Cryptography Reference
In-Depth Information
Pairing-Based
Threshold-Key
Cryptography
a x
-
-
t
1
=+ + +
We choose a (
t
-1) degree polynomial function
fx
()
s ax
for
1
t
1
*
i
pub
()
-
Î
=
compute
=Î
and
pub
Ps
=
.
random
a
,,
t
a
Z
. For
i
1, 2,
,
n
P
f i P
()
G
1
1
q
1
*
{0,1}
l
be a map to point hash function and
HG
Let
H
:{0,1}
:
be
1
1
2
2
another hash function. Before requesting the private share, each player can check
å
i
i b
()
=
LP
P
(6.15)
b
Î
iS
Ì
such that
|
S
=
, where
L
i
denotes the appropriate Lagrange
co-efficient explicitly given by the formula
for any subset
S
{1,
,
n
}
-
x
j
=
L
(6.16)
i
xx
-
i
j
jS
Î
*
ID
Î
, the PKG plays the role of a trusted third party.
Given a user's identity
{0,1}
=
it delivers
=
Î
to player
i
. After receiving
For
i
1,
,
n
d
f i QG
()
d
, player
ID
ID
1
ID
i
i
i
checks
i
pub
()
=
eP
(
,
Q
)
ePd
(
,
)
(6.17)
ID
ID
i
If the verification fails, the end user will notify the PKG, which then issues a new
keying material.
{0,1}
l
m
Î
and the identity
ID
, compute
=
Encryption
: Given message
ID
QHID
1
()
. Let
*
q
r
Î
and set the ciphertext to be
us choose a random
r
=Å
=
CrPmHe PQ
{,
((
,
) } {,}
UV
(6.18)
2
pub
ID
Decryption
: When receiving
{,}
UV
, player
i
computes his decryption share
(,
eU d
)
ID
and gives it to the recombiner who may be a designated player.
Ì
of
t
acceptable share
(,
Recombination
: The recombiner selects a set
S
{1,
,
n
}
eU d
)
ID
i
and computes
=
L
g
e Ud
(,
)
i
(6.19)
ID
i
iS
Î
=Å
.
Once he has
g
, he recovers the plaintext
mV Hg
2
()
Verification is done as shown below
å
r
=
=
=
ge P
(,
Ld
) (,
e PsQ
) ( ,
ePQ
)
(6.20)
iID
ID
ub
ID
i
iS
Î
Search WWH ::
Custom Search