A key management scheme based on verifiable secret sharing

Introduction With the development and popularization of computer networks and Internet technologies, the application of e-commerce has become more and more widespread. It is quietly changing people's shopping, consumption methods and life concepts, and is more convenient for people's daily life. At present, one of the biggest obstacles affecting the development of e-commerce is that consumers are worried that their credit card information will be leaked. The digital signature technology realized by the public key cryptosystem provides a guarantee for the smooth development of electronic transactions. The signed information is mainly determined by the user's private key. Now the exchange of information in the network usually uses a public key infrastructure (PKI) to ensure data security. The key to the PKI system is the key management problem. The user's public key is stored by the digital certificate, and the private key is saved by the user. Once it is leaked or lost, it will cause an incalculable loss to the user, although the user can pass the authentication center (CA). ) The statement stops using the certificate and the corresponding public key, but the information previously encrypted with the certificate will not be readable. The CA is responsible for the management of the certificate. The certificate library stores the backup of the user's private key, but it is obvious that this kind of rights-giving behavior to the CA is not conducive to information security. In view of this, the state stipulates that the Key Management Center (KMC) must be established independently of the CA and supervised by the State Secrets Committee. It is responsible for providing users with encryption keys and cryptographic technologies and product services under national policies in e-commerce activities.
The rise of secret sharing technology brings great convenience to the management of the user's private key. It can divide some important information into multiple sub-secrets (secret shares) and then distribute them to multiple participants, only through some authorized participation. Those who work together can recover the secret, while other participants do not get any information about the secret. The secret sharing program can play an important role in preventing important information from being lost, destroyed, and falling into the enemy.
The key management scheme proposed here is based on the secret sharing scheme in threshold cryptography, which divides the user's private key into multiple sub-secrets and then dynamically distributes them to users, CAs and KMCs. This can be set to restore the user's private key only if two or three of them share their own sub-secrets, thus technically ensuring that no party can recover the private key alone.

This article refers to the address: http://


2 Theoretical preparation
2.1 Shamir (t, n) secret sharing scheme Shamir (t, n) secret threshold scheme is the first (t, n) threshold scheme, the basic structure of the scheme is that the secret distributor D calculates n based on the initial secret Secret shares, then D sends them to the secret sharing participants over a secure channel. With this scheme, t or more of these participants can easily recover the original secret through secret shares, while anyone less than (t-1) or less can not get any information about the secret.
Basic parameters: n is the number of participants, t is the threshold, P is a large prime, and P > n ≥ t, while P should be greater than the maximum possible value of the secret. The secret space is the same as the share space, and both are finite fields GF(p). X1, x2, ..., xn are n mutually different elements in GF(p). The above parameters are all public.
(1) Distribution algorithm of the distribution The distributor D first randomly selects a t-1 degree polynomial on GF(p): h(x)=a0+a1x+a2x2+...+at-1xt-1, so that a0=h(O) )=s is the secret to be shared among n sharers. D is secret to h(x). Then D calculates Sj = h(xj) mod p, j = 1, 2, ..., n, where Sj is the secret share that D is to send to the jth sharer Pj.
(2) The recovery algorithm recovers h(x) from any t points (xj1, Sj1), (xj2, Sj2), ..., (xjt, Sjt) according to the LaGrange polynomial interpolation method, and calculates The secret s=h(0).
2.2 Verifiable secret sharing schemes The usual secret sharing schemes have two unrealistic assumptions: one is that the distributor of secret information is always honest, it always provides the correct secret share of the participants; the second is n The share sharer will provide his true secret share when recovering the secret. To address the issue of distributor fraud, Chor et al. proposed a verifiable secret sharing (VSS) concept in 1985. Later, the literature [3-6] made further research on the verifiable secret sharing scheme, and also proposed some safe and efficient threshold-validable secret sharing schemes. Verifiable secret sharing is formed by adding a verification algorithm based on secret sharing. It is widely used in many aspects, such as secure multi-party computing and e-commerce.


