peterson berge
TRANSCRIPT
Secure Schemes for Secret Sharing and Key
Distribution
N. Chandramowliswaran, P. Muralikrishna and S. Srinivasan
School of Advanced Sciences,Vellore Institute of Technology,
Vellore 632 014,India.
e-mail: [email protected]
Abstract
In resent years the security of operations taking place over a computer
network become very important. It is necessary to protect such actions
against bad users who may try to misuse the system (e.g. steal credit
card numbers, read personal mail, or impersonate other users.) Many
protocols and schemes were designed to solve problem of this type. This
paper deals with two fundamental cryptographic tools that are useful in such
contexts: generalized secret sharing scheme and key distribution schemes.
Both secret sharing schemes and key distribution schemes are used in multi-
party systems. secret sharing schemes enables some predetermined sets of
parties to reconstruct a given secret. In this paper we have shown a novel
key pre distribution algorithm based on number theory which uses Chineese
Remainder Theorem (CRT), Continued fractions (CF) and pell’s equation.
1 Introduction
Secret sharing (also called secret splitting) refers to method for distributing a
secret amongst a group of participants, each of whom is allocated a share of the
1
2
secret. The secret can be reconstructed only when a sufficient number, of possibly
different types, of shares are combined together; individual shares are of no use
on their own.
Secret sharing was invented independently by Adi Shamir [6] and George
Blakley [7] in 1979. Secret sharing schemes are ideal for storing information that is
highly sensitive and highly important. Examples include: encryption keys, missile
launch codes, and numbered bank accounts. Each of these pieces of information
must be kept highly confidential, as their exposure could be disastrous, however,
it is also critical that they not be lost. Traditional methods for encryption are
ill-suited for simultaneously achieving high levels of confidentiality and reliability.
This is because when storing the encryption key, one must choose between keeping
a single copy of the key in one location for maximum secrecy, or keeping multiple
copies of the key in different locations for greater reliability. Increasing reliability
of the key by storing multiple copies lowers confidentiality by creating additional
attack vectors; there are more opportunities for a copy to fall into the wrong
hands. Secret sharing schemes address this problem, and allow arbitrarily high
levels of confidentiality and reliability to be achieved.
A secure secret sharing scheme distributes shares so that anyone with fewer
than t shares has no extra information about the secret than someone with 0
shares.
Consider for example the secret sharing scheme in which the secret phrase
security is divided into the shares se−−−−−−,−− cu−−−−,−−−− ri−−,
and − − − − − − ty. A person with 0 shares knows only that the password
consists of eight letters. He would have to guess the password from 268 = 208
billion possible combinations. A person with one share, however, would have to
guess only the six letters, from 266 = 308 million combinations, and so on as
more persons collude. Consequently this system is not a secure secret sharing
scheme, because a player with fewer than t secret-shares is able to reduce the
problem of obtaining the inner secret without first needing to obtain all of the
necessary shares.
More generally, (n; k) secret sharing is the problem of distributing a secret
3
number s among n people so that no k − 1 of them have any information
about s but k of them can determine s. Shamir’s secret sharing does this by
giving the n -th party f(n), where f is an appropriately chosen polynomial. The
dealer Dan picks random field elements a1, a2, . . . , ak−1, and uses the polynomial
f(t) = s + a1t + a2t2 + ⋅ ⋅ ⋅ + ak−1t
k−1. He gives the n -th person f(n). For
k people to recover the secret, they just pool their shares and use Lagrange
interpolation to find the unique degree k − 1 polynomial passing through the k
points. (Lagrange interpolation works over any field. In practice, a large finite
field would probably be used.) The secret is just the constant term. Any k − 1
people have no knowledge about s. They have k − 1 points on the polynomial,
but there is a degree k − 1 polynomial going through their k − 1 points and
(0, t) for any integer t, so their combined knowledge reveals nothing about s.
