Saturday, 23 September 2006

Splitting a Key for Security

You may wish at some point to issue a key, maybe the passkey that unlocks some encrypted information, in such a way that it is only by two individuals coming together and agreeing to exchange their unique information that the key can be determined, and the information unlocked.

The obvious solution is, in the case of a 128 bit key, to split the key in half and give each individual 64 bits. This solution is of course not good as then each half of the key is now only half the strength of the original key and 64 bits is no longer strong enough. You are effectively halving the strength of your encryption.

A useful solution is to envisage a graph, the key is a point on that graph. The information that is given to each of the ‘key holders’ is a coordinate on that graph. Only when in possession of both coordinates can a line be drawn between the two. Continuing that straight line through the Y axis reveals the full key.

Simple and ingenious. Credit to Steve Gibson at for discussing this issue.

Marge: Homer! There’s someone here who can help you…
Homer: Is it Batman?
Marge: No, he’s a scientist.
Homer: Batman’s a scientist!
Marge: It’s not Batman!

No comments: