Cryptography Reference
In-Depth Information
the network has a unique identification number such as
u
A
for Alice. Trent will
distribute to each user, over a secure channel, a mechanism for communicating
with any other user on the network.
Protocol Steps
:
1. Trent chooses three random values
r
1
,r
2
,r
3
∈
F
p
, and for each user, such
as Alice, computes
x
A
≡
r
1
+
r
2
u
A
(mod
p
) and
y
A
≡
r
2
+
r
3
u
A
(mod
p
)
.
Then for each user, such as Alice, he computes the polynomial
f
A
(
x
)=
x
A
+
y
A
x
, which is sent over the secure channel to her.
2. If Alice wants to communicate with user
u
B
for Bob, say, then Alice com-
putes
k
AB
=
f
A
(
u
B
) and Bobcomputes
k
BA
=
f
B
(
u
A
). In the analysis
below, we show that
k
AB
=
k
BA
=
k
, say, so Alice and Bobnow have a
means of communicating with
k
via some chosen SKC.
Example 6.1
For simplicity, we will assume a network of three users, Alice,
Bob, and Carol. If
p
=31
,
u
A
=7
for Alice,
u
B
=11
, for Bob,
u
C
=17
for
Carol, and Trent selects
r
1
=2
,
r
2
=10
,
r
3
=29
, then
x
A
=2+10
·
7 = 72;
y
A
=10+29
·
7 = 213;
so,
f
A
= 72 + 213
x
;
x
B
=2+10
·
11 = 112;
y
B
=10+29
·
11 = 329;
so,
f
B
= 112 + 329
x
;
17 = 503;
so,
f
C
= 172 + 503
x
are the respective polynomials for Alice, Bob, and Carol. Thus,
x
C
=2+10
·
17 = 172;
y
C
=10+29
·
k
AB
=
f
A
(
u
B
) = 72 + 213
·
11 = 2415 =
k
BA
=
f
B
(
u
A
) = 112 + 329
·
7
,
k
AC
=
f
A
(
u
C
) = 72 + 213
·
17 = 3693 =
k
CA
=
f
C
(
u
A
) = 172 + 503
·
7
,
k
BC
=
f
B
(
u
C
) = 112 + 329
·
17 = 5705 =
k
CB
=
f
C
(
u
B
) = 172 + 503
·
11
.
Analysis
: First we show that
k
AB
=
k
BA
, where we assume the equalities
are congruences modulo
p
for convenience.
k
AB
=
x
A
+
y
A
u
B
=
r
1
+
r
2
u
A
+(
r
2
+
r
3
u
A
)
u
B
=
r
1
+
r
2
u
A
+(
r
2
+
r
3
u
A
)
u
B
=
r
1
+
r
2
u
A
+
r
2
u
B
+
r
3
u
A
u
B
=
r
1
+
r
2
u
B
+(
r
2
+
r
3
u
B
)
u
A
=
f
B
(
u
A
)=
k
BA
.
Now we show that Blom's scheme is unconditionally secure against an attack
by a user, Mallory. In other words, we will show that with the knowledge Mallory
has, namely,
r
1
+
r
2
u
M
+(
r
2
+
r
3
u
M
)
x
(mod
p
)
sent by Trent, all values of
z
f
M
(
x
)
≡
∈
F
p
are possible for
k
AB
, which he is trying to
cryptanalyze. Since Mallory knows
f
M
(
x
), then he knows the coe7cients
r
1
+
r
2
u
M
≡
x
M
(mod
p
)
,
(6.1)
Search WWH ::
Custom Search