to secure the key to be as small as possible for
> > convenience which indicates 128 bit work factor for the master key.
>
> Why not simply use Shamir's Secret Sharing? The security properties are
> much stronger (SSS is information-theoretic secure such that a (k,n)
> construction reveals no information with k-1 shares known. The size is
> fairly minimal too; IIRC, each share is no larger than the key itself
> (thus, the total construction is n*bit size).
>
I am using Shamir Secret Sharing. But that only gets you from a set of key
shares to a master secret. You still have to get from the master secret to
the encryption key.
If you use 256 bits for the master key you end up with 256 bit shares.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170409/fb359f82/attachment.html>
More information about the cryptography
mailing list