| 摘要 |
<p>The aim of the present invention is to propose a very fast alternative mechanism to the traitor tracing algorithm introduced by Boneh and Franklin to trace private keys in a public-key cryptosystem. This invention concerns a method to trace traceable parts of original private keys in a public-key cryptosystem consisting of one public key and „“ corresponding private keys, a private key being formed by a traceable array of 2 k elements forming a syndrome of a generalized Reed-Solomon code with parameters („“,„“-2k) defined by the base points À = (À 1 ,...,À „“ ) and a scaling vector c = ( c 1 , c 2 ,..., c „“ ), comprising the steps of: obtaining the traceable part d = d 1 ,..., d 2k T of a rogue private key, - applying a Berlekamp-Massey algorithm on the traceable part d = d 1 ,..., d 2k T of the rogue private key, to obtain the k coefficients of an error-locator polynomial, applying the Chien's search algorithm to the error-locator polynomial, to obtain roots of the error-locator polynomial, determining the base points of the traceable part of the original private keys by computing the arithmetic inverse of each root, these base points allowing to uniquely determine the private key.</p> |
