I've got one. I modified an implementation of Shoup by Steve Weis which does raw RSA sigs to do PKCS1-v1.5 RSA signatures and from those to do DNSSEC signing. It allows the generation and wrapping of shares under remotely generated public keys - e.g. share holder public keys. When signatures are required, the data to be signed is sent to the share holders who decrypt their share with their private key, do a partial signature and return the signature share to the central location (or post it to a mailing list :-) ). The zone manager combines the partial signatures into a DNSSEC formatted RRSIG, verifies the signature is correct across the RRSet and then publishes it.
Let me see if I can get permission to distribute it. Hmm.. looks like he's posted the underlying libraries. See http://code.google.com/p/threshsig/updates/list Mike At 10:49 PM 3/10/2009, [email protected] wrote: > I really like the Shoup paper. But I've not seen too many implementations in > the wild. :) > >--bill > > >On Tue, Mar 10, 2009 at 12:49:55PM -0400, Michael StJohns wrote: >> Hi Alfred - >> >> A better scheme for threshold signing for the root might be the Shoup paper: >> "Practical Threshold Signatures", Victor Shoup ([email protected]), IBM >> Research Paper RZ3121, 4/30/99 >> >> The major difference between the two is that the Shamir system (which you >> describe) requires the base secret (private key) be reconstituted (by a >> trusted entity) before it can be used, where the Shoup system allows partial >> signatures with a public gather function. E.g. In a 3 of 5 system, each of >> the 3 key share holders partial-sign the data using their share of the >> private key and send it (as public data) to a central location where a >> gather function is used to form the actual signature. >> >> Shamir is nice in that it can be used for any set of key bits. But the >> reconstitution requirement is a point of weakness where the actual private >> key may be compromised. >> >> The Shoup system is only specified for RSA as far as I know. >> >> Mike >> >> >> >> At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: >> >This tools might be of interest for implementors of DNSSEC, >> >e.g. the folks wanting to distibute control over the future Root >> >Zone primary Key Signing Keys between the RIRs and ICANN/IANA. >> > >> >The new version should hopefully be ready for implementation. >> > >> > >> >----- Forwarded message from IETF I-D Submission Tool ----- >> > >> >> From: IETF I-D Submission Tool <[email protected]> >> >> Message-Id: <[email protected]> >> >> Date: Mon, 9 Mar 2009 13:44:24 -0700 (PDT) >> >> Subject: New Version Notification for draft-mcgrew-tss-02 >> > >> >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly >> >submitted by David McGrew and posted to the IETF repository. >> > >> >Filename: draft-mcgrew-tss >> >Revision: 02 >> >Title: Threshold Secret Sharing >> >Creation_date: 2009-03-09 >> >WG ID: Independent Submission >> >Number_of_pages: 26 >> > >> >Abstract: >> >Threshold secret sharing (TSS) provides a way to generate N shares >> >from a value, so that any M of those shares can be used to >> >reconstruct the original value, but any M-1 shares provide no >> >information about that value. This method can provide shared access >> >control on key material and other secrets that must be strongly >> >protected. >> > >> >This note defines a threshold secret sharing method based on >> >polynomial interpolation in GF(256) and a format for the storage and >> >transmission of shares. It also provides usage guidance, describes >> >how to test an implementation, and supplies test cases. >> > >> > >> >The IETF Secretariat. >> > >> > >> >----- End of forwarded message from IETF I-D Submission Tool ----- >> > >> > >> >Kind regards, >> > Alfred. >> > >> >-- >> > >> >+------------------------+--------------------------------------------+ >> >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | >> >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | >> >| D-71254 Ditzingen | E-Mail: [email protected] | >> >+------------------------+--------------------------------------------+ >> > >> > >> >-- >> >to unsubscribe send a message to [email protected] with >> >the word 'unsubscribe' in a single line as the message text body. >> >archive: <http://ops.ietf.org/lists/namedroppers/> >> >> >> >> -- >> to unsubscribe send a message to [email protected] with >> the word 'unsubscribe' in a single line as the message text body. >> archive: <http://ops.ietf.org/lists/namedroppers/> > >-- >to unsubscribe send a message to [email protected] with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/> _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
