[Cryptography] About Secret Sharing Schemes and a Question
Peter Fairbrother
peter at tsto.co.uk
Wed Jun 5 13:09:47 EDT 2019
On 05/06/2019 15:23, Osman Kuzucu wrote:
> As for verifying the message from public, I believe it is better for
> them to trust one authorized person's approval (key master claiming that
> everyone collaborated) than trusting n different share holders about
> their honesty. Key master can lie to the public, but at the end, he was
> the one who created and distributed shares. If key master wanted to lie
> to others, he wouldn't share the keys with others at the first place.
You can do a little better than that. The master key can be generated by
the shareholders, and later the shares can be used, in such a way such
that no-one ever knows it.
Then the result of a query is an action token which will do something,
eg decrypt a file, send off the missiles, whatever - not somebody saying
"I have a valid (piece of paper) in my hand".
There is no key master in this scheme - but someone has to create the
action tokens. Usually that someone knows the decrypted file or how to
set off the missiles, but if he forgets that (or dies) then the secret
shareholders can read the file or whatever.
The action token creator need have no part in the key sharing; token
creation can all be done with available public keys. [8]
It is also usually possible to create the action token without anyone
(up to and including the file's creator) knowing the decrypted file
contents.
Hints for implementers - El Gamal is your friend.
My kind (the other kinds don't work here) of universal re-encryption can
help with the fancy stuff, so long as you only trust yourself. But then
that's rule 3 - "Only people you trust can betray you".
[8] probably not quantum computer proof - but the jury's still out on QC.
Did you read the recent rather mind-boggling results, reported as
"Saving Schroedinger's Cat" or the like? How might they affect QC?
Though I'm sure the cat is a lovely animal, I was always more beguiled
by the box ..
-- Peter Fairbrother
More information about the cryptography
mailing list