Optimal Resilience Proactive Public-Key Cryptosystems

نویسندگان

  • Yair Frankel
  • Peter Gemmell
  • Philip D. MacKenzie
  • Moti Yung
چکیده

We introduce new eecient techniques for sharing cryptographic functions in a distributed dynamic fashion. These techniques dynamically and securely transform a distributed function (or secret sharing) representation between tout of -l (polynomial sharing) and tout of -t (additive sharing). We call the techniques poly-to-sum and sum-to-poly, respectively. Employing these techniques, we solve a number of open problems in the area of cryptographic function sharing. We design a threshold function sharing scheme with proactive security for general functions with a \homomorphic property" (a class which includes all RSA variants and Discrete Logarithm variants). The sharing has \optimal resilience" (server redundancy) and enables computation of the function by the servers assuring high availability, security and eeciency. Proactive security enables function sharing among servers while tolerating an adversary which is mobile and which dynamically corrupts and abandons servers (and perhaps visits all of them over the lifetime of the system, as long as the number of corruptions (faults) is bounded within a time period). Optimal resilience assures that the adversary can corrupt any minority of servers at any time-period. On the way, we solve other open problems: (1) A \share-size eecient robust RSA function sharing" protocol is presented (all previous secure solution had a non-constant blow-up of the permanent share held by servers); (2) A new \robust threshold RSA" scheme for any RSA (not necessarily strong-prime based); (3) We also give a particularly eecient \proactive RSA" as a modular extension of the \share eecient robust system". The techniques also allow dynamic updates to the set of servers employed and to the threshold size.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

QTRU: quaternionic version of the NTRU public-key cryptosystems

In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent securi...

متن کامل

A survey of key evolving cryptosystems

This paper presents a survey of key evolving cryptosystems in the public key setting, focusing on two main approaches: ‘forward security’ and ‘intrusion resilience’. The essential feature of this design strategy is that the secret key changes over time, while the corresponding public key remains unchanged. Key evolving cryptosystems can limit the damage caused by an attacker who occasionally le...

متن کامل

Comparison of two Public Key Cryptosystems

Since the time public-key cryptography was introduced by Diffie andHellman in 1976, numerous public-key algorithms have been proposed. Some of thesealgorithms are insecure and the others that seem secure, many are impractical, eitherthey have too large keys or the cipher text they produce is much longer than theplaintext. This paper focuses on efficient implementation and analysis of two mostpo...

متن کامل

Asynchronous Proactive Cryptosystems Without Agreement

In this paper, we present efficient asynchronous protocols that allow to build proactive cryptosystems secure against a mobile fail-stop adversary. Such systems distribute the power of a public-key cryptosystem among a set of servers, so that the security and functionality of the overall system is preserved against an adversary that crashes and/or eavesdrops every server repeatedly and transien...

متن کامل

Proactive Secret Sharing and Public Key Cryptosystems

Secret sharing schemes protect secrecy and integrity of information by dividing it into shares and distributing these shares among different locations. In k + 1 out of n threshold schemes, security is assured if throughout the entire life-time of the secret the adversary compromises no more than k of the n locations. For long-lived and sensitive secrets this protection may be insufficient. We p...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1997