Information Technology Reference
In-Depth Information
Signer A
1. let
α
=
y
x
a
b
,
=
y
a
2. compute the secret
s
=
H
(
m||α
)
3. design the polynomial
2
f
(
x
)=
f
0
+
f
1
x
+
f
2
x
such that
f
(0) =
s,
f
(1) =
α,
f
(2) =
β
(There are three equations and three unknowns, so there is a unique
f
(
x
).)
4. compute the signature
σ
=
f
(3).
(the triplet:
α
,
β
and
σ
are shares of (3,3) Shamir scheme with the secret
s
)
5. transmit (
m, σ
) to the verifier.
Verifier B
1. fetch
y
a
2. compute
α
=
y
x
b
a
3. compute the secret
s
=
H
(
m||α
)
4. compute the secret
s
based on the triplet
α
,
β
and
σ
5. verify whether
s
=
s
3.2 Discussion and Analysis
Shamir secret sharing attempts to create a unique polynomial which passes
through a number of points, and it can therefore be exploited to produce a
signature for a message. To construct such a polynomial, satisfying the security
conditions, three points of the following shape need to be created:
α
=
y
x
a
b
,
=
y
a
,
s
=
H
(
m||α
)
The signature of the message
m
is
σ
=
f
(3). This also means that the triplet
α
,
β
and
σ
are the shares of (3,3) Shamir scheme with the secret
s
. The sender
sends the message
m
and its signature
σ
to the verifier.
At the verification phase, the verifier collects the authentic value of
β
from
the public registry and computes the value
α
and the hash value of the received
message. Then it takes the triplet
α
,
β
and
σ
and computes the secret
s
. The
verification of the signature is successful if
s
=
s
; otherwise, it is rejected.
The use of the Die-Hellman cryptosystem has two benefits. First, it estab-
lishes a secure relationship between the signer and verifier. Second, it simplifies
the task of exchanging the parameters of the interpolation polynomial between
signer and verifier. Each of the principals can compute the parameters without
extra communication overhead. Note that the signature is only verified by the
corresponding peer with which the host has established the connection.
