Cryptography Reference
In-Depth Information
Pairing-Based Threshold-Key Cryptography
a x -
-
t
1
=+ + +
We choose a ( t -1) degree polynomial function
fx
()
s ax
for
1
t
1
*
i
pub
()
- Î
=  compute
and
pub Ps = .
random
a
,, t
a
Z
. For
i
1, 2,
,
n
P
f i P
()
G
1
1
q
1
*
{0,1} l
be a map to point hash function and
HG
Let
H
:{0,1}
:
be
1
1
2
2
another hash function. Before requesting the private share, each player can check
å
i
i b
()
=
LP
P
(6.15)
b
Î
iS
Ì  such that | S = , where L i denotes the appropriate Lagrange
co-efficient explicitly given by the formula
for any subset
S
{1,
,
n
}
-
x
j
=
L
(6.16)
i
xx
-
i
j
jS
Î
*
ID Î , the PKG plays the role of a trusted third party.
Given a user's identity
{0,1}
=  it delivers
=
Î to player i . After receiving
For
i
1,
,
n
d
f i QG
()
d
, player
ID
ID
1
ID
i
i
i checks
i
pub
()
=
eP
(
,
Q
)
ePd
(
,
)
(6.17)
ID
ID
i
If the verification fails, the end user will notify the PKG, which then issues a new
keying material.
{0,1} l
m Î and the identity ID , compute
=
Encryption : Given message
ID QHID
1 ()
. Let
*
q
r Î and set the ciphertext to be
us choose a random
r
=
CrPmHe PQ
{,
((
,
) } {,}
UV
(6.18)
2
pub
ID
Decryption : When receiving {,}
UV , player i computes his decryption share (,
eU d
)
ID
and gives it to the recombiner who may be a designated player.
Ì  of t acceptable share (,
Recombination : The recombiner selects a set
S
{1,
,
n
}
eU d
)
ID
i
and computes
=
L
g
e Ud
(,
) i
(6.19)
ID
i
iS
Î
.
Once he has g , he recovers the plaintext
mV Hg
2 ()
Verification is done as shown below
å
r
=
=
=
ge P
(,
Ld
) (,
e PsQ
) ( ,
ePQ
)
(6.20)
iID
ID
ub
ID
i
iS
Î
Search WWH ::




Custom Search