19 
co-exist. One of the servers is a Special Server while the rest are similar and have peer 
functionalities. The Special Server and the share servers share a semi-trust relationship 
and need to co-exist in order to sign certificate requests together as a group. The share 
servers can communicate with each other as well as the Special Server. They may choose 
to communicate with the Special Server either through individual channels or through 
share server who may act as a Server Authority. 
3.2 Trusted Dealer Overview: 
Share 
Special 
Server 1
Server
Share 
Share
Server 2
Server 5 
Share
Share 
Server 3 
Server 4
Fig 3.2: Distribution of generated key shares by the Trusted Dealer.
3.3 Description of Players: 
Fig 3.2 shows all the players involved in the system. Each player has a unique role to 
play and has limited functions. In a normal scenario, no player may imitate the functions 
of another. Their unique functionalities are as described below. 
# Trusted Dealer: The Trusted Dealer (TD) is an honest third party whose function 
is to generate the secret components( modulus N, public exponent e, private 
exponent d ) and divide the private-key into chunks and distribute it among the 
participants selectively. Once the Trusted Dealer chops up the private-key, it is 
never assembled in a single location again. This dealer may not be compromised. 
Trusted Dealer 
Private-key shares 

20 
Fig 3.2 shows the Trusted Dealer distributing private-key shares along with the 
rest of the secret components to all the entities in the system. 
# Server Authority: This is the intermediary authority above the share servers. His 
duty is to collect the individual shares of all the share servers, ensure that they are 
in the correct proportion as that required by the coalition and that none of them 
are compromised. The SA is capable of verification using zero knowledge 
test[12]. It also performs Client Server Authentication using any known certificate 
authentication technique. The requirement for an SA may be bypassed if one of 
the share servers is capable of the above-mentioned operations. In this scenario, 
we designate Share Server 1 as the SA authority to eliminate additional players. 
# Share Servers: The share servers are a set of identical servers that maintain 
private key shares & the public key with themselves and are capable of executing 
complex arithmetic to come up with signature shares for certificate signing. Their 
function is to collaborate with the other share servers and the Special Server to 
collectively create valid signed certificates. Each one is capable of 
communicating with the SA though they may or may not be able to communicate 
with each other. They are not assumed to be secure or totally trusted and may be 
compromised by a strong enemy.
# Special Server: We define the Special Server as that share server which has the 
right of compulsory participation in any successful distributed key application. 
All its processing capabilities are identical to the share servers present in the 
setup. The share generated by the Special Server is a requisite for the successful 
generation of a valid signature. While the share servers may not be able to sign 
the certificate correctly without the Special Server’s participation, the Special 
Server also needs a minimum participation from the share servers in order for the 
transaction to be valid. 

21 
Private Key
Generated by trusted party 
Special Server Share Shared server Share 
k Share servers 
t-out-of k signature shares 
ƒ
Signed Message. 

Download 217.42 Kb.

Do'stlaringiz bilan baham: