# Incidence structures for key sharing

## Abstract

Assuming a set of *v* entities and a set **B** of *b* key-sharing systems, this paper proposes a way of assigning each entity a subset of **B** so that any two entities have at least one common key-sharing system with which they can share an *h*-bit common key. Such an assignment is nothing but a cohesive incidence structure. If an entity is assigned a subset {*S*_{0},..., S_{r−1}} ⊂ **B** then by the system centers for *S*_{0} ..., *S*_{r−1}, respectively, the entity is supplied *r* tamper-resistant modules (TRMs) containing data depending on the entity's identifier and the secret information for the corresponding system. The use of plural TRMs per entity can be sound with respect to the status of micro-electronics. Assume that every key-sharing system in **B** cannot be completely broken unless at least *m* TRMs are successfully attacked to infer *m* pieces of *h × m*-bit data inside them. Then each entity has *r* TRMs which contain *r×h×m*-bit data in total while the minimum number of TRMs to attack for complete breaking is *b×m*. The *gain* defined by (minimum number of TRMs to attack)/(total memory per key-bit per entity), is thus *b/r*. Gain 1 is attained by the (trivial) method using *r=b* TRMs per entity with *b*(≥1) key-sharing systems. A larger gain will save memory per entity to yield the same security level measured by the tamper-resistance required for complete breaking. This paper also provides a method to generate desirable assignments yielding gain *b/r > 2* with large *v* exponential in *r*, by introducing a novel binary operation on incidence structures which preserves cohesiveness and constant-weight properties.

## Keywords

Binary Matrix Combinatorial Design Cryptography Identifier Key Distribution Key Sharing Tactical Configuration Tamper Resistant Module## Preview

Unable to display preview. Download preview PDF.

## References

- [1]T. Matsumoto and H. Imai, “On the Key Predistribution System: A practical solution to the key distribution problem” Advances in Cryptology: Proceedings of CRYPTO'87, Lecture Notes in Computer Science No. 293, pp. 185–193, Springer-Verlag, 1987.Google Scholar
- [2]R. Blom, “An optimal class of symmetric key generation systems,“ Advances in Cryptology: Proceedings of EUROCRYPT'84, Lecture Notes in Computer Science No. 209, pp. 335–338, Springer-Verlag, 1985.Google Scholar
- [3]L. Gong and D. J. Wheeler, “A matrix key-distribution scheme,” Journal of Cryptology, Vol. 2, pp. 51–59, Springer-Verlag, 1990.Google Scholar
- [4]C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly-secure key distribution for dynamic conferences,” Advances in Cryptology: Proceedings of CRYPTO'92, Lecture Notes in Computer Science No. 740, pp. 471–486, Springer-Verlag, 1993.Google Scholar
- [5]W.-A. Jackson, K. M. Martin, and C. M. O'Keefe, “Multisecret threshold schemes,” Advances in Cryptology: Proceedings of CRYPTO'93, Lecture Notes in Computer Science No. 773, pp. 126–135, Springer-Verlag, 1994.Google Scholar
- [6]T. Matsumoto, “A novel IC card for KPS-based cryptography,” IFIP WG10.5 Workshop on Secure Design and Test of Crypto-Chips, Abstract, Gmunden, Austria, 1991.Google Scholar
- [7]T. Beth, D. Jungnickel, and H. Lenz, Design Theory, B.I.-Wissenschaftsverlag, 1985.Google Scholar
- [8]T. Matsumoto, “Efficient algorithms for recursively defined incidence structures,” in preparation.Google Scholar