Research On Threshold Cryptography And Its Application

With the rapid development of internet techniques, more and more applications exchange information through internet, and now we can't imagine our life without internet. Internet brings much more convenience and advantage to us and it bring too much threat at the same time. Adversary can eardrop, modify and forge anything which broadcast on internet without being detected by the parties who take part in communication, so confidentiality, integrity and availability must be maintained in a secure application. Cryptography and network security are the most effective method to protect our network from attacker or hacker. Cryptography can be sorted in symmetric cipher and asymmetric cipher, symmetric cipher such as DES often be used to encrypt batch data, asymmetric cipher such as RSA usually be used to exchange symmetric key, digital signature and identity authentication etc, and it has become the core component of cryptography in fact.Threshold cryptography is an important embranchment of cryptography, and it has many potential uses in the areas of information security. In particular, such a scheme can be used to ensure the secure implementation of a cryptographic secret in a multi-user network. A secret sharing scheme is a method to distribute a secret value into shares in such a way that only some authorized subsets of participants are able to recover the secret from their shares. Secret sharing schemes were first independently introduced by Shamir and Blakley. A secret sharing scheme (t, n) is called a threshold scheme if it has the following characteristics:â‘ n participants in this scheme;â‘¡any t or more of the n participants are able to rebuild the secret;â‘¢any less than t-1 participants can't reveal the secret. Threshold cryptography has many potential usages, it can be integrated with encrypt scheme and signature scheme, so it will be very useful in constructing an intrusion-tolerated key management center, generating symmetric key in distributed, sharing multi-secret among a group of entities, key escrow and group signature etc.The motivation of proactive security is to reduce the damage from compromised server in a thresh system. It is impossible for a server to be absolutely secure; therefore, we should do our best to reduce the damage when a server to be compromised. The protection provided by traditional secret sharing may be insufficient for sensitive and long-lived secrets, because the adversary has the entire life-time of secrets to attack enough number of servers in order to compromise secrets which sharing in a threshold scheme. A natural method is to periodically refresh the secrets; however, this is not always possible. That is the case of inherently long-lived secrets, such as cryptographic master keys, data files, legal documents, etc; imagine that one wants to protect a data file by encrypting it under an initial key and then periodically updates that key, he should decrypt the file with the old key and encrypt it with the new key every time when the key changes, such method doesn't protect the integrity of the file at all, and it also exposes the secrecy to adversary when the file is being decrypted. One effective solution is changing sub-secrets hold by participants periodically without changing the value of sharing secrets. Adversary can't get any information of the former or succeeding sub-secret from the current sub-secrets hold by participants, so it must compromise a certain number servers in a specified time span for getting useful information. Proactive secure threshold scheme can be constructed when we combine threshold scheme and proactive methods. In the following part of this paper, we will discuss some hot topics in this field and present several new schemes with particular advantages.With the advance of our computerized society, information security raises many various demands, some of which can never be fully satisfied simultaneously. Strong ciphers, which protect privacy during communication by rendering tapping useless, have been pursued by many researchers. However, there is a strong demand for monitoring communication to combat crime. A common and practical solution for this problem is to use a trusted third party. In a key escrow scheme, users have to deposit their private keys with the escrow agency (EA), which is assumed to disclose the keys to the law enforcement party (LEP) only if lawfully requested. In this paper, we will give a new key escrow scheme using threshold cryptography in order to solve the balance between privacy and monitor requirement.A group signature scheme allows members of a group to sign messages on behalf of the group. Signatures can be verified with respect to a single group public key, but they do not reveal the identity of the signer. Furthermore, it is not possible to decide whether two signatures have been issued by the same group member. However, there exists a designated group manager who can, in case of a later dispute, open signatures, i.e., reveal the identity of the signer. Group signatures could for instance be used by a company for authenticating price lists, press releases, or digital contracts. The customers need to know only a single company public key to verify signatures. The company can hide any internal organizational structures and responsibilities, but still can find out which employee (i.e., group member) has signed a