[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    secret sharing question
From:       Marco Russo <russom () mail ! eng ! it>
Date:       2000-05-31 15:53:35
[Download RAW message or body]

Hi all.
I' ve implemented the simplest form of the Shamir secret sharing
protocol
(http://www.iks-jena.de/mitarb/lutz/security/cryptfaq/q104.html)
using openssl.
My procedure is simple:
1. generate RSA structure.
2. save public key in a file.
3. convert rsa->p and rsa->q to a string with BN_bn2hex function.
4. create a new string S concatenating p and q (separated from the
character x). S = "p"x"q".
5. the secret BIGNUM sec_bn is the BN obtained with
    sec_bn = BN_bin2bn((unsigned char *)S, strlen(S), sec_bn)).
6. create the n shares (threshold t):
    - select a1,..,a(t-1) random number with BN_rand creating the
polynomial
      p(X) = sec_bn + a1*X + ... +a(t-1)*X^(t-1).
    - for i= 1 to n the share i is (i, P(i)).
7. give out the shares and then erase it.
8. erase the rsa structure ( the private key at this point in lost ).

for rebuild the secret with t shares:
1. buld the polynomial p(x) with Lagrange interpolation.
2. sec_bn = p(0).
3. create secret_string with
    BN_bn2bin(sec_bn, (unsigned char *)secret_string).secret_string =
"p"x"q".
4. rsa -> p = BN_hex2bn("p"), rsa ->q = BN_hex2bn("q")
5. rebuild rsa structure using the saved public key and copying the
procedures
    of RSA_generate_key function

My questions are:
1) The mod p version of the protocol
(http://www.best.com/~szabo/secret.html) seems
    to be more attractive. The size of shares is smaller because they
are calculated mod p.
    Is this the only advantage? I think the algorithms are equivalent
from the information
    security point of view.Or not?
2) I have my little library for polynomials (BIGNUM coefficients)
related operations. Do
    I need to implement the Chinese Remainder Theorem for polynomials
for Lagrange
    Interpolation in Zp to rebuild the polynomyal? If it is true, are
there
    openssl functions to help me in this job?

Maybe these are not the central arguments of this list.If so, I
apologize in advance.
Thanks for your response.
Ciao.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]