The current trend towards cloud computing means that more and more data
is being processed and stored by online resources beyond physical and logical
control of the owner. It is a simple task for an adversary to intercept, copy, and
store any data sent across a public network and from this point on, confidentiality
is determined solely by the original encryption scheme. Hence re-encryption is
useless, and even deletion of data cannot be guaranteed.
Current cryptographic schemes in wide deployment today, such as RSA, Dife
Hellman, and AES, do not over long term confidentiality guarantees. This
is because concrete security is based on the current infeasibility of a specific
computational problem, such as factoring a 1024 -bit RSA modulus or computing
a 128 -bit AES key, and there are no known techniques to prove the hardness of
such problems.
We mention several related survey articles which overlap to some extent with
our exposition [1][2][3][4][5]
One of the standard topics in a first course in number theory is the Euler �
function, with �(n) defined as the number of positive integers less than n and
relatively prime to n. A famous theorem involving � is that suppose a and b
are any two positive integers with (a, b) = 1 then a�(b)+b�(a) ≡ 1(mod ab). The
Chinese Remainder Theorem (CRT) can also be used in secret sharing, there are
4
two secret sharing schemes that make use of the Chinese Remainder Theorem,
Mignotte’s and Asmuth-Bloom’s Schemes. They are threshold secret sharing
schemes, in which the shares are generated by reduction modulo the integers
mi, and the secret is recovered by essentially solving the system of congruences
using the Chinese Remainder Theorem.
Theorem 1.0. (Chinese Remainder Theorem)
Suppose that m1,m2, . . . ,mr are pairwise relatively prime positive integers, and
let a1, a2, . . . , ar be integers. Then the system of congruences, x ≡ ai(mod mi)
for 1 ≤ i ≤ r, has a unique solution modulo M = m1 ×m2 × . . .×mr, which is
given by: x ≡ a1M1y1 + a2M2y2 + . . .+ arMryr(mod M), where Mi =Mmi
and
yi ≡ (Mi)−1(mod mi) for 1 ≤ i ≤ r.
2 Main Results
Lemma 2.1. Let p, q and r be three given distinct odd primes. Then there exist
integers k1, k2 and k3 such that
k1p(qr−1 + rq−1) + k2q(p
r−1 + rq−1) + k3r(pq−1 + qp−1) + 2 ≡ 0 (mod pqr).
Proof:
Define: X = (pq−1 + qp−1) + (pr−1 + rp−1) + (qr−1 + rq−1)− 2. Then
X ≡ (qr−1 + rq−1)(modp)
X ≡ (pr−1 + rp−1)(modq) and
X ≡ (pq−1 + qp−1)(modr).
By CRT, the above system of congruences has exactly one solution modulo the
product pqr.
Define M = pqr
Mp = Mp
= qr,Mq = Mq
= pr and Mr = Mr
= pq.
Since (Mp, p) = 1, then there is a unique M ′p such that MpM
′p ≡ 1 (mod p).
Similarly there are unique M ′q and M ′
r such that
MqM′q ≡ 1 (mod q) and MrM
′r ≡ 1 (mod r).
Consider
X ≡ ((pq−1+qp−1)MrM′r+(pr−1+rp−1)MqM
′q+(qr−1+rq−1)MpM
′p) (mod pqr)
5
pq−1 + qp−1 + pr−1 + rp−1 + qr−1 + rq−1 − 2
≡ ((pq−1+ qp−1)MrM′r+(pr−1+ rp−1)MqM
′q+(qr−1+ rq−1)MpM
′p) (mod pqr)
−2 ≡ ((pq−1 + qp−1)(MrM′r − 1) + (pr−1 + rp−1)(MqM
′q − 1)
+(qr−1 + rq−1)(MpM′p − 1)) (mod pqr)
Thus
k1p(qr−1 + rq−1) + k2q(p
r−1 + rq−1) + k3r(pq−1 + qp−1) + 2 ≡ 0 (mod pqr).
Theorem 2.0. Let S be the given secret and N = pqr where p, q and r are
distinct large odd primes. Define three secret shareholders Y1, Y2, Y3 as follows:
Y1 ≡ (−Sk1p(qr−1 + rq−1)) (mod N), Y2 ≡ (−Sk2q(p
r−1 + rp−1)) (mod N) and
Y3 ≡ (−S(k3r(pq−1 + qp−1) + 1)) (modN) then S = Y1 + Y2 + Y3(mod N)
Proof: By the above Lemma 2.1, we have
k1p(qr−1 + rq−1) + k2q(p
r−1 + rq−1) + k3r(pq−1 + qp−1) + 2 ≡ 0 (mod N).
1 ≡ (−(k1p(qr−1+rq−1))− (k2q(p
r−1+rq−1))− (k3r(pq−1+qp−1)+1)) (mod N)
Thus S = Y1 + Y2 + Y3(mod N).
Algorithm 1.
∙ Choose two secret very large odd primes r1, r2 with r1 > r2
∙ Construct x2 + 1 = (r21 + r22)y
∙ Select two large odd primes p and q
∙ Define n = pq then �(n) = (p−1)(q−1) Where �(n) is Euler phi function
∙ Select a random e such that [ 1 < e < �(n) ] (e, �(n)) = 1
∙ For an e there is a unique d such that ed ≡ 1(mod �(n))
∙ consider a = (r21 + r22)(y + d)− (x+ �(n))2
a = (r21 + r22)y − x2 + (r21 + r22)d− [�(n)]2 − 2x�(n)
= 1 + (r21 + r22)d− [�(n)]2 − 2x�(n)
a ≡ 1 + (r21 + r22)d(mod �(n))
ae ≡ e+ (r21 + r22)(mod �(n))
s ≡ e(mod �(n)) where s = ae− (r21 + r22)
6
∙ Public key: (s, n)
∙ Represent the message m in the interval [0, n− 1] with (m,n) = 1
∙ Encryption
E ≡ ms(mod n)
≡ mk�(n)+e(mod n)
≡ mk�(n)me(mod n)
≡ [m�(n)]kme(mod n)
≡ me(mod n)
∙ Key distribution: Choose ℓ share holders then e = k1 + k2 + ⋅ ⋅ ⋅+ kℓ
E ≡ me(mod n)
E ≡ mk1+k2+⋅⋅⋅+kℓ(mod n)
E ≡ mk1mk2 . . .mkℓ(mod n)
∙ For ℓ share holders we can distribute ℓ key’s such as mk1 ,mk2 , . . . ,mkℓ .
Algorithm 2.
∙ Select a secret odd prime integer r
∙ Consider the Diophantine Equation:
y2 − rx2 = 1 (1)
∙ Let (x0, y0) be the least positive integral solution of (1). Here x0, y0 are
kept secret
∙ Select two large odd primes p and q
∙ Define n = pq then �(n) = (p−1)(q−1) Where �(n) is Euler phi function
∙ Select a random e such that [ 1 < e < �(n) ] such that (e, �(n)) = 1
∙ For an e there is a unique d such that ed ≡ 1(mod �(n))
∙ consider a = (y0 + �(n))2 − r(x0 + e)2 (2)
∙ e3 is not congruent to 1(mod �(n)) and d3 is not congruent to
1(mod �(n))
7
∙ From (2) ad3 + rd+ 2x0d2r ≡ d3 (mod �(n))
∙ Let S = ad3 + 2x0d2r + rd then S ≡ d3 (mod �(n))
∙ Public key: (s, n)
∙ Represent the message m in the interval [0, n− 1] with (m,n) = 1
∙ Encryption
E ≡ ms(mod n)
≡ mk�(n)+d3(mod n)
≡ mk�(n)md3(mod n)
≡ [m�(n)]kmd3(mod n)
≡ md3(mod n)
∙ Key distribution: Choose ℓ share holders then d3 = k1 + k2 + ⋅ ⋅ ⋅+ kℓ
E ≡ md3(mod n)
E ≡ mk1+k2+⋅⋅⋅+kℓ(mod n)
E ≡ mk1mk2 . . .mkℓ(mod n)
∙ For ℓ share holders we can distribute ℓ key’s such as mk1 ,mk2 , . . . ,mkℓ .
