On Mon, 14 May 2001, Rafael Coninck Teigao wrote:
> Hi, cypherpunks.
> I'm looking for an algorithm similar to the LaGrange Interpolation
> Scheme, by Adi-Shamir, for a Shared-Secret implementation, but I want to
> be able to recover the secret using only one of the Keys, not a
> combination, such was proposed in the LaGrange Scheme.
You can use Adi-Shamir's Scheme using the LaGrange Interpolating
Polynomial for this. Actaully, you can use any shared secret scheme.
Let's use George Blakley's vector based scheme for an example, since it's
easy to visualize. Hmm.. It's late at night here, and I can't seem to
think of a way to devise a (1, many) threshold scheme using either
Blakely nor Shamir's Scheme, but that doesn't nessecarily mean it's
impossible. The first thing that occurs to me is to simply use a
(2, many) threshold scheme, making sure that the many is twice the number
of shadows you want to distribute, and then you issue two shadows to each
person. Using Blakley's scheme, the secret would would a point in
3-dimentional space, and each shadow would be a line that passed through
that point. Then you simply give two shadows to everyone. However...
I think I just realized why I couldn't think of a (1, n) threshold
scheme... If it only takes one shadow to recover the secret.. that is..
you want one key to encrypt the message, and many keys that can decrypt
the message by themselves... I would argue that those aforementioned
"many keys" are actually one key, since they all serve the same function.
Mathematically.. they're all the same thing... It's really quite
pointless to use a shared secret scheme if there's no real sharing to be
done. Simply issue the same decryption key to everyone. It's basically
the same as giving everyone two shadows of a (2, n) scheme... or 1 shadow
of a hypothetical (1, n) scheme..
I could just be sleepy, or it might be because I'm typing this message in
the bathroom (I love 802.11).. So please correct me if I'm wrong here or
if I misunderstood you..
Jon Erickson
