主权项 |
1. A first network device configured to determine a shared cryptographic key of key length (b) bits shared with a second network device from a polynomial and an identity number of the second network device, the polynomial having multiple terms, each term being associated with a different degree and a coefficient, the first network device comprising,
an electronic storage for storing local key material for the first network device, the local key material comprising a representation of the polynomial for use in evaluation of the polynomial by the first network device, a receiver for obtaining the identity number of the second network device, the second network device being different from the first network device, a polynomial manipulation device configured to apply the polynomial to the identity number according to a reduction algorithm, and a key derivation device for deriving the shared key from the reduction result, wherein the reduction algorithm comprises an iteration over the terms of the polynomial of which at least one iteration, associated with a particular term of the polynomial, comprises:
a first multiplication between the identity number and a least significant part of the coefficient of the particular term obtained from the representation of the polynomial, the least significant part of the coefficient being formed by the key length least significant bits of the coefficient of the particular term, anda second multiplication between the identity number and a further part of the coefficient of the particular term obtained from the representation of the polynomial, the further part of the coefficient being formed by bits of the coefficient of the particular term different from the key length least significant bits, the further part and the least significant part together forming strictly fewer bits than in the coefficient of the particular term of the polynomial, wherein the further part is a most significant part of the coefficient of the particular term. |