Blom's scheme

Blom's scheme is a cryptographical symmetric threshold key exchange protocol.

A trusted party gives each of the n participants a secret key and a public identifier, which enables any two participants to independently create a shared key for securely communicating with another participant.Every participant can create a shared key with any other participant, allowing secure communication to take place between any two members of the group.However, if an attacker can compromise the keys of at least k users, he can break the scheme and reconstruct every shared key. Blom's scheme is a Secret sharing.

Blom's scheme is currently used by the HDCP copy protection scheme to generate shared keys for high-definition content sources and receivers, such as HD DVD players and high-definition televisions.

The protocol

The key exchange protocol involves a trusted party (Trent) and a group of n users. Let Alice and Bob be two users of the group.

Protocol setup

Trent chooses a random and secret symmetric matrix D_{k x k} over the finite field $GF(p)$ , where p is a prime number. D is required when a new user is to be added to the key sharing group.

For example, let p = 17, and D = $egin{pmatrix} 1&6&2\6&3&8\2&8&2end{pmatrix} mathrm{mod} 17$ .

Inserting a new participant

New users Alice and Bob want to join the key exchanging group.Trent chooses public identifiers for each of them, i.e.: k-element vectors I_Alice, I_Bob in $GF(p)$ .

Trent then computes their private keys: g_Alice = $(D*I_{mathrm{Alice)$ , g_Bob = $(D*I_{mathrm{Bob)$ .

Each will use their private key to compute shared keys with other participants of the group.

Let I_Alice = $egin{pmatrix} 3 \ 10 \ 11 end{pmatrix}$ , andI_Bob = $egin{pmatrix} 1 \ 3 \ 15 end{pmatrix}$ .Trent will create Alice's and Bob's secret keys as follows:

g_Alice = $egin{pmatrix} 1&6&2\6&3&8\2&8&2end{pmatrix} * egin{pmatrix} 3 \ 10 \ 11 end{pmatrix} = egin{pmatrix} 0\0\6end{pmatrix} mathrm{mod} 17$ ,

g_Bob = $egin{pmatrix} 1&6&2\6&3&8\2&8&2end{pmatrix} * egin{pmatrix} 1 \ 3 \ 15 end{pmatrix} = egin{pmatrix} 15\16\5end{pmatrix} mathrm{mod} 17$ .

Computing a shared key between Alice and Bob

Now Alice and Bob wish to communicate with one another.Alice has Bob's identifier I_Bob and her private key g_Alice.

She computes the shared key k_{Alice / Bob} = g_Alice^t * I_Bob, where t denotes matrix transpose.Bob does the same, using his private key and her identifier.

They will each generate their shared key as follows:

k_{Alice / Bob} = $egin{pmatrix} 0\0\6 end{pmatrix}^t * egin{pmatrix} 1\3\15 end{pmatrix} =0*1 + 0*3 + 6*15 =5 mathrm{mod} 17$

k_{Bob / Alice} = $egin{pmatrix} 15\16\5 end{pmatrix}^t * egin{pmatrix} 3\10\11 end{pmatrix} =15*3 + 16*10 + 5*11 =5 mathrm{mod} 17$

Prove:

$k_{Alice / Bob} = k_{Alice / Bob}^t = (g_{Alice}^t*I_{Bob})^t = (I_{Alice}^t * D^t * I_{Bob})^t = I_{Bob}^t * D * I_{Alice} = k_{Bob/Alice}$

Attack resistance

In order to ensure at least k keys must be compromised before every shared key can be computed by an attacker, identifiers must be k-linearly independent: all k-sets of randomly selected user identifiers must be linearly independent.Otherwise, a group of malicious users can compute the key of any other member whose identifier is linearly dependent to theirs.To ensure this property, the identifiers shall be preferably chosen from a MDS-Code matrix (maximum distance separable error-correction code matrix). The rows of the MDS-Matrix would be the identifiers of the users. A MDS-Code matrix can be chosen in practise using the code-matrix of the Reed-Solomon error-correction code (this error-correction code requires only easily understandable mathematics and can be computed extremely fast).

References

cite book
author = Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
date = 1996
title = Handbook of Applied Cryptography
publisher = CRC Press
id = ISBN 0-8493-8523-7
url = http://www.cacr.math.uwaterloo.ca/hac/

Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

Blom-Verfahren — Das Verfahren von Blom ist ein kryptographischer Algorithmus zum Austausch symmetrischer Schlüssel. Es wird derzeit im HDCP Protokoll (dem Kopierschutzverfahren des HDTV) eingesetzt. Eine vertrauenswürdige Partei gibt dabei jedem der n… … Deutsch Wikipedia
High-bandwidth Digital Content Protection — (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across DisplayPort, Digital Visual Interface (DVI), High Definition Multimedia Interface (HDMI),… … Wikipedia
Kunbi — This article is about the Kunbi community in Maharashtra. For other uses, see Kunbi (disambiguation). A group of Kunbis in Central India, 1916 Kunbi (Marathi: कुणबी, Gujarati: કુનબી, alternatively Kanbi) is a generic term applied to castes of… … Wikipedia
Eugenics — is the self direction of human evolution : Logo from the Second International Eugenics Conference, 1921, depicting Eugenics as a tree which unites a variety of different fields.[1] Eugenics is the applied science or the bio social movement which… … Wikipedia
Antigua and Barbuda — an island state comprising Antigua and two smaller islands: a member of the former West Indies Associated States; formerly a British crown colony; gained independence 1981. 79,000; 171 sq. mi. (442 sq. km). Cap.: St. John s. * * * Antigua and… … Universalium
Musical cryptogram — The BACH motif. A musical cryptogram is a cryptogrammatic sequence of musical notes, a sequence which can be taken to refer to an extra musical text by some logical relationship, usually between note names and letters. The most common and best… … Wikipedia
Dutch people — This article is about the ethnic group known as the Dutch and their descendants world wide. For information on the population of the Netherlands, see Demographics of the Netherlands. The Dutch (Nederlanders) Street view in a small Dutch town… … Wikipedia
Encyclopedia — This article is about the type of reference work. For other uses, see Encyclopedia (disambiguation). Brockhaus Enzyklopädie in 1902 An encyclopedia (also spelled encyclopaedia or encyclopædia) is a type of reference work, a compendium holding a… … Wikipedia
Boydell Shakespeare Gallery — The Boydell Shakespeare Gallery was a three part project initiated in November 1786 by engraver and publisher John Boydell in an effort to foster a school of British history painting. Boydell planned to focus on an illustrated edition of William… … Wikipedia
Advanced Direct Connect — (ADC) is a peer to peer file sharing protocol, based on the topology of the Direct Connect (DC) protocol. ADC clients connect to a central hub and can download files directly from one user to another.Hubs feature a list of clients or users… … Wikipedia

Academic Dictionaries and Encyclopedias

Blom's scheme

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Blom's scheme

Look at other dictionaries:

Share the article and excerpts

Direct link