Cryptography Reference
In-Depth Information
can be taken into account when the peer is in need of relaying by other peers. If a peer is
found malicious, either persistently or opportunistically, the peer can be excluded from
the system by identity blacklisting or key expiring (e.g., the PKG enforces an identity
upgrade and refuses to key compromised peers). The PKG can have differentiated poli-
cies, e.g., extracting keys of user@month for well-established or reputable peers (e.g.,
a monthly pass to a recreation park) and of user@day for new or ill-behaving peers
(e.g., a one-time ticket). Certainly, the PKG can enforce a systemwide rekeying after
a long time period by updating the master key and the system parameters, and peers
will need to contact the PKG again to extract their new private key. The irreplaceable
role of peer identity in wireless ad-hoc networks leads to the promotion of identity-
based key-management schemes in these systems. These key-management schemes can
effectively and efficiently bootstrap security procedures to ensure the confidentiality,
integrity, and authenticity of information exchange among peers. We now consider
key-management algorithms using the concept of bilinear maps.
A major breakthrough in key agreement using bilinear maps came when Joux
(2000) proposed a three-party single-round key agreement using pairing. It led to a
new paradigm in key-agreement schemes, and several key-agreement protocols using
pairing were proposed. Here, we briefly review Joux's key-agreement algorithm.
Let us consider three parties, A,B,C , with secret keys,
*
abc Î , respectively. A
computes aP and sends it to B and C . Similarly, B and C compute bP and cP , respec-
tively. B sends bP to A and C . C sends cP to A and B .
,,
q
A computes
a
=
A Ke PcP
(,
(6.11)
B computes
b
=
B Ke aPcP
(,
(6.12)
C computes
c
=
c Ke P P
(,
(6.13)
Using the properties of the bilinear map, we conclude that
abc
===
KKKe PP
(,
(6.14)
A
B
c
Threshold-Key Cryptography
To avoid a single-point failure, the secret key is distributed among n parties with the
condition that it will require the joint effort of more than t players out of n players to
construct the secret. The security of the system is not compromised if t parties out of n
turn malicious. The distribution of the secret key among n parties is usually done by a
trusted dealer or by running an interactive protocol among all parties (Gemmell 1997).
Search WWH ::




Custom Search