Cryptography Reference
In-Depth Information
Figure 4.3: Here the secret is the line itself. Random points along the
line are distributed as the parts of the secret. You must have two to
recover the line.
This seems feasible because you can choose any set of lines that goes
through this point. This changes the parameters of the system sub-
stantially. If you own a part of the secret, then you know something
about the relationship between
x
and
y
. The slope of the line and the
y
intercept describe exactly how
x
and
y
change in unison.
Roger Dingledine,
David Molnar, and
Michael J. Freedman
designed Free Haven to
split up a document
among a number of
servers using Michael
Rabin's secret sharing
and information
dispersal algorithm.
The system also offers a
mechanism for paying
server owners.[DF00,
Rab89a, Rab89b]
In some cases, this might be enough to crack the system. For in-
stance, imagine you are protecting the number of men and women
escaping from England on the Mayflower. Storing the number of
men in the
coor-
dinate is a mistake. An English spy might know that the number of
men and the number of women are likely to be roughly equal given
the percentages of men and women in society. This extra informa-
tion could be combined with one part to reveal a very good approxi-
mations of
x
coordinate and the number of women in the
y
. 3
x
and
y
4.2.3 AMore Efficient Method
X
n
The basic secret-sharing methods split up a secret,
,into
equal
sized parts.
m
bits long. This has the advantage of perfect security. If one part is
If the secret is
m
bits long, then the parts are also
3 You should also avoid storing them as separate secrets broken into parts. In this
case, one part from each of the two secrets would still yield enough information. The
best solution is to encrypt the two values and split the key to this file.
Search WWH ::




Custom Search