[I have no more information than is contained in the announcement --AW]
Friday, April 15, 1994 Refreshments at 1:45pm, Talk at 2:00pm in NE43-518
``Regaining Pseudorandomness by Cooperation with Applications to Key Management'' by Amir Herzberg, IBM Watson
ABSTRACT
Consider a multiparty system where parties may be occasionally ``infected'' by malicious agents, called {\sf viruses.} The viruses are controlled by an adversary. Once a party is infected the entire contents of its memory is revealed and possibly modified. After some time the virus is expelled and the party wishes to regain its security. Since the leaving virus knows the entire contents of the infected party's memory, a source of ``fresh'' randomness, unpredictable by the adversary, seems essential for full recovery (e.g., for selecting new keys). However, such an ``on-line'' source of randomness may not be always readily available, or beneficial to use.
We describe a scheme in which the parties, being given access to randomness only at the onset of the computation, jointly generate a sequence of numbers that are pseudorandom from the point of view of the adversary (a different generated number for the use of each party at each round). Thus, these pseudorandom numbers can be used just as ``fresh'' randomness in the design of protocols (e.g., for regaining security). These properties of our scheme hold as long as in each round there is at least {\em one} non-infected party.
We describe an important application of our scheme to practical key-management systems, such as Kerberos and \NetSP.
Joint with Ran Canetti, Weizmann Institute
Host: Nancy Lynch