We rely on secrets such as safe combinations, PIN codes, computer passwords, etc. But so many things happen to lose secretes.
1. Secrets can be lost.
2. Documents get destroyed.
3. Hard disks fail
4. People forget
5. People leave companies,
6. people die...
One way to avoid such problems :-
Divide secret data (D) in to pieces (n)
* Knowledge of some pieces (k) enables to derive secret data (D)
* Knowledge of any pieces (k-1) makes secret data (D) completely undetermined.
Such a scheme is called a (k, n) threshold scheme.
This presentation provides a in depth view of Shamir's Secret Sharing Scheme.
1. How to share a secret
by Adi Shamir
Damitha Premadasa.
Kelum Senanayake.
2. Introduction
About author Adi Shamir
An Israeli cryptographer born July 6, 1952.
He is a co-inventor of the RSA algorithm, Feige-Fiat-Shamir
Identification Scheme.
One of the inventors of Differential Cryptanalys.
Has made numerous contributions to the fields of
cryptography and computer science.
We rely on secrets such as safe combinations, PIN codes,
computer passwords, etc.
Secrets can be lost.
Documents get destroyed, Hard disks fail,
People forget, People leave companies, People die...
3. Example key management scenario
Eleven scientists are working on a secret project. They
wish to lock up the documents in a cabinet. The cabinet
can be opened if and only if six or more of the scientists
are present.
What is the smallest number of locks needed?
What is the smallest number of keys to the locks each scientist
must carry?
Minimal solution uses 462 locks and 252 keys per
scientist.
Drawbacks:
These numbers are clearly impractical
Becomes exponentially worse when the number of scientists
increases
4. Key management/cryptographic
schemes
What is a Key management system.
Key management is the provisions made in
a cryptography system design that are related to generation,
exchange, storage, safeguarding, use, vetting, and replacement
of keys.
Properties of key management schemes
Safety
Convenience
5. Shamir's secret-sharing scheme
Why Threshold schemes?
Secret sharing scheme,
Divide secret data (D) in to pieces (n)
Knowledge of some pieces (k) enables to derive secret data
(D)
Knowledge of any pieces (k-1) makes secret data (D)
completely undetermined.
Such a scheme is called a (k, n) threshold scheme.
Easily computable when have necessary data available
Avoid single point of failure, increase reliability and
security
Safety and convenience
6. Shamir's secret-sharing scheme (A simple
(k, n) threshold scheme)
Suppose using ( k, n ) threshold scheme to share our
secret S.
Choose at random k-1 coefficients a1, a2,.., a(k-1)
and let a0=S. Build the polynomial.
q(x) = a0 + a1 * x + a2 *x2 + ... a(k-1) * x(k-1)
Construct D1=q(1), ..., Di=q(i), ..., Dn=q(n).
Given any subset of k pairs, can find S using interpolation
The secret is the constant term a0.
7. Shamir's Secret Sharing scheme
The essential idea of Adi Shamir's threshold scheme,
2 points are sufficient to define a line.
3 points are sufficient to define a parabola.
4 points to define a cubic curve and so forth.
k points to define a polynomial of degree (k - 1)
8. Example
S = 1234, n = 6, k = 3
At random we obtain 2 numbers: a1 = 166, a2 = 94.
Our polynomial to produce secret shares (points) is
therefore:
q(x) = 1234 + 166 x + 94x2
We construct 6 points from the polynomial:
(1,1494); (2,1942); (3,2578); (4,3402);
(5,4414); (6,5614)
We give each participant a different single point (both x
and q(x) ).
9. Example contd…
Reconstruction the secret,
In order to reconstruct the secret any 3 points will be
enough.
Let us consider (2,1942); (4,3402); (5,4414);
Using Lagrange basis polynomials, it is possible to
construct q(x) hence S value can be derived.
12. Useful properties of (k, n) threshold
scheme
Secure.
Minimal: The size of each piece does not exceed the size
of the original data.
Extensible: When k is kept fixed, Di pieces can be
dynamically added or deleted without affecting the other
pieces.
Dynamic: Security can be easily enhanced without
changing the secret, but by changing the polynomial
occasionally (keeping the same free term) and
constructing new shares to the participants.
13. Useful properties contd..
Flexible: In organizations where hierarchy is important,
we can supply each participant different number of pieces
according to his importance inside the organization. For
instance, the president can unlock the safe alone, whereas
3 secretaries are required together to unlock it.
Efficient algorithms [O(n log2 n)] available for polynomial
evaluation and interpolation