2004-11-22 08:36:04 UTC
I am calculating keys derived from the same initial secret S for a
group of N users. I want the N users to be able to generate in
sequential time intervals Ti the same key Ki without even having to
communicate. For this purpose, I calculate sequentially Ki = h(S+i),
being Ki each different key to be calculated, S the initial secret, i
an integer and h () a hash function. For instance:
K0 = h(S),
K1 = h(S+1),
K2 = h(S+2),
Kn = h(S+n).
Knowing this the pattern of Ki's:
- Is the scheme forward secure, assuming the attacker cannot ever
compromise S? i.e. assuming the attacker compromises a set of Ki's,
can he then infer any Kj with j>i (or even S) by knowing the pattern?
Thanks for your answers in advance!