ICANN的DNS恢复系统使用的密码系统的名称是什么？

Question

我曾经听说过一种密码系统，它的行为方式如下:我有x个秘密密钥，它们可以一起解密用公钥d加密的消息。如果我在一起得到至少n个x密钥，我就可以完全解密用d加密的消息。如果我有少于n的信息，我就得不到关于这些信息的信息。

当我对这个系统进行描述时，有人告诉我，这个系统在现实世界中的一个例子是ICANN在发生灾难性故障时恢复DNS注册表的系统。在他们的例子中，x= 7。

我刚才听说过这件事，但我不记得这个系统到底叫什么。我试着用ICANN网站来研究它，但是我似乎找不到这个系统的实际名称，我可以用它来做一个更深入的研究。有人知道我刚才描述的系统的名称吗？此外，由于我正试图深入研究这一问题，我也希望获得任何资源(研究论文、开源实现、其他真实世界示例等)。可能会被列出来。

谢谢!

Answer 1

我相信你说的是沙米尔的秘密分享。

这是原纸

相关论文

Answer 2

关于根键仪式和程序的操作细节在https://www.iana.org/dnssec

您可能对https://www.iana.org/dnssec/dps/ksk-operator/ksk-dps.txt第4.2.2节感兴趣

   Access to and management of cryptographic hardware is based on the
   principle of successive barriers in three tiers, requiring at least
   seven trusted persons from four different roles.  These barriers are
   as follows:

   Tier 5:
         Physical access to safe room requires one person from the Key
         Ceremony Administrator role in combination with one person from
         the Internal Witness roles.

   Tier 6:
         Physical access to cryptographic hardware (HSM) and activation
         material requires one out of two of the Safe Security
         Controller #1s, and one out of the two Safe Security Controller
         #2s in addition to the Trusted Persons required at Tier 5 and
         7.

   Tier 7:
         Activation of a HSM requires three out of seven Crypto Officers
         to extract activation material from above safe deposit boxes
         using their physical key.  Safe deposit box operation that
         involves opening of any one of the deposit box requires three
         out of seven Crypto Officers to be present.

   Restoration of the contents of a HSM requires at least six trusted
   persons from two different roles, as follows:

   Secret share:
         Reconstruction of the secret key used for encryption of the
         application keys requires five out of seven Recovery Key Share
         Holders.

   Encrypted application keys:
         Physical access to the encrypted application keys requires one
         person from the Ceremony Administrators role, one person from

第5.2.2节：

5.2.2.  Private key (m-of-n) multi-person control

   The RZ KSK Operator has implemented technical and procedural
   mechanisms that require the participation of multiple trusted
   individuals to perform sensitive cryptographic operations.  The RZ
   KSK Operator splits activation data needed to make use of the RZ KSK
   private key onto separate smartcards controlled by trusted
   individuals (Crypto Officers) selected from members of the Internet
   community not already part of root zone management operations.
   Specifically, organizationally separate parties, not affiliated with
   PTI, ICANN or Verisign.

   A threshold number of smartcards (m) out of the total number of
   smartcards created and distributed for a particular hardware security
   module (n) is required to activate a RZ KSK private key stored on the
   module.  The threshold number of cards needed to sign using the RZ
   KSK is three out of seven.  The smartcards are protected in
   accordance with Section 5.4.2.

通常，当您在HSM上创建密钥时，您可以生成不同的高级人员访问它，并决定需要多少人才能解锁私钥。你可以在具有秘密共享的主密钥安全密钥备份标准上找到例子

请注意，这不是关于“在发生灾难性故障时恢复DNS注册表”。DNSSEC在DNS中添加了密码学，即每个区域使用一些密钥对其记录进行签名，一些(其他)密钥存储在父密钥中，等等，直到根目录。IANA (ICANN)处理根过程--按顺序和仪式等，而verisign则管理它的日常操作(从技术上讲，它是A根名称服务器的操作，也就是所有其他根名称服务器的配置)。

因此，问题更多地在于根键是如何被保护的，以及当它丢失时会发生什么。但即使在这些边缘情况下，根密钥仪式也需要多个密码官员在需要时解锁(每年两次)。你会在主流媒体上看到耸人听闻的文章，其中有7个人拥有互联网的钥匙(比如写得很糟糕：https://www.theguardian.com/technology/2014/feb/28/seven-people-keys-worldwide-internet-security-web)，而https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/则会给你们提供更准确的描述和更真实的技术细节。

你可以在https://www.iana.org/dnssec/tcrs看到目前的密码官员名单(双年度密钥轮换仪式所需的)和“回收密钥持有者”。第一个只需要解锁私钥，第二个用来在私钥丢失/损坏/无法恢复/等等时重建它，根据第5.2.4节：

5.2.4.  Private key backup

   Encrypted copies of the RZ KSK private key(s) are backed up onto
   portable media held by the RZ KSK Operator and sent by courier to the
   other facilities.  The key used to encrypt the private key(s) is
   backed up using a five out of seven threshold scheme with smartcards
   distributed to trusted individuals (Recovery Key Share Holders)
   selected from members of the Internet community not already part of
   root zone management operations (specifically, organizationally
   separate parties, not affiliated with PTI, ICANN or Verisign).  The
   Recovery Key Share Holders keep the cards in tamper-evident bags,
   stored in geographically dispersed locations under their control.