In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D . This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be "signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in "electronic mail" and "electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d-l(mod (p-1) * (q-1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
A p p l i e d MathematicsThe Weizmann I n s t i t u t e of S c i e n c e Rehovot, 7 6 1 0 0 I s r a e l THE IDEA I n t h i s p a p e r w e i n t r o d u c e a novel t y p e of c r y p t o g r a p h i c scheme, which e n a b l e s any p a i r o f u s e r s t o communicate s e c u r e l y and t o v e r i f y each o t h e r ' s s i g n a t u r e s w i t h o u t exchanging p r i v a t e o r p u b l i c k e y s , w i t ho u t keeping key d i r e c t o r i e s , and w i t h o u t using t h e s e r v i c e s of a t h i r d p a r t y .The scheme assumes t h e e x i s t e n c e of t r u s t e d key g e n e r a t i o n cent e r s , whose s o l e p u r p o s e i s t o g i v e each u s e r a p e r s o n a l i z e d s m a r t c a r d when he f i r s t j o i n s t h e network. The i n f o r m a t i o n embedded i n t h i s c a r d e n a b l e s t h e u s e r t o s i g n and e n c r y p t t h e messages he sends and t o d e c r y p t and v e r i f y t h e messages h e r e c e i v e s i n a t o t a l l y independent way, r e g a r dless o f t h e i d e n t i t y of t h e o t h e r p a r t y . P r e v i o u s l y i s s u e d c a r d s d o n o t have t o b e u p d a t e d when new u s e r s j o i n t h e network, and t h e v a r i o u s c e n t e r s do n o t have t o c o o r d i n a t e t h e i r a c t i v i t i e s o r even t o k e e p au s e r l i s t . The c e n t e r s c a n b e c l o s e d a f t e r a l l t h e c a r d s a r e i s s u e d , and t h e n e t w o r k c a n c o n t i n u e t o f u n c t i o n i n a completely d e c e n t r a l i z e d way f o r an i n d e f i n i t e p e r i o d . The scheme i s i d e a l f o r c l o s e d groups of u s e r s such a s t h e execut i v e s of a m u l t i n a t i o n a l company or t h e branches of a l a r g e b a n k , s i n c e t h e h e a d q u a r t e r s of t h e c o r p o r a t i o n can s e r v e a s a key g e n e r a t i o n cent e r t h a t e v e r y o n e t r u s t s . The scheme remains p r a c t i c a l even on a n a t i o nwide scale w i t h h u n d r e d s of key g e n e r a t i o n c e n t e r s and m i l l i o n s o f u s e r s , and it can be t h e b a s i s f o r a new t y p e of p e r s o n a l i d e n t i f i c a t i o n c a r d w i t h which e v e r y o n e c a n e l e c t r o n i c a l l y s i g n checks, c r e d i t card s l i p s , l e g a l documents, and e l e c t r o n i c m a i l .The schsme is b a s e d on a p u b l i c key cryptosystem with a n e x t r a t w i s t : I n s t e a d of g e n e r a t i n g a random p a i r of p u b l i c / s e c r e t k e y s and p u b l i s h i n g one of t h e s e k e y s , t h e u s e r chooses h i s name and network ad- o t h e r p a r t y . The c o r r e s p o n d i n g s e c r e t key is computed by a key g e n e r at i o n c e n t e r and i s s u e d t o t h e u s e r i n t h e form of smart c a r d when h e f i r s t j o i n s t h e n e t w o r k . The c a r d c o n t a i n s a m i c r o p r o c e s s o r , a n 1/0 p o r t , a RAM, a ROM w i t h t h e secret key, and programs f o r message enc r y p t i o n / d ...
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be "signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in "electronic mail" and "electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ------l(mod (p -1) * (q -1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
In this paper we describe simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys. The schemes are provably secure against any known or chosen message attack if factoring is difficult, and typical implementations require only 1% to 4% of the number of modular multiplications required by the RSA scheme. Due to their simplicity, security and speed, these schemes are ideally suited for microprocessor-based devices such as smart cards, personal computers, and remote control systems. 1) Authentication schemes: A can prove to B that he is A , but someone else cannot prove to B that he is A. 2) Identification schemes: A can prove to B that he is A , but B cannot prove to someone 3) Signature schemes: A can prove to B that he is A , but B cannot prove even to himself Authentication schemes are useful only against external threats when A a n d B cooperate. The distinction between identification and signature schemes is subtle, and manifests itself mainly when the proof is interactive and the verifier later wants to prove its existence to a judge: In identification schemes B can create a credible transcript of an imaginary communication by carefully choosing both the questions and the answers in the dialog, while in signature schemes only real communication with A could generate a credible transcript. However, in many commercial and military applications the main problem is to detect forgeries in real time and to deny the service,
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.