particular document. The concept of group signatures was introduced by Chaum and van Heyst and they also proposed the first realizations. Using partial key escrow technique to construct a group signature scheme is a good idea for some environment where need a supper privileged manager, any group signature can't be formed without the supper manager sub-signature.The main work in this paper is to research on the cryptosystem related to threshold cryptography above mentioned. The main contributions of this paper list as follows:(1) Propose a secure distributed symmetric key generation scheme; in this scheme key management center is an important component for generating symmetric key without using public key cryptography. We use bivariate polynomials to construct threshold distributed pseudo-random function, distribute the bivariate polynomials across the key management center servers, only the authorized set of servers can associating computed the pseudo random for key. It ensure certain number of unauthorized server is compromised will not threaten the security of the whole network. So enhance the security of distributed key management center servers, and preventing bottlenecks or single points of failure. Scheme use zero-knowledge proof technology to avoid cheating from administrator and participants.We can Construct an intrusion-tolerate key management center using our distributed symmetric key generation scheme, key management center is an important component for generating symmetric key in multicast communication without using public key cryptography. Keeping key management center security and providing efficient symmetric key service is very important. Different from the known partition to domain or replication solution, the scheme we present use bivariate polynomials to construct threshold distributed pseudo-random function, distribute the bivariate polynomials across the key management center servers, only the authorized set of servers can associating computed the pseudo random for key. It ensure certain number of unauthorized server is compromised will not threaten the security of the whole network. So enhance the security of distributed key management center servers, and preventing bottlenecks or single points of failure.(2) Present a new multisecret sharing threshold scheme. In the scheme, the dealer can manage any set of multiple secrets for sharing and participants can compute sub-secret for different secrets efficiently and securely, and sub-secret hold by participant is Verifiable. The scheme use knowledge signature to against cheating by dealer and cheating by participants. Adding new participant to system will not change the sub-secrets which had assigned to participants formerly. At the end, it is demonstrated that the scheme is security and efficient.(3) Propose a new proactive secure multisecret sharing threshold scheme. In the scheme, participants can share multiple secrets and compute sub-secret for rebuilding efficiently and securely, and sub-secret hold by participant is verifiable. The scheme use verifiable secret sharing technique to against cheating by dealer and cheating by participants. Our scheme is proactive secure, participants will update the sub-secret periodically without Dealer intervention, old sub-secret will be obsolete and adversary can' t get any useful information from these. At the end, it is demonstrated that the scheme is security and efficient.(4) Propose a new forward secure threshold key escrow scheme. In our scheme, private key will be divided n parts using threshold technique, and distribute subkey to n key escrow agents. Every escrow agent can verify the sub secret by VSS scheme, and can update sub secret automatically in a setup time span. Any k escrow agent can recover private key cooperatively within a updating interval. Any updating failed or corrupt escrow agent couldn't reconstruct the correct private key. The former ciphertext can not be decrypt by the current private key even it is compromised by adversary. At last, our schem is forward secured.(5) Propose a new multi-threshold group signature scheme without trusted -third-party. The signature key will be generated by user cooperatively, and verifiable sharing scheme will be used to distribute subsecret. We will use multi-partition techniques to construct a group signature scheme based on Elgamal signature scheme. Any subset of users which satisfying all requirement of threshold can generate valid signature. All attended user will compute a sub-signature, and signature center will combine these sub-signature to a group signature. In our scheme, signature is anonimous and auditable, adding or deleting new partipant needn't change system environment, and any entity in our scheme can verify the group signature by the group public key.These results above mentioned can be widely applied to the area of certification authority (CA) system, signature systems of bank and e-cash in electronic commerce, secure database system, Web network authentication system, key escrow system, revocable electronic cash system, electronic voting system, user roaming system, etc. Our next works include: researching on the property of forward security, and building up a new threshold signature scheme that satisfy a strong forward security; expanding bilinear pairings to special signature schemes more deeply more widely, building up various signature schemes based on bilinear pairings.