Generating a secure signature utilizing a plurality of key shares
First Claim
1. A method for a device of a distributed storage network (DSN) to generate a secure signature on an item without a locally stored private key of the device, the method comprises:
- selecting a first key representation index of a set of key representation indexes,wherein the first key representation index includes information regarding a first key representation of a set of key representations,wherein a first mathematical encoding of the private key generates a first plurality of key shares as the first key representation, which is stored in a first set of dispersed storage (DS) units of the DSN, and a second mathematical encoding of the private key generates a second plurality of key shares as a second key representation of the set of key representations, which is stored in a second set of dispersed storage (DS) units of the DSN;
determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of the first set of DS units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions; and
when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions, wherein;
the first mathematical encoding includes;
randomly generating one or more first values; and
generating a second value based on key share generating mathematical function of (x+y+z) mod Φ
(n)=d, where d is the private key, x and y correspond to the one or more first values, z corresponds to the second value, and Φ
(n) is an Euler'"'"'s totient function; and
sending the one or more first values and the second value to the first set of DS units;
the second mathematical encoding includes;
generating one or more third values;
generating a fourth value based on the one or more third values, the private key, and the key share generating mathematical function; and
sending the one or more third values and the fourth value to the second set of DS units; and
after generating the set of key representations, destroying the private key.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.
111 Citations
14 Claims
-
1. A method for a device of a distributed storage network (DSN) to generate a secure signature on an item without a locally stored private key of the device, the method comprises:
-
selecting a first key representation index of a set of key representation indexes, wherein the first key representation index includes information regarding a first key representation of a set of key representations, wherein a first mathematical encoding of the private key generates a first plurality of key shares as the first key representation, which is stored in a first set of dispersed storage (DS) units of the DSN, and a second mathematical encoding of the private key generates a second plurality of key shares as a second key representation of the set of key representations, which is stored in a second set of dispersed storage (DS) units of the DSN; determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of the first set of DS units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions; and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions, wherein; the first mathematical encoding includes; randomly generating one or more first values; and generating a second value based on key share generating mathematical function of (x+y+z) mod Φ
(n)=d, where d is the private key, x and y correspond to the one or more first values, z corresponds to the second value, and Φ
(n) is an Euler'"'"'s totient function; andsending the one or more first values and the second value to the first set of DS units; the second mathematical encoding includes; generating one or more third values; generating a fourth value based on the one or more third values, the private key, and the key share generating mathematical function; and sending the one or more third values and the fourth value to the second set of DS units; and after generating the set of key representations, destroying the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A module to enable a device of a distributed storage network (DSN) to generate a secure signature on an item without a locally stored private key of the device, the module comprises:
-
a first module operable to select a first key representation index of a set of key representation indexes, wherein the first key representation index includes information regarding a first key representation of a set of key representations, wherein a first mathematical encoding of the private key generates a first plurality of key shares as the first key representation, which is stored in a first set of dispersed storage (DS) units of the DSN, and a second mathematical encoding of the private key generates a second plurality of key shares as a second key representation of the set of key representations, which is stored in a second set of dispersed storage (DS) units of the DSN; a second module operable to determine whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of the first set of DS units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions; and when the first plurality of signature contributions have been received, a third module operable to generate the secure signature on the item from the first plurality of signature contributions, wherein; the first mathematical encoding includes; randomly generating one or more first values; and generating a second value based on key share generating mathematical function of (x+y+z) mod Φ
(n)=d, where d is the private key, x and y correspond to the one or more first values, z corresponds to the second value, and Φ
(n) is an Euler'"'"'s totient function; andsending the one or more first values and the second value to the first set of DS units; the second mathematical encoding includes; generating one or more third values; generating a fourth value based on the one or more third values, the private key, and the key share generating mathematical function; and sending the one or more third values and the fourth value to the second set of DS units; and after generating the set of key representations, destroying the private key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification