Blom's scheme

The method of Blom is a cryptographic protocol to exchange a symmetric key with the help of a trusted party. The method is much faster than asymmetric encryption. Thus, it also runs on low-power microchips. It is currently used in the HDCP protocol ( the copy protection method of HDTV).

The protocol

The key exchange requires a trusted party ( Trent ) and users ( new users can be added later easily ). The trusted party are doing each of the participants a secret private key and a public identification number. With these data at any protocol participants can exchange a symmetric key with every other participant using simple calculations (only linear algebra).

If or more compromised users should work together, they can crack the method (that is, they can calculate the master key that the above-mentioned trusted party ). Less than users can not do anything ( with optimal choice of parameters ). It involves a thresholding ( engl. threshold scheme ).

Alice and Bob are in the following two users.

Protocol Preparation

The trusted party chooses Trent as the master key using a secret, random and symmetric matrix, must be a prime number. This matrix must be known for adding a new user.

D is for example ():

Adding a new subscriber

A new user Alice wants to join the key exchange group. Trent selects for Alice a public user identifier ( best depending on their behalf ). This here is mathematically a vector with components.

Then calculated Trent 's private key of Alice: The private key can now be used by Alice to compute a common key with any other group participants.

, Then

, Then

Calculate a shared key between Alice and Bob

Now Alice wants to communicate with Bob. Alice knows this, Bob's identification ( namely the vector ) and the private key.

You now calculated: ( means transposed)

Bob can do the same thing (but of course with his private key and Alice's identification vector).

Examples:

Comments

Thus only or more corrupted user can break the system, their user IDs ( ie the vectors ) must be linearly independent in groups, that is, each choice of vectors is linearly independent. This can be achieved that the plane spanned by all users vectors matrix is an MDS code (maximum distance seperable error correction code). The user IDs are the columns of this matrix.

Swell

  • A. Menezes, P. van Oorschot, S. Vanstone: Handbook of applied cryptography, CRC Press, 1996
  • IACR page for publication
  • Cryptologic method
Public-key cryptography High-bandwidth Digital Content Protection Singleton bound#MDS codes
132673
de