----- Original Message ----- From: "Kai Wei" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 27, 2002 7:05 PM Subject: Re: threshold decryption
| I was aware of that. But it's still different from what I'm looking for. The | SecretSharing splits a secret (the private key in my case) into n shares, | and the SecretRecovery recovers the secret given k shares of the secret. I | don't want to recover the private key, but the thing encrypted with the | private key (without revealing the private key). | | My original description of the problem is a bit confusing. Let me restate | it. I use RSA to encrypt some data P, resulting in ciphertext C. We want to | secret-share the private key used in the encryption. We also want to be able | to do the following: given the ciphertext C, and k shares of the secret | private key, recover the data P. This has to be done without revealing the | private key, however. That is, you cannot first combine the k shares to | recover the private key, and then use the private key to decrypt the | ciphertext. | | There is a well-known algorithm to do this. But hte question is, is it | implemented somewhere in Crypto++? | | Thanks. | | | ----- Original Message ----- | From: "Jeffrey Walton" <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Sent: Wednesday, November 27, 2002 3:25 PM | Subject: Re: threshold decryption | | | > ----- Original Message ----- | > From: Kai Wei | > To: [EMAIL PROTECTED] | > Sent: Wednesday, November 27, 2002 5:27 PM | > Subject: threshold decryption | > | > | > Hi, | > | > I'm working on a project that requires threshold decryption. Here we use | RSA | > to encrypt a secret. We want to split the RSA private key into n shares, | > with k shares required to recover the private key. When we need to recover | > the secret, we want to do so without first recovering the private key. | That | > is, we want k share-holders to decrypt the secret independently using | their | > own share of the private key, and then their results can be combined | somehow | > to recover the secret (not the private key!). | > | > I'm aware that the algorithm to do this is well-known. I just want to know | > whether this is already implemented in Crypto++ (i.e., something that | takes the | > results from the k share-holders and combines them to recover the secret, | OR, | > sometihng that takes the encrypted secret and k shares of the private key, | and | > recovers the secret). | > thanks. | > | > Hello Kai, | > | > Take a look at test.cpp, using the ss and sr switches. | > | > ss is secret share. Its code is located at line 614 (SecretShareFile(...)) | of | > test.cpp. | > | > Jeff | > | > Hello Kai, The format of the file (or what is in it) to be secret shared is up to you. If you choose to encrypt the file first, that is fine. In terms of Crypto++, it simply sees 1 Source (the file you name), and multiple Sinks (the shares). For example: ctyptest ss 2 3 plain.txt shares my plain text file. ctyptest ss 2 3 cipher.txt shares my encrypted file. Jeff
