On Sat, 06 Jan 2007 13:13:32 -0800 Allen <[EMAIL PROTECTED]> wrote: > Hi everyone, > > I'm Allen Schaaf and I'm primarily an information security analyst - > I try to look at things like a total stranger and ask all the dumb > questions hoping to stumble on one or two that hadn't been asked > before that will reveal a potential risk. > > I'm currently consulting at a very large HMO and finding that there > are lots of questions that have not been asked so I'm having fun. > > One of the questions that I have been raising is trust and how to > ensure that that it is not misplaced or eroded over time. Which leads > me to my question for the list: I can see easily how to do split key > for 2 out of x for key recovery, but I can't seem to find a reference > to the 3 out of x problem. > > In case I have not been clear enough, it is commonly known that it is > harder to get collusion when three people need to act together than > when there are just two. For most encryption 2 out x is just fine, > but some things need a higher level of security than 2 out of x can > provide. > There's a vast literature on the subject. The classic paper is "How to Share a Secret", by Shamir, Comm. ACM 22:11, Nov 1979. Gus Simmons published a survey of the field about 10 years ago, but I don't have the citation handy. I've always been fond of "Cryptographic sealing for information secrecy and authentication", David Gifford, Comm. ACM 25:4, April 1982, but remarkably few people seem to have heard of it -- even Simmons was surprised when I mentioned it to him.
--Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]