Method for authenticated communication in dynamic federated environments

摘要

According to one embodiment of the present invention, a method for protecting authenticated communication in dynamic federated environments is provided. The method includes distributing shares of a private signature key to a group of users. When switching from an existing to a new group of users, the method includes producing a plurality of sub-shares from each of the distributed shares of existing users, with each sub-share being accompanied by a corresponding validity proof. The sub-shares from multiple existing users are combined to generate a set of shares for new users, with each new share being derived from sub-shares from multiple existing users.

主权项

1. A method comprising:
distributing shares of a private signature key to a group of users with a first processor; producing a plurality of sub-shares from each of said distributed shares with a processor associated with at least one user of the group of users, with each sub-share being accompanied by a corresponding validity proof; distributing the plurality of sub-shares among a set of new users, wherein each of the group of users receives sub-shares from a multiple users; verifying whether each sub-share in that is received by the each user of the set of new users is valid; and combining said valid sub-shares from multiple existing users at each one of the set of new users to generate a set of new shares, each said new share being derived from valid sub-shares from multiple users, wherein, based on said verifying determining that a received sub-share is invalid, said invalid sub-share is not used in said generating.