The generation of encrypted channels between more than two users is complex, as it is necessary to share information about the key of each user. This problem has been partially solved through the secret sharing mechanism that makes it possible to divide a secret among several participants, so that the secret can be reconstructed by a well-defined part of them. The proposed system represents an extension of this mechanism, since it is designed to be applied systematically: each user has his/her key, through which temporary keys (One Time User Keys) are generated and are used to divide the secret, corresponding to the real encryption key. The system also overcomes the concept of numerical threshold (i.e., at least n participants are required to reconstruct the secret), allowing the definition, for each encryption, of which users can access and which specific groups of users can access. The proposed model can be applied both in distributed user-based contexts and as an extension of cryptographic functions, without impacting the overall security of the system. It addresses some requirements of the European Union Council resolution on encryption and also provides a wide possibility of applications in user-based distributed systems.
One Time User Key: a user-based secret sharing XOR-ed model for multiple user cryptography in distributed systems
Galantucci S.
;Impedovo D.;Pirlo G.
2021-01-01
Abstract
The generation of encrypted channels between more than two users is complex, as it is necessary to share information about the key of each user. This problem has been partially solved through the secret sharing mechanism that makes it possible to divide a secret among several participants, so that the secret can be reconstructed by a well-defined part of them. The proposed system represents an extension of this mechanism, since it is designed to be applied systematically: each user has his/her key, through which temporary keys (One Time User Keys) are generated and are used to divide the secret, corresponding to the real encryption key. The system also overcomes the concept of numerical threshold (i.e., at least n participants are required to reconstruct the secret), allowing the definition, for each encryption, of which users can access and which specific groups of users can access. The proposed model can be applied both in distributed user-based contexts and as an extension of cryptographic functions, without impacting the overall security of the system. It addresses some requirements of the European Union Council resolution on encryption and also provides a wide possibility of applications in user-based distributed systems.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.