Efficient techniques for sharing a secret
First Claim
Patent Images
1. A method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
- choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n random numbers q, through qn that are relatively prime to M;
determining a number d such that a product of q, through qn and d mod M equals one;
computing Sd;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d.
10 Assignments
0 Petitions
Accused Products
Abstract
An n person secret sharing solution computes n unique keys to be distributed to the secret owners along with an exponentiated version of the secret. The custodian performs an exponent/modulo operation each time one of the keys is received from one of the secret owners. Alternatively, n+1 keys are created by the custodian, and the custodian retains one key after distributing the remaining n keys to the secret owners. After the custodian has received and processed the n keys from the secret owners, he performs an exponent/modulo operation using his own retained key. According to another aspect, a k out of n secret sharing solution involves computing and storing a database having an entry for each unique combination of k keys that could be returned from among the n keys. After k keys have been received, the custodian looks up in the database the entry corresponding to the particular unique combination of secret owners who returned keys. The custodian performs another exponent/modulo operation using the entry retrieved from the database in order to reconstruct the original secret. According to an embodiment, the custodian computes n+1 keys, distributes n of the keys to the secret owners, and keeps one of the keys for himself. The custodian retrieves his own key and performs a final exponent/modulo operation in order to reconstruct the original secret. According to another aspect, a k out of n secret sharing solution involves encrypting the original secret before applying any conventional k out of n secret sharing solution.
51 Citations
37 Claims
-
1. A method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
-
choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n random numbers q, through qn that are relatively prime to M;
determining a number d such that a product of q, through qn and d mod M equals one;
computing Sd;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d. - View Dependent Claims (2, 3, 4)
-
-
5. A method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
-
choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n+1 random numbers q, through qn and d′
that are relatively prime to M;
determining a number d such that a product of q1 through qn, d′
, and d mod M equals one;
computing s;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method performed by a custodian to share a secret S among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
choosing two large primes P and Q, such that PQ is greater than S;
computing and storing a product N=PQ;
computing and storing a product M=(P−
1)(Q−
1);
choosing n random numbers e1 through en that are relatively prime to N;
choosing another random number e that is relatively prime to N;
choosing n numbers d1 through dn such that eidi mod M equals one for 1≦
i≦
n;
choosing another number d such that ed mod M is equal to one;
generating and storing a database of values, where each value is the product of d and a unique k of the di numbers for 1≦
i≦
n;
deleting P, Q, and M;
computing Se;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Se and one of the numbers e1 through en; and
deleting the secret S and e1 through en, e, d1 through dn, and d. - View Dependent Claims (11, 12, 13, 14, 16, 17, 18, 19)
-
-
15. A method performed by a custodian to share a secret S among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
choosing two large primes P and Q, such that PQ is greater than S;
computing and storing a product N=PQ;
computing and storing a product M=(P−
1)(Q−
1);
choosing n random numbers e1 through e, that are relatively prime to N;
choosing random numbers e and e′
that are relatively prime to N;
choosing n numbers d1 through dn such that eidi mod M equals one for 1≦
i≦
n;
choosing numbers d and d′
such that ed mod M is equal to one and such that e′
d′
mod M is equal to one;
generating and storing a database of values, where each value is the product of d and a unique k of the di numbers for 1≦
i≦
n;
deleting P, Q, and M;
computing See′
;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes See′
and one of the numbers e1 through en; and
deleting the secret S and e1 through en, e, d1 through dn, and d.
-
-
20. A method performed by a custodian to share a secret among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
encrypting the secret so as to generate an encrypted secret;
deleting the secret; and
performing a forward k out of n secret sharing algorithm on the encrypted secret so as to generate n secret owner pieces. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer readable storage medium having embodied thereon computer readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
-
choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n random numbers q1 through qn that are relatively prime to M;
determining a number d such that a product of q1 through qn and d mod M equals one;
computing Sd;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d.
-
-
29. A computer readable storage medium having embodied thereon computer readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
-
choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n+1 random numbers q1 through qn and d′
that are relatively prime to M;
determining a number d such that a product of qn, through qn, d′
, and d mod M equals one;
computing Sd;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d.
-
-
30. A computer readable storage medium having embodied thereon computer readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret S among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
choosing two large primes P and Q, such that PQ is greater than S;
computing and storing a product N=PQ;
computing and storing a product M=(P−
1)(Q−
1);
choosing n random numbers e1 through en that are relatively prime to N;
choosing another random number e that is relatively prime to N;
choosing n numbers d, through d, such that eidi mod M equals one for 1≦
i≦
n;
choosing another number d such that ed mod M is equal to one;
generating and storing a database of values, where each value is the product of d and a unique k of the di numbers for 1≦
i≦
n;
deleting P, Q, and M;
computing S;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Se and one of the numbers e1 through en; and
deleting the secret S and e1 through en, e, d1 through dn, and d.
-
-
31. A computer readable storage medium having embodied thereon computer readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret S among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
choosing two large primes P and Q, such that PQ is greater than S;
computing and storing a product N=PQ;
computing and storing a product M=(P−
1)(Q−
1);
choosing n random numbers e1 through en that are relatively prime to N;
choosing random numbers e and e′
that are relatively prime to N;
choosing n numbers d1 through dn such that eidi mod M equals one for 1≦
i≦
n;
choosing numbers d and d′
such that ed mod M is equal to one and such that e′
d′
mod M is equal to one;
generating and storing a database of values, where each value is the product of d and a unique k of the di numbers for 1≦
i≦
n;
deleting P, Q, and M;
computing See;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Se and one of the numbers e1 through en; and
deleting the secret S and e1 through en, e, d1 through dn, and d.
-
-
32. A computer readable storage medium having embodied thereon computer readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
encrypting the secret so as to generate an encrypted secret;
deleting the secret; and
performing a forward k out of n secret sharing algorithm on the encrypted secret so as to generate n secret owner pieces.
-
-
33. A computer comprising a processor and a computer readable storage medium coupled to the processor having embodied thereon processor readable program code suitable for programming the computer to perform a method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
-
choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n random numbers q, through qn that are relatively prime to M;
determining a number d such that a product of q, through qn and d mod M equals one;
computing Sd;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d.
-
-
34. A computer comprising a processor and a computer readable storage medium coupled to the processor having embodied thereon processor readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret S among n secret owners, the method comprising the steps of:
-
choosing two large primes P and Q;
computing a product N=PQ;
computing a product M=(P−
1)(Q−
1);
choosing n+1 random numbers q1 through qn and d′
that are relatively prime to M;
determining a number d such that a product of q1 through qn, d′
, and d mod M equals one;
computing Sd;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Sd and one of the numbers q1 through qn; and
deleting the secret S, P, Q, M, q1 through qn, and d.
-
-
35. A computer comprising a processor and a computer readable storage medium coupled to the processor having embodied thereon processor readable program code suitable for programming a computer to perform a method performed by a custodian to share a secret S among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
choosing two large primes P and Q, such that PQ is greater than S;
computing and storing a product N=PQ;
computing and storing a product M=(P−
1)(Q−
1);
choosing n random numbers e1 through en that are relatively prime to N;
choosing another random number e that is relatively prime to N;
choosing n numbers d1 through dn such that eidi mod M equals one for 1≦
i≦
n;
choosing another number d such that ed mod M is equal to one;
generating and storing a database of values, where each value is the product of d and a unique k of the di numbers for 1≦
i≦
n;
deleting P, Q, and M;
computing Se;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes Se and one of the numbers e1 through en; and
deleting the secret S and e1 through en, e, d1 through dn, and d.
-
-
36. A computer comprising a processor and a computer readable storage medium coupled to the processor having embodied thereon processor readable program code suitable for programming the computer to perform a method performed by a custodian to share a secret S among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
choosing two large primes P and Q, such that PQ is greater than S;
computing and storing a product N=PQ;
computing and storing a product M=(P−
1)(Q−
1);
choosing n random numbers e1 through en that are relatively prime to N;
choosing random numbers e and e′
that are relatively prime to N;
choosing n numbers d1 through dn such that eidi mod M equals one for 1≦
i≦
n;
choosing numbers d and d′
such that ed mod M is equal to one and such that e′
d′
mod M is equal to one;
generating and storing a database of values, where each value is the product of d and a unique k of the di numbers for 1≦
i≦
n;
deleting P, Q, and M;
computing See′
;
distributing n secret owner pieces to each of the n secret owners, wherein each of the secret owner pieces includes See′
and one of the numbers e1 through en; and
deleting the secret S and e1 through en, e, di through dn, and d.
-
-
37. A computer comprising a processor and a computer readable storage medium coupled to the processor having embodied thereon processor readable program code suitable for programming the computer to perform a method performed by a custodian to share a secret among n secret owners such that any k of the n secret owners may reconstruct the secret, the method comprising the steps of:
-
encrypting the secret so as to generate an encrypted secret;
deleting the secret; and
performing a forward k out of n secret sharing algorithm on the encrypted secret so as to generate n secret owner pieces.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeArcot Systems, Inc. (Broadcom, Inc.)
-
InventorsRajasekaran, Sanguthevar
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current380/278
-
CPC Class CodesH04L 9/085 Secret sharing or secret sp...
