To all: Here is a scheme for a central organization distributing a trust anchor public key with rollover requirement. The suggested acronym for this scheme is TAKREM for Trust Anchor Key REnewal Method.

We use the notation #R[i]# for the public "root" public key #R[i]#, with the private key counterpart #r[i]#. The central organization establishes key pairs #<r[0],R[0]>#, #<r[1],R[1]>#, #<r[2],R[2]>#, ..., #<r[n],R[n]>#, allocating the pair #<r[0],R[0]># as the initial private/public trusted key pair, and reserving each key pairs #<r[i],R[i]># for the cryptoperiod starting with the #i#'th root key renewal, for #1<=i<=n#. A separate MASH (Modular Arithmetic Secure Hash) instance #H[i]# is created for each #R[i]#. MASH is defined in International standard document ISO/IEC 10118-4:1998, "Information technology - Security techniques - Hash-functions - Part 4: Hash-functions using modular arithmetic." That is, the central organization selects a large composite modulus number #N[i]# used in the MASH round function and a prime number #P[i]# used in the MASH final reduction function. Then, the central organization selects a random salt field #s[i]#. A hash computation gives a root key digest #D[i]# : #D[i]=H[i](s[i]|R[i]|N[i]|P[i])# . The digest #D[i]# is like an advanced notice of future trust anchor key #R[i]#. The data tuple #<r[i],R[i],N[i],P[i],s[i]># is set aside in dead storage. The trust anchor key initial distribution is #R[0], D[1], D[2], ..., D[n]# . Security rationale: with data tuple #<r[i],R[i],N[i],P[i],s[i]># totally concealed until the usage period for key pair #<r[i],R[i]>#, an adversary is left with the digest #D[i]# from which it is deemed impossible to mount a brute force attack. A root key rollover is triggered by the following message: #i,<R[i],N[i],P[i],s[i]># . Upon receipt of this messsage, the end-user system becomes in a position to validate the root key digest #D[i]#. More details are provided in http://www.connotech.com/takrem.pdf. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]