Cryptography Reference
In-Depth Information
in standard OFB mode (
P
n
=
plaintext;
C
n
=
ciphertext; see Section 5.1.1),
you compute
⊕
⊕
S
n
+
1
= KASUMI(S
n
S
0
n)
Cn = Sn
⊕
Pn
in this case, where
n
is the block number, and
S
0
is computed by KASUMI-
encrypting connection-dependent data. The block number is involved to prevent
cycles, while
S
0
is used to prevent special chosen-plaintext attacks.
Obviously people learned their lessons from the errors in GSM. Though the
investment costs will strain our wallets over the next cell phone generation for
quite some time, and the user demand seems to be scarce, there is good news
as far as security is concerned.
6.2 Sharing Secrets
Cryptographic protocols serve more purposes than key distribution. For
example, they help us distribute sensitive data such that they are protected
against both loss and unauthorized access. Simple sharing is called
secret
splitting
, and the more universal method is called
secret sharing
. The two
methods are described in the following sections.
6.2.1 Secret Splitting
In its simplest form,
secret splitting
can be built by means of a one-time pad
(see Section 2.6): you have a message,
P
, and encrypt it using the one-time
pad,
S
, to produce ciphertext,
C
:
C=P
⊕
S
Now you give key
S
to Alice and ciphertext
C
to Bob. Neither Alice nor Bob
can do anything with their data. Only when the two of them get in touch and
use their information jointly can they reconstruct the plaintext:
P=C
⊕
S