Algorithm 3.
∙ Let p, q, r and s be the given distinct secrete odd primes.
∙ Define u = p q and v = r s
∙ Select a, b such that (a, u) = 1 and (b, v) = 1
∙ Select two positive integers e, f such that
(e, (p− 1)(q − 1)) = 1 and (f, (r − 1)(s− 1)) = 1
∙ Select a common secret t with p, q, r, s should not divide H
∙ Define x1, x2 as follows:
x1 ≡ ate(mod U)
x2 ≡ btf (mod V )
∙ Solve t uniquely under (mod UV ) using Chineese Remainder Theorem
8
∙ t is the common secret shared by x1 and x2
BC code
∙ Let N be a fixed positive integer
∙ Define �(i,N) =∣ {x ∣ i ≤ x ≤ N witℎ (x,N) = 1} ∣ where i ∈ {1, 2, . . . , N}
∙ Define the BC code for N (BCN ) as follows:
BCN = (�(1,N), �(2,N), . . . , �(N−1,N), �(N,N))
Remark
For every positive integer N we can write a unique BC code
Theorem 2.0. Let N be any positive integer. Then N is a prime if and only
if there exist a unique BC code such that BCN = (N − 1, N − 2, . . . , 2, 1, 0).
∙ Let N be an odd positive integer
∙ Let SN = {1, 2, 3, . . . , N − 1, N}
∙ Define A = {x ∈ SN ∣ 1 ≤ x ≤ N, (x,N) = 1} where gcd{x,N} = 1 =
(x,N)
∙ For each e with (e, �(N)) = 1, the map x −→ xe is a permutation on A
∙ ∣ A ∣= �(N) = N∏
p∣N
(
1− 1p
)
, where the product is over the distinct
prime numbers dividing N
∙ Let f : A −→ A with f(x) = N − x, ∀x ∈ A
Then f is bijective on A
∙ Define S1 =∑
x∈A
x and S1 =∑
x∈A
N − x
Then 2S1 =∑
(x,N)=1
N = N�(N)
S1 = N�(N)2
∙ Define B = {x ∈ A ∣ (x+ 1, N) = 1}
∙ ∣ B ∣= (N) = N∏
p∣N
(
1− 2p
)
, where the product is over the distinct
prime numbers dividing N (B is non empty if and only if N is odd)
9
∙ Let g : B −→ B with g(y) = N − y − 1, ∀y ∈ B
Then g is bijective on B
∙ Define S2 =∑
y∈B
y and S2 =∑
y∈B
N − y − 1
Then 2S2 =∑
(x,N)=(x+1,N)=1
N − 1 = (N − 1) (N)
S2 = N−12 (N)
∙ Define C = {x ∈ B ∣ (x+ 2, N) = 1}
∙ ∣ C ∣= �(N) where the product is over the distinct prime numbers dividing
N (C is non empty if and only if N is odd)
∙ Let ℎ : C −→ C with g(z) = N − z − 2, ∀z ∈ B
Then ℎ is bijective on C
∙ Define S3 =∑
z∈C
z and S3 =∑
z∈C
N − z − 2
Then 2S3 =∑
(x,N)=(x+1,N)=(x+2,N)=1
N − 2 = (N − 2)�(N)
S3 = N−22 �(N)
Proposition 2.1. Let N ≥ 3 be a given positive integer. Define a tree TN
as follows, for each x > 1 such that (x,N) = 1, then there is a unique vertex
vx ∈ V (TN ) with deg vx = x and remaining all leaves, then prove that the number
of vertices of TN is n = �(N)2 (N − 2) + 2.
Proof:
Let N ≥ 3 be a positive integer then there exists xi such that gcd (xi, N) =
1, ∀i = {2, 3, . . . , �(N)}. Construct a tree TN such that for each xi there exists
a unique vertex vxiof degree xi.
