Re: A Note About Trust Anchor Key Distribution

[bmanning]

nice paper.  note that it claims this paper is being published to 
establish IPR claims.  there is prior art in several vectors.

you may wish to consider the following (although now expired) 
Internet Drafts:

draft-ietf-dnsext-trustupdate-threshold-00

and a similar one authored by Mike StJohns.

that cover the same basic ideas. at least one of
these is being updated and revised.

--bill manning

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

A Note About Trust Anchor Key Distribution

[Thierry Moreau]

To all:

Here is a scheme for a central organization
distributing a trust anchor public key with rollover
requirement. The suggested acronym for this scheme is
TAKREM for Trust Anchor Key REnewal Method.

We use the notation #R[i]# for the public "root" public
key #R[i]#, with the private key counterpart #r[i]#.

The central organization establishes key pairs
##, ##, ##, ...,
##, allocating the pair ## as the
initial private/public trusted key pair, and reserving
each key pairs ## for the cryptoperiod
starting with the #i#'th root key renewal, for
#1<=i<=n#.

A separate MASH (Modular Arithmetic Secure Hash)
instance #H[i]# is created for each #R[i]#. MASH is
defined in International standard document ISO/IEC
10118-4:1998, "Information technology - Security
techniques - Hash-functions - Part 4: Hash-functions
using modular arithmetic."

That is, the central organization selects a large
composite modulus number #N[i]# used in the MASH round
function and a prime number #P[i]# used in the MASH
final reduction function.

Then, the central organization selects a random salt
field #s[i]#.

A hash computation gives a root key digest #D[i]# :
  #D[i]=H[i](s[i]|R[i]|N[i]|P[i])# .
The digest #D[i]# is like an advanced notice of future
trust anchor key #R[i]#.

The data tuple ## is set
aside in dead storage.

The trust anchor key initial distribution is
  #R[0], D[1], D[2], ..., D[n]# .

Security rationale: with data tuple
## totally concealed until
the usage period for key pair ##, an
adversary is left with the digest #D[i]# from which it
is deemed impossible to mount a brute force attack.

A root key rollover is triggered by the following
message:
  #i,# .

Upon receipt of this messsage, the end-user system
becomes in a position to validate the root key digest
#D[i]#.

More details are provided in
http://www.connotech.com/takrem.pdf.

Regards,

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]