Secret sharing in cryptographic devices via controlled release of plaintext information

摘要

A first cryptographic device generates plaintext information characterizing at least one key or other secret value associated with that device. The first cryptographic device releases portions of the plaintext information to a second cryptographic device over respective time intervals. The portions of the plaintext information are configured by the first cryptographic device such that the second cryptographic device must receive at least a designated minimum number of the portions in order to determine the secret value from those received portions. By way of example, the portions of the plaintext information may be wirelessly transmitted by the first cryptographic device, such that the second cryptographic device must be in wireless contact with the first cryptographic device for at least a designated minimum amount of time in order to receive the designated minimum number of portions required to determine the secret value.

主权项

1. A method comprising the steps of:
generating plaintext information characterizing at least one secret value associated with a first cryptographic device; and releasing portions of the plaintext information from the first cryptographic device to a second cryptographic device over respective time intervals; wherein the portions of the plaintext information are configured by the first cryptographic device such that the second cryptographic device must receive at least a designated minimum number of the portions in order to determine the secret value from those received portions; and
wherein the step of generating plaintext information comprises:
obtaining a key comprising at least a portion of the secret value;computing an erasure code over the key to generate a set of symbols; andutilizing the set of symbols as at least part of the plaintext information.