3 Key management scheme based on verifiable secret sharing PKI system usually consists of basic parts such as certification center CA, registration authority RA, digital certificate library, key backup and recovery system, and certificate revocation system. This solution is to be combined with some parts of KMC and PKI and implemented by means of verifiable secret sharing methods.
3.1 System Initialization Assume that the system is completed by the KMC, CA, and the user. The KMC is the distributor of the user's private key. The number of sub-secrets to be distributed is n, t is the threshold, and each The number of sub-secrets assigned by the participants is n1, n2, n3. Satisfied: n1+n2+n3=n; and n1 Let P be a large prime number, g is an element of GF(p) with P-1 upper order, assuming that n sub-secrets are generated, and the identifier codes for each sub-secret are ID, ∈Z*P-1 (i=1, 2,...,n).
3.2 Secret distribution phase (1) The distributor KMC selects t random numbers a0, a1..., at-1(ai∈Z*P-1) to establish a polynomial of t-1 order f(x)=a0+a1x +a2x2+...+at-1xt-1(mod p-1), where a0=k, and calculate f(IDi).
(2) The KMC distributes f(IDi)(i=1,2,...,n1) to the CA, and f(IDi)(i=n1+1,...,n1+n2) is distributed to the user, f(IDi)( i=n1+n2+1,...,n) give it to yourself.
(3) The simultaneous distributor KMC selects two integers Xij, Yij for each sub-secret f(IDi) (i=0, 1, ..., n), and Xij, Yij is called IDj pair sub-secret f(IDi) Check parameters.
(4) The distributor KMC calculates the corresponding inspection parameter Zij for each IDi, and then gives the participant who owns the sub-secret f(IDi) that Zij satisfies f(IDi)=Xij+Yij×Zij; thus each sub-secret f( IDi) has (n-1) inspection parameters Lei Zij (j = 1, 2, ..., n, j≠i), which is used to prove the sub-secret of the proposed secret when it cooperates with others to recover the secret in the future. Authenticity, in addition, also has (n-1) pairs of inspection parameters (Xji, Yji) (j = 1, 2, ..., n, j≠i).
(5) After the KMC distributes all the sub-secrets and corresponding check parameters to the CA and the user, the KMC destroys the private key of the user and the check parameters and sub-secrets distributed to the CA and the user.
3.3 Verification phase When recovering the private key, in addition to providing the sub-secret f(IDi), the participant must also propose different check parameters Zij for each other sub-secret f(IDi) to prove the authenticity of the sub-secret. , that is, whether the equation f(IDi)=Xij+Yij×Zij is satisfied. If it is established, it means that the sharer has no deception; otherwise, it will resend the sub-secret in his hand.
3.4 After the secret distribution phase is completed and verified, the parties will back up the secret shares and check parameters of their private keys to the backup tables of their respective databases, namely: key share backup of the secret database of KMC and CA. Table and user hands. According to the difference of the threshold value t and the number of copies of the secret shares n1, n2, n3 distributed to the KMC, the CA and the user, it can be easily realized whether the parties unilaterally recover the private key or the cooperation between the two parties and the three parties. Recovery of the private key. Usually, for security reasons, try to avoid unilateral recovery situations.
3.5 Secret recovery phase (1) Without loss of generality, each participating member sends its respective f(IDi) to the synthesizer KMC.
(2) KMC first verifies the secret shares f(IDi) and Zij(i=1,2,...,t,j≠i) submitted by the CA and the user, and verifies that f(IDi)=Xij+Yij×Zij(i=1 , 2,...,t,j≠i) is satisfied. If it is satisfied that a0=f(0)=k is then obtained from the Lagrange interpolation formula, and k is announced to the sharer participating in the secret recovery, otherwise retransmission is required.


4 Security Analysis The key in the scheme is generated in KMC. The KMC is controlled by the State Secret Committee and is independent of CA. It is authoritative. The solution uses a verifiable secret sharing mechanism that can be used to verify fraud during distribution and recovery. After the KMC distributes the private key, it immediately destroys the generated private key and generates related traces of the private key. In addition, the number of shares distributed to each participant is used to control the rights of each participant, which can well constrain the behavior of the participants.


5 Conclusion Verifiable secret sharing has a good advantage in ensuring the security of the key. It can use the secret sharing mechanism to distribute the private key into multiple shares and reduce the risk. The next step is to study how to use secret sharing to ensure the fairness of transactions in e-commerce and key escrow issues.

Conecting Terminals Without Screws

Conecting Terminals Without Screws,Cold Pressing Terminals,Low Pressure Cold Shrinkage Terminal,Cold Shrinkage Cable Terminals

Taixing Longyi Terminals Co.,Ltd. , https://www.longyiterminals.com