cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1994-04-09 - MIT Talk on randomness/key management

Header Data

From: “Alan (Miburi-san) Wexelblat” <wex@media.mit.edu>
To: cypherpunks@toad.com
Message Hash: 4e0f9431303fe439162aa755b7111e28bf71100f9be74c80680202edbed0ccc8
Message ID: <9404091820.AA17899@media.mit.edu>
Reply To: N/A
UTC Datetime: 1994-04-09 18:21:07 UTC
Raw Date: Sat, 9 Apr 94 11:21:07 PDT

Raw message

From: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
Date: Sat, 9 Apr 94 11:21:07 PDT
To: cypherpunks@toad.com
Subject: MIT Talk on randomness/key management
Message-ID: <9404091820.AA17899@media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


[I have no more information than is contained in the announcement --AW]

>                      Friday, April 15, 1994
>         Refreshments at 1:45pm, Talk at 2:00pm in NE43-518
>                          
>``Regaining Pseudorandomness by Cooperation with Applications to Key
>                             Management'' 
>                   by Amir Herzberg, IBM Watson
>         
>                             ABSTRACT
>
>Consider a multiparty system where parties may be occasionally
>``infected'' by malicious agents, called {\sf viruses.} The viruses
>are controlled by an adversary. Once a party is infected the entire
>contents of its memory is revealed and possibly modified.  After some
>time the virus is expelled and the party wishes to regain its
>security.  Since the leaving virus knows the entire contents of the
>infected party's memory, a source of ``fresh'' randomness,
>unpredictable by the adversary, seems essential for full recovery
>(e.g., for selecting new keys).  However, such an ``on-line'' source
>of randomness may not be always readily available, or beneficial to use.
>
>We describe a scheme in which the parties, being given access to
>randomness only at the onset of the computation, jointly generate a
>sequence of numbers that are pseudorandom from the point of view of
>the adversary (a different generated number for the use of each party
>at each round).  Thus, these pseudorandom numbers can be used just as
>``fresh'' randomness in the design of protocols (e.g., for regaining
>security).  These properties of our scheme hold as long as in each
>round there is at least {\em one} non-infected party.
>
>We describe an important application of our scheme to
>practical key-management systems, such as Kerberos and \NetSP.
>
>Joint with Ran Canetti, Weizmann Institute
>
>Host:  Nancy Lynch

Thread