In this paper we modify the model introduced by Naor et al., requiring authenticated channels instead of assuming the existence of secure channels. Our model makes the user's computations easier, because most computations of the protocol are carried out by servers, keeping to a more realistic situation. We propose a basic scheme, that makes use of ElGamal cryptosystem, and that fits in with this model in the case of a passive adversary. We then add zero-knowledge proofs and verifiable secret sharing to prevent from the action of an active adversary. We consider general structures (not only the threshold ones) for those subsets of servers that can provide a key to a user and for those tolerated subsets of servers that can be corrupted by the adversary. We find necessary combinatorial conditions on these structures in order to provide security to our scheme.
Category / Keywords: cryptographic protocols / Key distribution, secret sharing schemes. Publication Info: Proceedings of Information Security Conference, ISC'02. LNCS 2433, pp. 342--356 Date: received 1 Jun 2002, last revised 11 Apr 2003 Contact author: jherranz at mat upc es Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20030411:085507 (All versions of this report) Short URL: ia.cr/2002/069 Discussion forum: Show discussion | Start new discussion