摘要
在(t,n)密钥共享方案中,密钥管理者将一个秘密密钥分成n个子密钥,然后让n个成员中的每个成员保存一个子密钥.当需要恢复秘密密钥时,任意t个成员拿出他们持有的子密钥后,就可以按既定的公开算法恢复出所需密钥.而多重密钥共享使得密钥管理者可以安全且有效地共享多个密钥.Shi给出了一种高效率的多重密钥共享认证方案.在其方案中,不仅成员持有的子密钥能够重复使用,而且管理者分发的子密钥和成员提供的影子子密钥也都是可认证的.对Shi方案的安全性进行了分析:首先指出该方案的一个设计错误;然后给出两个攻击,以表明该方案中的子密钥和影子子密钥认证方法实际上都是不安全的.准确地说,利用所提出的攻击,不诚实的管理者可以将假的子密钥分发给成员;而不良成员可以很容易地伪造假的但能满足认证等式的影子子密钥,从而欺骗诚实成员,使得诚实成员误以为他们恢复出的密钥是正确的.另外,还给出了改进方法,以避免上述设计错误和攻击.
In a (t,n) secret sharing scheme, a dealer splits a secret into n shares and sends a share to each of n participants. If necessary, any t members can provide their secret shares together and recover the secret by using a publicly specified algorithm. Multisecret sharing schemes allow a dealer to share multiple secrets among a group of participants securely and efficiently. In recent, Shi proposed an efficient multisecret sharing authenticating scheme. In his scheme, not only the shares held by the participants are reusable, but also the shares distributed by the dealer and the shadow shares provided by the participants are verifiable. This paper analyzes the security of Shi's scheme. It first points out a design error in his scheme, and then demonstrates an attack to show that both of his share-authenticating and shadow-key-authenticating methods are insecure. Specifically, using the attacks, a dishonest dealer can distribute false shares to participants, and malicious participants can easily forge false shadow shares such that the authenticating equality is satisfied. The result is that honest participants will be cheated and misled to believe that the recovered secret is correct. In addition, improvements are provided to avoid the identified design error and attacks. x
出处
《软件学报》
EI
CSCD
北大核心
2006年第7期1627-1632,共6页
Journal of Software
基金
国家自然科学基金
国家重点基础研究发展规划(973)
北京市自然科学基金~~
关键词
密钥共享
多重密钥共享
密码学
信息安全
secret sharing
multisecret sharing
cryptography
information security
