### Re: A Note About Trust Anchor Key Distribution

nice paper. note that it claims this paper is being published to establish IPR claims. there is prior art in several vectors. you may wish to consider the following (although now expired) Internet Drafts: draft-ietf-dnsext-trustupdate-threshold-00 and a similar one authored by Mike StJohns. that cover the same basic ideas. at least one of these is being updated and revised. --bill manning - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

### A Note About Trust Anchor Key Distribution

To all: Here is a scheme for a central organization distributing a trust anchor public key with rollover requirement. The suggested acronym for this scheme is TAKREM for Trust Anchor Key REnewal Method. We use the notation #R[i]# for the public root public key #R[i]#, with the private key counterpart #r[i]#. The central organization establishes key pairs #r[0],R[0]#, #r[1],R[1]#, #r[2],R[2]#, ..., #r[n],R[n]#, allocating the pair #r[0],R[0]# as the initial private/public trusted key pair, and reserving each key pairs #r[i],R[i]# for the cryptoperiod starting with the #i#'th root key renewal, for #1=i=n#. A separate MASH (Modular Arithmetic Secure Hash) instance #H[i]# is created for each #R[i]#. MASH is defined in International standard document ISO/IEC 10118-4:1998, Information technology - Security techniques - Hash-functions - Part 4: Hash-functions using modular arithmetic. That is, the central organization selects a large composite modulus number #N[i]# used in the MASH round function and a prime number #P[i]# used in the MASH final reduction function. Then, the central organization selects a random salt field #s[i]#. A hash computation gives a root key digest #D[i]# : #D[i]=H[i](s[i]|R[i]|N[i]|P[i])# . The digest #D[i]# is like an advanced notice of future trust anchor key #R[i]#. The data tuple #r[i],R[i],N[i],P[i],s[i]# is set aside in dead storage. The trust anchor key initial distribution is #R[0], D[1], D[2], ..., D[n]# . Security rationale: with data tuple #r[i],R[i],N[i],P[i],s[i]# totally concealed until the usage period for key pair #r[i],R[i]#, an adversary is left with the digest #D[i]# from which it is deemed impossible to mount a brute force attack. A root key rollover is triggered by the following message: #i,R[i],N[i],P[i],s[i]# . Upon receipt of this messsage, the end-user system becomes in a position to validate the root key digest #D[i]#. More details are provided in http://www.connotech.com/takrem.pdf. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]