I really like the Shoup paper. But I've not seen too many implementations in the wild. :)
--bill On Tue, Mar 10, 2009 at 12:49:55PM -0400, Michael StJohns wrote: > Hi Alfred - > > A better scheme for threshold signing for the root might be the Shoup paper: > "Practical Threshold Signatures", Victor Shoup ([email protected]), IBM > Research Paper RZ3121, 4/30/99 > > The major difference between the two is that the Shamir system (which you > describe) requires the base secret (private key) be reconstituted (by a > trusted entity) before it can be used, where the Shoup system allows partial > signatures with a public gather function. E.g. In a 3 of 5 system, each of > the 3 key share holders partial-sign the data using their share of the > private key and send it (as public data) to a central location where a gather > function is used to form the actual signature. > > Shamir is nice in that it can be used for any set of key bits. But the > reconstitution requirement is a point of weakness where the actual private > key may be compromised. > > The Shoup system is only specified for RSA as far as I know. > > Mike > > > > At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: > >This tools might be of interest for implementors of DNSSEC, > >e.g. the folks wanting to distibute control over the future Root > >Zone primary Key Signing Keys between the RIRs and ICANN/IANA. > > > >The new version should hopefully be ready for implementation. > > > > > >----- Forwarded message from IETF I-D Submission Tool ----- > > > >> From: IETF I-D Submission Tool <[email protected]> > >> Message-Id: <[email protected]> > >> Date: Mon, 9 Mar 2009 13:44:24 -0700 (PDT) > >> Subject: New Version Notification for draft-mcgrew-tss-02 > > > >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly > >submitted by David McGrew and posted to the IETF repository. > > > >Filename: draft-mcgrew-tss > >Revision: 02 > >Title: Threshold Secret Sharing > >Creation_date: 2009-03-09 > >WG ID: Independent Submission > >Number_of_pages: 26 > > > >Abstract: > >Threshold secret sharing (TSS) provides a way to generate N shares > >from a value, so that any M of those shares can be used to > >reconstruct the original value, but any M-1 shares provide no > >information about that value. This method can provide shared access > >control on key material and other secrets that must be strongly > >protected. > > > >This note defines a threshold secret sharing method based on > >polynomial interpolation in GF(256) and a format for the storage and > >transmission of shares. It also provides usage guidance, describes > >how to test an implementation, and supplies test cases. > > > > > >The IETF Secretariat. > > > > > >----- End of forwarded message from IETF I-D Submission Tool ----- > > > > > >Kind regards, > > Alfred. > > > >-- > > > >+------------------------+--------------------------------------------+ > >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | > >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | > >| D-71254 Ditzingen | E-Mail: [email protected] | > >+------------------------+--------------------------------------------+ > > > > > >-- > >to unsubscribe send a message to [email protected] with > >the word 'unsubscribe' in a single line as the message text body. > >archive: <http://ops.ietf.org/lists/namedroppers/> > > > > -- > to unsubscribe send a message to [email protected] with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
