Author: Ondřej Vejpustek 2018-01-18 13:50:41
Published on: 2018-01-18T13:50:41+00:00
The discussion begins with a thank you note for comments from Gregory and Russell. The writer mentions being a professional mathematician and cryptographer, clarifying that perfect secrecy is not needed for their explanation. They explain that RSA and SHA are based on completely distinct parts of mathematics and while complicated doesn't mean secure, adding redundancy by a hash function is more secure than adding redundancy by linear relations. They address Gregory's previous comments regarding the difference between RSA and SSS. They mention that their proposal divides the secret into bytes and uses SSS for every byte separately which is weaker because to reconstruct the n-th byte it suffices to have n-th bytes from k shares. They also point out that while SSS is information-theoretic secure if you know k-1 or less shares where k is the threshold, the proof doesn't hold if you know for example a small part of every share. Furthermore, they state that in their use case all premises of security proof theorems (including SSS's perfect secrecy) cannot be assumed to hold true. They believe that sticking to general "intuitive" principles makes a cryptographic scheme more robust, but the advantages and disadvantages must be considered. The writer concludes by mentioning that they were defending the hash in the inner check value, while the discussion of using a proper code was primarily related to the outer check value which protects the shares themselves and is sitting unprotected in plaintext.
Updated on: 2023-06-12T23:36:36.160006+00:00