Master Keys for Group Sharing

7”he first two requirements state that messages enciphered (deciphered) with any key in the sei S must be decipherable (enci;pherable) with the master .key MK. The third requirement states that the space requirements for MK must ,be substantially less than that of all keys in S; otherwise, MK could be implemented simply as a list of the keys in S. MK, therefore, provides a compact representation of S. Consider a network of N users. Agroup G is any nonempty subset of the N users. Members of G share a secret group ksy KG, which allows them to broadcast and receive messages from other members of G, and to access and update files private to G. Users not in G are not allowed access to KG* In this scheme, we assume that for each user A, the AS stores A’s personal key KA and two secret values, XA and YA. However, unlike the personal key, the secret values are known only to the AS and not to A (the reason for this will be explained later). WC shall show how all group keys can be derived flom the secret values X and Y of the users. Thus, the 2N 1 group keys are generable from a table of only 2N elements. This table represents thi master key. * This research was supported in part by NSF Grant MCS77The method is based on Shamir’s threshold scheme