Abstract by anuja a sonalker on Asymmetric Key Distribution
Fig 5.1: Dual Threshold Model of the Special Server
Download 217.42 Kb. Pdf ko'rish
|
etd
- Bu sahifa navigatsiya:
- Fig 5.2: Asymmetric Key Distribution Algorithm with Dual Threshold.
|
Fig 5.1: Dual Threshold Model of the Special Server.
5.1 Description In order to maintain tolerance, we introduce a second threshold here within the Distributed Special Servers. If the Special Server is divided into m Distributed Special Servers (peers among themselves) then any f out of them may be able to combine to form the Special Server’s legal share. This gives a dual stage hierarchy of share servers and ensures that as long as a collaboration of a threshold number of Distributed Special Servers among the client shares exists without compromise, the scheme can be successful. Thus as long as f out of the m distributed special servers are not compromised the Special Server cannot be influenced. The tolerance level here is f-m and again, in this case too, a total of at least f-m+1 distributed special servers need to be compromised before the good servers can be stopped from signing legitimate certificate requests. Bad certificates can still not be signed since m-f+1 < f * - it is not enough to make the threshold mark. This threshold scheme is identical to the one implemented among the Share Servers. * since ( 2 m + 1) ≤ t < m; similar to the requirement of t-out-of-k threshold. 54 Secret Key Generated by trusted party Special Server Share Shared server Share m Distributed Special Servers k Share servers f-out-of m signature shares t-out-of k signature shares ƒ Signed Message. Fig 5.2: Asymmetric Key Distribution Algorithm with Dual Threshold. As shown above in Fig 7, the Trusted Dealer now has to generate additional key shares for each of the Special Server’s compulsory key shares. It divides each SS key share into f smaller key shares of the same size. These are distributed among the m distributed special servers in 1 + − f m C m f ways using the key share reuse technique. The Distributed Special Servers now have 1 + − f m C m f · 1 + − t k C k t sets of key shares. Though this technique causes an explosion of key shares, it is still feasible compared to the scheme without key share reuse. It also provides more randomness than the classical threshold schemes. For example, reusing the previous example of 5-out-of-7 share servers, we have 1 5 7 7 5 + − C = 3 21 = 7 sets of share server shares. If the Special Server threshold is now 3-out-of-5, we 55 have 1 3 5 5 3 + − C = 10 div3 +10mod 3 = 4 sets of distributed special servers for each set of share server shares. This would result in a total of 4 · 7 = 21 sets, which is 90% lesser than 21· 10 = 210 sets (without reuse). Also, there exist a better degree of randomness here as compared to the classical secret sharing scheme[1] due to a larger key space. The f-out-of m threshold and t-out-of-k threshold’s are mutually exclusive - only t-out-of k and f-out of the m shares created could together form a successful transaction. Furthermore, if collectively t + f shares are applied out of k + m servers without observing the thresholds t and f, the Certificate Signing Request would be unsuccessful. Download 217.42 Kb. Do'stlaringiz bilan baham: 
|