Clearly,n∑
i=2
d(vxi) = 2(n− 1)
(N�(N)2 − 1) + n− (�(N)− 1) = 2n− 2 where V (TN ) = n.
Proposition 2.2. Let N ≥ 3 be a positive integer. Construct a tree TN such
that for each x > 1 with (x,N) = (x+1, N) = 1 then there is a unique vertex
vx of degree x. Prove that the number of vertices of TN is n = (N)2 (N−3)+2.
10
Proof:
Let N ≥ 3 be a positive integer then there exists xi such that (xi, N) = 1, ∀i =
{2, 3, . . . , (N)}. Construct a tree TN such that for each xi there exists a unique
vertex vxiof degree xi.
Clearly,n∑
i=2
d(vxi) = 2(n− 1)
(N−12 ) (N)− 1 + n− ( (N)− 1) = 2n− 2 where V (TN ) = n.
Proposition 2.3. Let N ≥ 3 be an odd positive integer. Construct a tree TN
such that for each x > 1 with (x,N) = (x+1, N) = (x+2, N) = 1 then there
is a unique vertex vx of degree x. Prove that the number of vertices of TN is
n =?.
Proof:
Let N ≥ 3 be an odd positive integer then there exists xi such that (xi, N) = 1
(xi + 1, N) = 1 and (xi + 2, N) = 1, ∀i = {2, 3, . . . , �(N)}. Construct a tree TN
such that for each xi there exists a unique vertex vxiof degree xi.
Managing the shortage of Login ID Problems
b
b b
bb
b
b b
bb b
ID1
user
7
user
1
user 13
user10 user 9
user 8user 6
user 2
user 4
user5
user
3user11
user 15
user
12
user
14
ID3 ID4
ID2 ID5
ID6
ID10
ID9
ID7
ID8
∙ There are 10 Login ID and 15 fifteen users in the given network
∙ Any two Login IDs can be utilized by at most one user
11
∙ Every Login ID is used by exactly three users
∙ Represent the Login IDs by the nodes (vertices) of the graph G
∙ If there is a user − j using Login IDs Log IDr and Log IDs, then join
them by an edge
b b
Log IDr Log IDs
user j
∙ If the two users have a common Login ID then they are conflict users,
otherwise non-conflict users
Example Conflict users: user− 1, user− 2 and user− 7, they have
common Login ID Log ID1
Non-Conflict users: user − 2, user − 5 and user − 9
∙ Define V (G) = {vi = Log IDi ∣ 1 ≤ i ≤ 10}
Define E(G) = {k = user k ∣ 1 ≤ k ≤ 15}
∙ Define f(vi) = f(Log IDi) = �(i), where � is a permutation on the set of
numbers {1, 2, . . . , 10}
This �(i) is given for each Log IDi
∙ Now define the graceful labeling g on the set {�(1), �(2), . . . , �(10)}
g : {�(i) : 1 ≤ i ≤ 10} −→ {0, 1, 2, . . . , q − 1, q}
Suppose
b b
Log IDr Log IDs
user j
g[user j] =∣ g(�(r))− g(�(s)) ∣∈ {1, 2, . . . , q}
where 1 ≤ r, s ≤ 10, r ∕= s
∙ g : E(G) −→ {1, 2, . . . , q}
∙ g is kept secret, but g[user j] is given for each user j
∙ g[user j] is called user − ID
12
b b
Log IDr Log IDs
user j
(�(r), �(s)) are two Login IDs for the user j
∙ Entire Network is kept secret
∙ P : V (G) −→ {p1, p2, . . . , p10} where pi, 1 ≤ i ≤ 10 are distinct odd
primes with q < min{pi}, 1 ≤ i ≤ 10, q < pj∀j (P is kept secret)
b b
Log IDr Log IDs
user j
�(r) �(s)known
g[user j] is known 1 ≤ j ≤ 15
∙ Define ej : (ej , (pr − 1)(ps − 1)) = 1 ( ej kept secret)
∙ Define mj ≡ (g[user j])ej (mod prps)
P[Log IDr] = pr,P[Log IDs] = ps, 1 ≤ r, s ≤ 10, r ∕= s
∙ Decompose the user (edges) into subset of Non-Conflict users (set of
Independent Edges)
∙ A = {user − 2, user − 5, user − 9, user − 11, user − 13} :
user − 2←→ {Log ID1, Log ID5}
user − 5←→ {Log ID2, Log ID3}
user − 9←→ {Log ID4, Log ID8}
user − 11←→ {Log ID6, Log ID9}
user − 13←→ {Log ID7, Log ID10}
B = {user − 1, user − 3, user − 12, user − 14} :
user − 1←→ {Log ID1, Log ID2}
user − 3←→ {Log ID5, Log ID4}
user − 12←→ {Log ID6, Log ID8}
user − 14←→ {Log ID7, Log ID9}
13
C = {user − 4, user − 7, user − 8, user − 15} :
user − 4←→ {Log ID3, Log ID4}
user − 7←→ {Log ID1, Log ID6}
user − 8←→ {Log ID5, Log ID7}
user − 15←→ {Log ID8, Log ID10}
D = {user − 6, user − 10} :
user − 6←→ {Log ID2, Log ID10}
user − 10←→ {Log ID3, Log ID9}
∙ Define congruences equations for the set A,B,C and D as follows
x ≡ m2 (mod p1p5)
x ≡ m5 (mod p2p3)
x ≡ m9 (mod p4p8)
x ≡ m11 (mod p6p9)
x ≡ m13 (mod p7p10)
x has a unique solution mod( p1p2 . . . p10)
Thus x is the common secret shared by the group A Non-Conflict users
y ≡ m1 (mod p1p2)
y ≡ m3 (mod p4p5)
y ≡ m12 (mod p6p8)
y ≡ m14 (mod p7p9)
y has a unique solution mod( p1p2p4p5p6p7p8p9)
Thus y is the common secret shared by the group B Non-Conflict users
z ≡ m4 (mod p3p4)
z ≡ m7 (mod p1p6)
z ≡ m8 (mod p5p7)
z ≡ m15 (mod p8p10)
z has a unique solution mod( p1p3p4p5p6p7p8p10)
Thus z is the common secret shared by the group C Non-Conflict users
w ≡ m6 (mod p2p10)
14
w ≡ m10 (mod p3p9)
w has a unique solution mod( p2p3p9p10)
Thus w is the common secret shared by the group D Non-Conflict users
b
b
b
b b
b
ID5
ID6 ID4
ID3 ID2
ID1
u5 u 4
u6
u12
u 11
u10u9
u8
u7
u3
u2
u1
∙ There are 6 Login ID and 12 fifteen users in the given network
∙ Any two Login IDs can be utilized by at most one user
∙ Every Login ID is used by exactly four users
∙ Represent the Login IDs by the nodes (vertices) of the graph G
∙ If there is a user − j using Login IDs Log IDr and Log IDs, then join
them by an edge
b b
Log IDr Log IDs
user j
∙ If the two users have a common Login ID then they are conflict users,
otherwise non-conflict users
Example Conflict users: user− 1, user− 3, user− 7 and user− 12,
they have common Login ID Log ID1
Non-Conflict users: user − 1, user − 6 and user − 10
15
∙ Define V (G) = {vi = Log IDi ∣ 1 ≤ i ≤ 6}
Define E(G) = {k = user k ∣ 1 ≤ k ≤ 12}
∙ Define f(vi) = f(Log IDi) = �(i), where � is a permutation on the set of
numbers {1, 2, . . . , 6}
This �(i) is given for each Log IDi
∙ Now define the graceful labeling g on the set {�(1), �(2), . . . , �(6)}
g : {�(i) : 1 ≤ i ≤ 6} −→ {0, 1, 2, . . . , q − 1, q}
Suppose
b b
Log IDr Log IDs
user j
g[user j] =∣ g(�(r))− g(�(s)) ∣∈ {1, 2, . . . , q}
where 1 ≤ r, s ≤ 6, r ∕= s
∙ g : E(G) −→ {1, 2, . . . , q}
