Hi Alfred - A better scheme for threshold signing for the root might be the Shoup paper: "Practical Threshold Signatures", Victor Shoup ([email protected]), IBM Research Paper RZ3121, 4/30/99
The major difference between the two is that the Shamir system (which you describe) requires the base secret (private key) be reconstituted (by a trusted entity) before it can be used, where the Shoup system allows partial signatures with a public gather function. E.g. In a 3 of 5 system, each of the 3 key share holders partial-sign the data using their share of the private key and send it (as public data) to a central location where a gather function is used to form the actual signature. Shamir is nice in that it can be used for any set of key bits. But the reconstitution requirement is a point of weakness where the actual private key may be compromised. The Shoup system is only specified for RSA as far as I know. Mike At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: >This tools might be of interest for implementors of DNSSEC, >e.g. the folks wanting to distibute control over the future Root >Zone primary Key Signing Keys between the RIRs and ICANN/IANA. > >The new version should hopefully be ready for implementation. > > >----- Forwarded message from IETF I-D Submission Tool ----- > >> From: IETF I-D Submission Tool <[email protected]> >> Message-Id: <[email protected]> >> Date: Mon, 9 Mar 2009 13:44:24 -0700 (PDT) >> Subject: New Version Notification for draft-mcgrew-tss-02 > >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly >submitted by David McGrew and posted to the IETF repository. > >Filename: draft-mcgrew-tss >Revision: 02 >Title: Threshold Secret Sharing >Creation_date: 2009-03-09 >WG ID: Independent Submission >Number_of_pages: 26 > >Abstract: >Threshold secret sharing (TSS) provides a way to generate N shares >from a value, so that any M of those shares can be used to >reconstruct the original value, but any M-1 shares provide no >information about that value. This method can provide shared access >control on key material and other secrets that must be strongly >protected. > >This note defines a threshold secret sharing method based on >polynomial interpolation in GF(256) and a format for the storage and >transmission of shares. It also provides usage guidance, describes >how to test an implementation, and supplies test cases. > > >The IETF Secretariat. > > >----- End of forwarded message from IETF I-D Submission Tool ----- > > >Kind regards, > Alfred. > >-- > >+------------------------+--------------------------------------------+ >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | >| D-71254 Ditzingen | E-Mail: [email protected] | >+------------------------+--------------------------------------------+ > > >-- >to unsubscribe send a message to [email protected] with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/> _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
