I really like the Shoup paper.  But I've not seen too many implementations in 
the wild. :)

--bill


On Tue, Mar 10, 2009 at 12:49:55PM -0400, Michael StJohns wrote:
> Hi Alfred -
> 
> A better scheme for threshold signing for the root might be the Shoup paper: 
> "Practical Threshold Signatures", Victor Shoup ([email protected]), IBM 
> Research Paper RZ3121, 4/30/99
> 
> The major difference between the two is that the Shamir system (which you 
> describe) requires the base secret (private key) be reconstituted (by a 
> trusted entity) before it can be used, where the Shoup system allows partial 
> signatures with a public gather function.  E.g. In a 3 of 5 system, each of 
> the 3 key share holders partial-sign the data using their share of the 
> private key and send it (as public data) to a central location where a gather 
> function is used to form the actual signature.  
> 
> Shamir is nice in that it can be used for any set of key bits.  But the 
> reconstitution requirement is a point of weakness where the actual private 
> key may be compromised.
> 
> The Shoup system is only specified for RSA as far as I know. 
> 
> Mike
> 
> 
> 
> At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote:
> >This tools might be of interest for implementors of DNSSEC,
> >e.g. the folks wanting to distibute control over the future Root
> >Zone primary Key Signing Keys between the RIRs and ICANN/IANA.
> >
> >The new version should hopefully be ready for implementation.
> >
> >
> >----- Forwarded message from IETF I-D Submission Tool -----
> >
> >> From: IETF I-D Submission Tool <[email protected]>
> >> Message-Id: <[email protected]>
> >> Date: Mon,  9 Mar 2009 13:44:24 -0700 (PDT)
> >> Subject: New Version Notification for draft-mcgrew-tss-02
> >
> >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly
> >submitted by David McGrew and posted to the IETF repository.
> >
> >Filename:       draft-mcgrew-tss
> >Revision:       02
> >Title:          Threshold Secret Sharing
> >Creation_date:  2009-03-09
> >WG ID:          Independent Submission
> >Number_of_pages: 26
> >
> >Abstract:
> >Threshold secret sharing (TSS) provides a way to generate N shares
> >from a value, so that any M of those shares can be used to
> >reconstruct the original value, but any M-1 shares provide no
> >information about that value.  This method can provide shared access
> >control on key material and other secrets that must be strongly
> >protected.
> >
> >This note defines a threshold secret sharing method based on
> >polynomial interpolation in GF(256) and a format for the storage and
> >transmission of shares.  It also provides usage guidance, describes
> >how to test an implementation, and supplies test cases.
> >
> >
> >The IETF Secretariat.
> >
> >
> >----- End of forwarded message from IETF I-D Submission Tool -----
> >
> >
> >Kind regards,
> >  Alfred.
> >
> >-- 
> >
> >+------------------------+--------------------------------------------+
> >| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
> >| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
> >| D-71254  Ditzingen     |  E-Mail:  [email protected]                     |
> >+------------------------+--------------------------------------------+
> >
> >
> >--
> >to unsubscribe send a message to [email protected] with
> >the word 'unsubscribe' in a single line as the message text body.
> >archive: <http://ops.ietf.org/lists/namedroppers/>
> 
> 
> 
> --
> to unsubscribe send a message to [email protected] with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to