This is a generalization of RSA (see Section 19.3) [217,212]. The modulus, *n*, is the product of two primes, *p* and *q*. However, instead of choosing *e* and *d* such that *ed* ≡ 1 mod ((*p* - 1)(*q* - 1)), choose *t* keys, *K _{i}*, such that

Since

this is a multiple-key scheme as described in Section 3.5.

If, for example, there are five keys, a message encrypted with *K*_{3} and *K*_{5} can be decrypted with *K*_{1}, *K*_{2}, and *K*_{4}:

One use for this is multisignatures. Imagine a situation where both Alice and Bob have to sign a document for it to be valid. Use three keys: *K*_{1}, *K*_{2}, and *K*_{3}. The first two are issued one each to Alice and Bob, and the third is made public.

- (1) First Alice signs
*M*and sends it to Bob. - (2) Bob can recover
*M*from*M*′. - (3) He can also add his signature.
- (4) Anyone can verify the signature with
*K*_{3}, the public key. ...

Start Free Trial

No credit card required