Cryptography Overview
80 RSA BSAFE Crypto-C Developer’s Guide
R
2
: 2nd party’s public value
x
S
: secret key
In phase 1, each party computes a private value, k
i
, and then a public value, R
i
:
R
1
= k
1
P
R
2
= k
2
P
In phase 2, the parties trade public values and compute the same elliptic curve point
S:
S = k
1
R
2
= k
1
k
2
P
S = k
2
R
1
= k
2
k
1
P
The first coordinate of S, x
S
, is their agreed-upon secret key.
Secret Sharing
Secret sharing, also known as a threshold scheme, takes a message or other data and
divides it up into pieces in such a way that while each piece means nothing
individually, some or all of the pieces can be assembled to retrieve the secret.
Typically, the secret is a key used for encrypting sensitive data.
A good secret-sharing algorithm allows an application to share the secret among a
variable number of shares. It should also be possible to set how many of the shares are
needed to recover the secret. That is, if the total number of shares is N, you should be
able to decide in advance that any K of them can recover the secret. The number K, the
required number of shares, is known as the threshold.
With secret sharing, access can be split among several individuals, with
reconstruction requiring a threshold number of shares. In this way, if one or more of
the individuals are not available, it is still possible to recover the data. In addition,
secret sharing contains some level of checks and balances: no one can recover data
without at least one other individual knowing about it.
The algorithm used in Crypto-C is Bloom-Shamir secret sharing.
Figure 3-14 and Figure 3-15 show the schema for secret sharing and recovery.
