![]() |
|
|||
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
|
![]() |
[an error occurred while processing this directive]
8.2.1 Bloms SchemeAs above, we suppose that we have a network of n users. For convenience, we suppose that keys are chosen from a finite field We first present the special case of Bloms scheme where k = 1. Here, the TA will transmit two elements of Example 8.1 Suppose the three users are U, V and W, p = 17, and their public elements are rU = 12, rV = 7 and rW = 1. Suppose that the TA chooses a = 8, b = 7 and c = 2, so the polynomial f is The g polynomials are as follows:
The three keys are thus U would compute KU,V as V would compute KU,V as We leave the computation of the other keys as an exercise for the reader. We now prove that no one user can determine any information about the key of two other users. THEOREM 8.1 The Blom Scheme with k = 1 is unconditionally secure against any individual user. PROOF Lets suppose that user W wants to try to compute the key The values rU and rV are public, but a, b and c are unknown. W does know the values and since these are the coefficients of the polynomial gW (x) that was sent to W by the TA. What we will do is show that the information known by W is consistent with any possible value The first equation represents the hypothesis that The determinant of the coefficient matrix is where all arithmetic is done in On the other hand, a coalition of two users, say {W, X}, will be able to determine any key KU,V where Thus they have four equations in three unknowns, and they can easily compute a unique solution for a, b and c. Once they know a, b and c, they can form the polynomial f(x, y) and compute any key they wish. It is straightforward to generalize the scheme to remain secure against coalitions of size k. The only thing that changes is step 2. The TA will use a polynomial f(x, y) having the form where 8.2.2 Diffie-Hellman Key PredistributionIn this section, we describe a key predistribution scheme that is a modification of the well-known Diffie-Hellman key exchange protocol that we will discuss a bit later, in Section 8.4. We call this the Diffie-Hellman Key Predistribution Scheme. The scheme is computationally secure provided a problem related to the Discrete Logarithm problem is intractible. We will describe the scheme over In this scheme, ID(U) will denote certain identification information for each user U in the network, e.g., his or her name, e-mail address, telephone number, or other relevant information. Also, each user U has a secret exponent aU (where 0 ≤ aU ≤ p - 2), and a corresponding public value The TA will have a signature scheme with a (public) verification algorithm verTA and a secret signing algorithm sigTA. Finally, we will implicitly assume that all information is hashed, using a public hash function, before it is signed. To make the procedures easier to read, we will not include the necessary hashing in the description of the protocols. Certain information pertaining to a user U will be authenticated by means of a certificate which is issued and signed by the TA. Each user U will have a certificate where bU is formed as described above (note that the TA does not need to know the value of aU). A certificate for a user U will be issued when U joins the network. Certificates can be stored in a public database, or each user can store his or her own certificate. The signature of the TA on a certificate allows anyone in the network to verify the information it contains. It is very easy for U and V to compute the common key as shown in Figure 8.2.
Copyright © CRC Press LLC
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
![]() |