seminar of Distributed key generation protocol with hierarchicalthreshold access structure in February 2015 IET Information Security 9(4) by Nasrollah Pakniat, Mahnaz Noroozi, Ziba Eslami

1. Distributed key generation protocol with hierarchical
threshold access structure
February 2015 IET Information Security 9(4)
Nasrollah Pakniat, Mahnaz Noroozi, Ziba Eslami
Department of Computer Sciences, Shahid Beheshti University, Tehran, Iran
Cyberspace Research Center, Shahid Beheshti University, Tehran, Iran
林彥賓
2021/1/30
⋅

2. Proposed VSS protocol with HTAS
Definitions
: the set of participants
: dealer
levels
sequence of threshold requirements
two large primes such that
q should also satisfied
: element of such that its relative discrete logarithm with is unknown to any
entity in the system
U = {P , ..., P }
1 n
D
m + 1 U , ..., U
0 m
t <
0 ... < t (=
m t)
p, q q∣(p − 1)
q > 2 (t −
−t+2
1) n ⋅
(t−1)/2 (t−1)(t−2)/2
(t − 1)!
h G g
2

3. Sharing–verify
The dealer ( )
D
3

4. Each Player
verify
g h =
shj shj
′
C
i=0
∏
t−1
i
g (j)
i
tk−1
where
is the value of -th derivative of at point
is such that
If all player accept
The dealer reveals all the shares and let all participant to check
Pj
g (j)
i
tk−1
(t )
k−1 g (x) =
i xi
x = j
k P ∈
j Uk
4

5. Sharing–verify:
i. input secrete
ii. generate the share to
iii. generates some public information to verify the validity of shares
iv. output a value
Reconstruction:
i. input the shares corresponding to a subset of participants
ii. the validity of each share is verified by other participants
iii. the secret can be computed by applying a reconstruction function on the
provided shares
s
D Pi
D
Pi verification ∈
i {accept, reject}
5

6. HTDKG protocols
6

7. 7

8. 8