∙ g is kept secret, but g[user j] is given for each user j
∙ g[user j] is called user − ID
b b
Log IDr Log IDs
user j
(�(r), �(s)) are two Login IDs for the user j
∙ Entire Network is kept secret
∙ P : V (G) −→ {p1, p2, . . . , p6} where pi, 1 ≤ i ≤ 6 are distinct odd primes
with q < min{pi}, 1 ≤ i ≤ 6, q < pj∀j (P is kept secret)
b b
Log IDr Log IDs
user j
�(r) �(s)known
g[user j] is known 1 ≤ j ≤ 12
∙ Define ej : (ej , (pr − 1)(ps − 1)) = 1 ( ej kept secret)
16
∙ Define mj ≡ (g[user j])ej (mod prps)
P[Log IDr] = pr,P[Log IDs] = ps, 1 ≤ r, s ≤ 6, r ∕= s
∙ Decompose the user (edges) into subset of Non-Conflict users (set of
Independent Edges)
∙ A = {user − 3, user − 5, user − 8} :
user − 3←→ {Log ID1, Log ID3}
user − 5←→ {Log ID5, Log ID6}
user − 8←→ {Log ID2, Log ID4}
∙ B = {user − 2, user − 4, user − 12} :
user − 2←→ {Log ID2, Log ID3}
user − 4←→ {Log ID4, Log ID5}
user − 12←→ {Log ID1, Log ID6}
∙ C = {user − 7, user − 9, user − 11} :
user − 7←→ {Log ID1, Log ID4}
user − 9←→ {Log ID2, Log ID5}
user − 11←→ {Log ID3, Log ID6}
∙ D = {user − 1, user − 6, user − 10} :
user − 1←→ {Log ID1, Log ID2}
user − 6←→ {Log ID4, Log ID6}
user − 10←→ {Log ID3, Log ID5}
∙ Define congruences equations for the set A,B,C and D as follows
x ≡ m3 (mod p1p3)
x ≡ m5 (mod p5p6)
x ≡ m8 (mod p2p4) x has a unique solution mod( p1p2 . . . p6)
Thus x is the common secret shared by the group A Non-Conflict users
y ≡ m2 (mod p2p3)
y ≡ m4 (mod p4p5)
17
y ≡ m12 (mod p1p6) y has a unique solution mod( p1p2 . . . p6)
Thus y is the common secret shared by the group B Non-Conflict users
z ≡ m7 (mod p1p4)
z ≡ m9 (mod p2p5)
z ≡ m11 (mod p3p6) z has a unique solution mod( p1p2 . . . p6)
Thus z is the common secret shared by the group C Non-Conflict users
w ≡ m1 (mod p1p2)
w ≡ m6 (mod p4p6)
w ≡ m10 (mod p3p5) w has a unique solution mod( p1p2 . . . p6)
Thus w is the common secret shared by the group D Non-Conflict users
b
b b
b b
b
b b
b
b
b b
b
b
b
b
b
b
b
b
b
b
b bbbb b
bb b
bbb
b b
bb b
bbb
bbb
bb
b
bbb bbbbb
bb
bbbb
ID11
ID10
ID12
ID9
ID8
ID7
ID6
ID5
ID4
ID3 ID2
ID1
∙ There are 12 persons and 30 users in the given network
∙ Any two persons can be utilized by at most one user
∙ Every person is used by exactly five users
∙ Represent the persons by the nodes (vertices) of the graph G
18
∙ If there is a user − j using persons IDr and IDs, then join them by an
edge
∙ Each persons have k individual messages
i.e., IDr have the message {cr1, cr2, . . . , crk}
∙ g : E(G) −→ {p1, p2, . . . , p30}
∙ g is kept secret, but g[user j] is given for each user j
∙ g[user j] is called user − ID
∙ For each person they have(
52
)
RS-prime
∙ Decompose the persons (vertices) into subset of IDs (set of Independent
sets)
∙ A = {ID1, ID7, ID12} :
ID1 ←→ {p19, p22, p25, p28, p29}
ID7 ←→ {p11, p15, p16, p23, p27}
ID12 ←→ {p1, p3, p8, p9, p12}
