34. Recall that we define a cipher to be secure if the best known attack is an e

Question

34. Recall that we define a cipher to be secure if the best known attack is an exhaustive key search. If a cipher is secure and the key space is large, then the best known attack is computationally infeasible—for a   practical cipher, this is the ideal situation. However, there is always the possibility that a clever new attack could change a formerly secure cipher into an insecure cipher. In contrast, Shamir's polynomial-based secret sharing scheme is information theoretically secure, in the sense that there is no possibility of a shortcut attack. In other words, secret sharing is guaranteed to be secure forever.

a. Suppose we have a "2 out of 2" secret sharing scheme, where Alice and Bob share a secret S. Why can't Alice determine any information about the secret from her share of the secret?

b. Suppose we have an "m out of n" secret sharing scheme. Any set of m — 1 participants can't determine any information about the

secret S. Why?

Explanation / Answer

Consider the below example:

Alice wants to buy something from the well known website Bob.com Since they will exchange private information (Alice’s credit card, address etc.) they want to use encryption. However, they do not share a key between them.

Using a key exchange protocol. It seems that we already learned a protocol to do that:

Alice and Bob can run a key exchange protocol. One such protocol is the Diffie-Hellman protocol, but they can also run the following

RSA-based protocol: A B Bob chooses a pair of RSA keys (e, d) and sends e to Alice. A B Alice chooses a key k R {0, 1} n and sends Ee(k) to Bob. A B Bob and Alice can now can now continue their interaction with the shared secret key k.

Related Questions

Navigate

• Browse (All)
• Browse 3
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.