Method of changing key fragments in a multi-step digital signature system
First Claim
Patent Images
1. A method for changing the key fragments held by key fragment members in a k-of-n multi-step digital signature system, comprising:
- (a) selecting a subgroup of k of the n key fragment members;
(b) each of the subgroup of key fragment members;
(i) selecting a polynomial of degree k′
−
1, where k′
is not equal to k and is the number of key fragment members needed to generate a digital signature after the change of the key fragments;
(ii) computing n′
values using the selected polynomial, where n′
is the number of key fragment members after the change of the key fragments;
(iii) distributing one of the computed values to each of the n′
key fragment members;
(iv) receiving a computed value from each other member of the subgroup; and
(v) combining the received computed values with one of the generated computed values to form a new key fragment; and
(c) for each of the key fragment members not part of the subgroup deriving a new key fragment from the received computed values.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-step digital signature system and method is provided having a distributed root certifying authority 20. Messages received at the root certifying authority 20 are distributed to root certifying authority members 22-30 who attach partial signatures to the message using root key fragments. In the system and method provided, the system adapts to system events such as the addition or removal of key fragment holders, the need to modify key fragments, etc., by changing key fragments.
141 Citations
12 Claims
-
1. A method for changing the key fragments held by key fragment members in a k-of-n multi-step digital signature system, comprising:
-
(a) selecting a subgroup of k of the n key fragment members;
(b) each of the subgroup of key fragment members;
(i) selecting a polynomial of degree k′
−
1, where k′
is not equal to k and is the number of key fragment members needed to generate a digital signature after the change of the key fragments;
(ii) computing n′
values using the selected polynomial, where n′
is the number of key fragment members after the change of the key fragments;
(iii) distributing one of the computed values to each of the n′
key fragment members;
(iv) receiving a computed value from each other member of the subgroup; and
(v) combining the received computed values with one of the generated computed values to form a new key fragment; and
(c) for each of the key fragment members not part of the subgroup deriving a new key fragment from the received computed values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for changing a threshold in a threshold cryptosystem comprising:
-
(a) establishing a threshold cryptosystem having parameters n and k by sharing a secret value among a total number, n, of shareholders in the form of initial shares such that a threshold number, k, of shareholders can perform a cryptographic protocol using initial shares of the secret value without reconstructing the secret value;
(b) establishing a modified threshold cryptosystem having a modified threshold number k, said establishing of a modified threshold cryptosystem accomplished at least in part by selecting a number k of shareholders, and for each of the selected shareholders;
(i) computing n′
new values derived from its key fragment, where n′
is a number of shareholders to hold shares of the secret value in the modified threshold cryptosystem; and
(ii) distributing a computed new value to each of the n′
shareholders;
(c) having each of the n′
shareholders derive a new share of the secret value from the received computed new values such that k′
is the number of shareholders needed to perform the cryptographic protocol, and k′
is changed relative to k; and
(d) having shareholders destroy initial shares of the secret value after deriving new shares of the secret value.
-
-
10. A method for changing a threshold in a threshold cryptosystem comprising:
-
(a) establishing a threshold cryptosystem having parameters n and k by sharing a secret value among a total number, n, of shareholders in the form of initial shares such that a threshold number, k, of shareholders can perform a cryptographic protocol using initial shares of the secret value without reconstructing the secret value;
(b) establishing a modified threshold cryptosystem having a modified threshold number k, said establishing of a modified threshold cryptosystem accomplished at least in part by selecting a number k of shareholders, and for each of the selected shareholders;
(i) computing n′
new values derived from its key fragment, where n′
is a number of shareholders to hold shares of the secret value in the modified threshold cryptosystem; and
(ii) distributing a computed new value to each of the n′
shareholders;
(c) having each of the n′
shareholders derive a new share of the secret value from the received computed new values such that k′
is the number of shareholders needed to perform the cryptographic protocol, and k′
is changed relative to k; and
said distributing a computed new value includes a step of encrypting the computed new value.
-
-
11. A method for changing a threshold in a threshold cryptosystem comprising:
-
(a) establishing a threshold cryptosystem having parameters n and k by sharing a secret value among a total number, n, of shareholders in the form of initial shares such that a threshold number, k, of shareholders can perform a cryptographic protocol using initial shares of the secret value without reconstructing the secret value;
(b) establishing a modified threshold cryptosystem having a modified threshold number k, said establishing of a modified threshold cryptosystem accomplished at least in part by selecting a number k of shareholders, and for each of the selected shareholders;
(i) computing n′
new values derived from its key fragment, where n′
is a number of shareholders to hold shares of the secret value in the modified threshold cryptosystem; and
(ii) distributing a computed new value to each of the n′
shareholders;
(c) having each of the n′
shareholders derive a new share of the secret value from the received computed new values such that k′
is the number of shareholders needed to perform the cryptographic protocol, and k′
is changed relative to k; and
said distributing a computed new value includes a step of signing the computed new value.
-
-
12. A method for changing a threshold in a threshold cryptosystem comprising:
-
(a) establishing a threshold cryptosystem having parameters n and k by sharing a secret value among a total number, n, of shareholders in the form of initial shares such that a threshold number, k, of shareholders can perform a cryptographic protocol using initial shares of the secret value without reconstructing the secret value;
(b) establishing a modified threshold cryptosystem having a modified threshold number k, said establishing of a modified threshold cryptosystem accomplished at least in part by selecting a number k of shareholders, and for each of the selected shareholders;
(i) computing n′
new values derived from its key fragment, where n′
is a number of shareholders to hold shares of the secret value in the modified threshold cryptosystem; and
(ii) distributing a computed new value to each of the n′
shareholders;
(c) having each of the n′
shareholders derive a new share of the secret value from the received computed new values such that k′
is the number of shareholders needed to perform the cryptographic protocol, and k′
is changed relative to k; and
said distributing a computed new value includes encrypting and signing the computed new value.
-
Specification