Operational optimization of a shared secret Diffie-Hellman key exchange among broadcast or multicast groups
First Claim
1. A method for computing a group shared secret key at a first node of a network for use in a public key process and using less than n*(n−
- 1) messages, where “
n”
is a number of nodes in a broadcast or multicast group of the network, the method comprising the computer-implemented steps of;
generating an intermediate shared secret key by issuing communications to a second node of the network;
sending a first private value associated with the first node to the second node, and receiving from the second node a second private value associated with the second node using the intermediate shared secret key;
generating and communicating a collective public key that is based upon the first private value and the second private value to a third node of the network;
receiving an individual public key from the third node; and
computing and storing the group shared secret key based upon the individual public key.
1 Assignment
0 Petitions
Accused Products
Abstract
An optimized approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange method is mathematically equivalent to the standard broadcast version of the Diffie-Hellman public-key algorithm. However, from an implementation perspective, nodes within a multicast or broadcast group are treated in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair are viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced compared to the standard broadcast Diffie-Hellman method.
-
Citations
30 Claims
-
1. A method for computing a group shared secret key at a first node of a network for use in a public key process and using less than n*(n−
- 1) messages, where “
n”
is a number of nodes in a broadcast or multicast group of the network, the method comprising the computer-implemented steps of;generating an intermediate shared secret key by issuing communications to a second node of the network; sending a first private value associated with the first node to the second node, and receiving from the second node a second private value associated with the second node using the intermediate shared secret key; generating and communicating a collective public key that is based upon the first private value and the second private value to a third node of the network; receiving an individual public key from the third node; and computing and storing the group shared secret key based upon the individual public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- 1) messages, where “
-
12. A method for exchanging cryptographic keys among a plurality of nodes in a multicast or broadcast group, where “
- n”
is a number of nodes in the multicast or broadcast group, the method comprising the computer-implemented steps of;(a) computing and storing a first shared secret key at a first node; (b) transmitting a first message, encrypted using the first shared secret key, to a second node; (c) receiving a second message, encrypted using the first shared secret key, from the second node; (d) computing and storing a first public key based upon the first and second messages; (e) transmitting the first public key to a third node; (f) receiving a second public key from the third node; (g) computing a second shared secret key based upon the second public key, the first message, and the second message; (h) iteratively performing steps of (e) through (g) until the nodes reach a group shared secret key for use in cryptographic communication among the of nodes, and using less than n*(n−
1) total messages;
wherein the first node and second node independently come to a shared secret key value. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- n”
-
20. A computer-readable medium carrying one or more sequences of one or more instructions for computing a group shared secret key at a first node of a network for use in a public key process and using less than n*(n−
- 1) messages, where “
n”
is a number of nodes in a broadcast or multicast group of the network, and which instructions, when executed by one or more processors, cause the one or more processors to perform the steps of;generating an intermediate shared secret key by issuing communications to a second node of the network; sending a first private value associated with the first node to the second node, and receiving from the second node a second private value associated with the second node using the intermediate shared secret key; generating and communicating a collective public key that is based upon the first private value and the second private value to a third node of the network; receiving an individual public key from the third node; and computing and storing the group shared secret key based upon the individual public key. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- 1) messages, where “
Specification