[Cryptography] About Secret Sharing Schemes and a Question

[Philipp Gühring]

Hi,


> The problem here is, once 7 people come together, they actually see the
> PGP Private Key, which could be used later on by any of these members
> to generate more messages, which I am trying to prevent.

Well, it depends on how you handle it, and what your application really
is. You could put the key-restoration and key-using into a secured
environment, like a High-Security-Module, so that the parts are assembled
in a secure environment, used, and erased shortly afterwards, so that none
of the knights gets to know the key or the shares of the others.

There are other schemes for e.g. digital signatures (which are different
to Shamir's Secret Sharing Scheme), where different mathematics and
algorithms are used underneath, and the actual application of signing is
spread across all participants with their individual shares, and then only
the results are combined into the combined result, not the shares
themselves. So neither of the knights would have to disclose his share to
the others or to any central place, but they could still collectively do
something ... digitally sign the command that the door should unlock itself.

But yes, what if the knights leave the door open in the end, or what if
the last knight leaving blocks the door so that it cannot be closed again? ...

In practical implementation you will potentially run into debugging
problems. What if the crypto implementation of one knight is faulty, or
what if one knight deliberatly sends in wrong data? How do you identify
whether one of the shares that is offered is a valid share or not? What do
you do with replay-attacks, ... 
How do you exchange the keys? How do you exchange the keys of those
knights that are not present? What do you do when there are not enough
knights available in one year, will that cause a denial-of-service?

Best regards,
Philipp Gühring