论文部分内容阅读
A τ-time key agreement system(τ-time KAS) is an unconditionally secure key agreement where an attacker cannot obtain any information about the challenge conference key even if he eavesdrops executions ofτ(maybe repetitive) conferences and corrupts a predefined number of users. Here, an eavesdropped conference may contain a corrupted user, who could be useful in learning personal secret keys of uncorrupted users. In the model of Blundo et al.(Comp J, 1999), an eavesdropped conference is required to be uncorrupted. We show that the former model is strictly stronger than the latter. The size of the protocol transcript is related to the efficiency of KAS. We show that if the protocol transcript of KAS has the same entropy as the conference key,then this scheme is no better than a certain key pre-distribution scheme(KPS). For a secure KAS, it is desired that the protocol transcript does not leak any information about a user’s personal secret key. We show that if this is true, then the underlying KAS is again no better than a certain KPS. For τ > 1, every previous τ-time KAS needs a global counter to maintain the number of conferences executed so far. We show that polynomially synthesizing d-independent KPS gives a d-time KAS without a global counter.
A τ-time key agreement system (τ-time KAS) is an unconditionally secure key agreement where an attacker can not obtain any information about the challenge conference key even if eavesdrops executions of τ (maybe repetitive) conferences and corrupts a predefined number of users. In the model of Blundo et al. (Comp J, 1999), an eavesdropped conference may be necessary to be uncorrupted. We show that the former model is exactly stronger than the latter. The size of the protocol transcript is related to the efficiency of KAS. We show that if the protocol transcript of KAS has the same entropy as the conference key, then this scheme is no better than a certain key pre-distribution scheme (KPS). For a secure KAS, it is desired that the protocol transcript does not leak any information about a user’s personal secret key. We show that if this is true, then the un derlying KAS is again no better than a certain KPS. For τ> 1, every previous τ-time KAS needs a global counter to maintain the number of conferences performed so far. We show that polynomially synthesizing d-independent KPS gives a d-time KAS without a global counter.