To all:
Here is a scheme for a central organization
distributing a trust anchor public key with rollover
requirement. The suggested acronym for this scheme is
TAKREM for Trust Anchor Key REnewal Method.
We use the notation #R[i]# for the public "root" public
key #R[i]#, with the private key counterpart #r[i]#.
The central organization establishes key pairs
##, ##, ##, ...,
##, allocating the pair ## as the
initial private/public trusted key pair, and reserving
each key pairs ## for the cryptoperiod
starting with the #i#'th root key renewal, for
#1<=i<=n#.
A separate MASH (Modular Arithmetic Secure Hash)
instance #H[i]# is created for each #R[i]#. MASH is
defined in International standard document ISO/IEC
10118-4:1998, "Information technology - Security
techniques - Hash-functions - Part 4: Hash-functions
using modular arithmetic."
That is, the central organization selects a large
composite modulus number #N[i]# used in the MASH round
function and a prime number #P[i]# used in the MASH
final reduction function.
Then, the central organization selects a random salt
field #s[i]#.
A hash computation gives a root key digest #D[i]# :
#D[i]=H[i](s[i]|R[i]|N[i]|P[i])# .
The digest #D[i]# is like an advanced notice of future
trust anchor key #R[i]#.
The data tuple ## is set
aside in dead storage.
The trust anchor key initial distribution is
#R[0], D[1], D[2], ..., D[n]# .
Security rationale: with data tuple
## totally concealed until
the usage period for key pair ##, an
adversary is left with the digest #D[i]# from which it
is deemed impossible to mount a brute force attack.
A root key rollover is triggered by the following
message:
#i,# .
Upon receipt of this messsage, the end-user system
becomes in a position to validate the root key digest
#D[i]#.
More details are provided in
http://www.connotech.com/takrem.pdf.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]