∙ Define congruences equations for the set A,B,C and D as follows
x ≡ b1 (mod m1) where b1 ∈ {c11, c12, . . . , c1k} and m1 ∈(
52
)
x ≡ b2 (mod m2) where b2 ∈ {c71, c72, . . . , c7k} and m1 ∈(
52
)
x ≡ b3 (mod m3) b3 ∈ {c121, c122, . . . , c12k} and m1 ∈(
52
)
x has a unique solution mod( m1m2m3)
Thus x is the common secret shared by the group A
19
b
b b
b b
b
b b
b
b
b b
b
b
b
b
b
b
b
b
b
b
b bbbb b
bb b
bbb
b b
bb b
bbb
bbb
bb
b
bbb bbbbb
bb
bbbb
ID11
ID10
ID12
ID9
ID8
ID7
ID6
ID5
ID4
ID3 ID2
ID1
123
4
56
7
8
910
11
12
13
14
1516
17
18
19
20
22
21
23
24
25
26
27
28
29
30
3 Conclusion
This paper dealt with two fundamental cryptographic tools that are useful in
such contexts: generalized secret sharing scheme and key distribution schemes.
Both secret sharing schemes and key distribution schemes are used in multi-
party systems. secret sharing schemes enables some predetermined sets of parties
to reconstruct a given secret. These schemes make it possible to store secret
information in a network, such that only good subsets can reconstruct the
information. Furthermore, by using these schemes we can allow only better
subsets to perform action in a system.
References
[1] R. Alleaume, N. Lutkenhaus, R. Renner, P. Grangier, T. Debuisschert, G.
Ribordy, N. Gisin, P. Painchault, T. Pornin, L. Slavail, M. Riguidel, A.
Shilds, T. Langer, M. Peev, M. Dianati, A. Leverrier, A. Poppe, J. Bouda,
C. Branciard, M. Godfrey, J. Rarity, H. Weinfurter, A. Zeilinger, and C.
20
Monyk. Quantum key distribution and cryptography: a survey. In S. L.
Braunstein, H.-K. Lo, K. Paterson, and P. Ryan, editors, Classical and
Quantum Information Assurance Foundations and Practice, number 09311 in
Dagstuhl Seminar Proceedings, Dagstuhl, Germany, 2010. Schloss Dagstuhl
- Leibniz-Zentrum fuer Informatik, Germany.
[2] A. Beimel. Secret-sharing schemes: a survey. In Proceedings of the Third
international conference on Coding and cryptology, IWCC’11, pages 1146,
Berlin, Heidelberg, 2011. Springer-Verlag
[3] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden. Quantum cryptography.
Rev. Mod. Phys, 74:145195, 2002.
[4] U. Maurer. Information-theoretic cryptography. In M. Wiener, editor,
Advances in Cryptology — CRYPTO ’99, volume 1666 of Lecture Notes
in Computer Science, pages 4764. Springer-Verlag, Aug. 1999.
[5] S. Wolf. Unconditional security in cryptography. In I. Damgard, editor,
Lectures on Data Security, volume 1561 of Lecture Notes in Computer
Science, pages 217250. Springer Berlin / Heidelberg, 1999.
[6] Blakley, G. R. (1979). Safeguarding cryptographic keys. Proceedings of the
National Computer Conference 48: 313317.
[7] Shamir, Adi (1979). How to share a secret. Communications of the ACM 22
(11): 612613.
[8] Knuth, Donald (1997). Seminumerical Algorithms. The Art of Computer
Programming. 2 (3 ed.). Addison-Wesley. p. 505.