Cryptography Overview

R2: 2nd party’s public value

xS: secret key

In phase 1, each party computes a private value, ki, and then a public value, Ri:

R1 = k1P

R2 = k2P

In phase 2, the parties trade public values and compute the same elliptic curve point S:

S= k1R2 = k1k2P S = k2R1 = k2k1P

The first coordinate of S, xS, is their agreed-upon secret key.

Secret Sharing

Secret sharing, also known as a threshold scheme, takes a message or other data and divides it up into pieces in such a way that while each piece means nothing individually, some or all of the pieces can be assembled to retrieve the secret. Typically, the secret is a key used for encrypting sensitive data.

A good secret-sharing algorithm allows an application to share the secret among a variable number of shares. It should also be possible to set how many of the shares are needed to recover the secret. That is, if the total number of shares is N, you should be able to decide in advance that any K of them can recover the secret. The number K, the required number of shares, is known as the threshold.

With secret sharing, access can be split among several individuals, with reconstruction requiring a threshold number of shares. In this way, if one or more of the individuals are not available, it is still possible to recover the data. In addition, secret sharing contains some level of checks and balances: no one can recover data without at least one other individual knowing about it.

The algorithm used in Crypto-C is Bloom-Shamir secret sharing.

Figure 3-14 and Figure 3-15 show the schema for secret sharing and recovery.

8 0

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 102
Image 102
RSA Security 5.2.2 manual Secret Sharing, First coordinate of S, xS, is their agreed-upon secret key