Combining the Pre-Distribution Key Protocol with the Threshold Scheme

In the article, the protocol for key pre-distribution using a threshold scheme is proposed. The Blom pre-distribution scheme is used as the basis. Shamir secret sharing scheme is used for threshold scheme. A polynomial of three variables is used to form key materials. Messaging between users is required to generate a key. The threshold scheme (3,4) is used to calculate the encryption key.


Introduction
The generation, distribution and storage of encryption keys are vulnerabilities for a secure computer network. If each user pair uses its own encryption key, then the key materials volume is large. This large data volume is stored and transmitted over secure communication channels. Providing these processes is a problem in networks with low performance devices. For example, a sensor network consists of such devices [1][2][3][4][5][6]. Pre-distribution schemes are the solution to this problem. Key materials are provided to each network user in these schemes. The server generates key materials and sends them to users through secure channels. Users keep key materials secret. Each user calculates the encryption key when establishing a connection with another user. Proprietary key materials and open information are used to compute the encryption key.
The key pre-distribution KDP-scheme [7] and the Blom's scheme [8] are the most commonly used. The mathematical principles in these schemes are different. The KDP scheme uses set theory. The Blom's scheme for keys pre-distribution uses polynomials over finite fields. These two schemes are actively used for the security of computer networks. Blom's scheme is actively used in the security of wireless networks [9][10][11]. KDP scheme is used in large networks consisting of many subnets [12][13][14]. These pre-distribution key schemes allow modification to meet additional requirements. Requirements may consider security policy [15][16][17][18] or simplex communication channels [19,20].
The lack of control over the generation the encryption key is a drawback of these schemes. If some key materials have leaked in the system, then the thief can calculate all the keys of this user. Interaction with other users is not required. System security is improved if the protocol requires users to interact in key development.

Basic scheme
We enter a basic protocol for a system with two users A and B. We use the Shamir scheme for dividing the secret [21] based on the polynomial F(x). All calculations are performed in the ring Zp, p is a prime number. The degree of the polynomial is two. We use a threshold scheme (3,4). Various numbers x1A, x2A, x1B, x2BÎZp are chosen randomly. The Key Distribution Server S generates key materials for each user based on the F(x). Server S sends key materials to users via a secure channel.
The shared key is generated as a result of messaging. User A initiates the common key generation. User A sends user B its own name and one of the secret parts sent by the server.
User B, having received this message, solves the system of equations with respect to unknown quantities a0, a1, a2.
User B calculates the encryption key based on the values a0, a1, a2. The encryption key is calculated using a function from three variables h(x,y,z) known to both sides.

kBA=h(a0, a1, a2)
Then, user B sends one of the secret parts received from the server to user A.
User A, having received the message, compiles and solves a system of equations from three unknowns a0, a1, a2.
Then, user A calculates the encryption key.

kBA=h(a0, a1, a2)
Both users A and B find the same coefficient values a0, a1, a2. Users receive the same encryption keys.
kAB=kBA Protocol persistence is based on a threshold scheme (3,4). Both users, as a result of receiving key materials from the server, own two parts of the secret. Users receive a third part of the secret when messaging. Three parts of the secret allow you to restore the full secret. An attacker can only intercept messages between users. Therefore, an attacker can receive only two parts of the secret. This information is not sufficient to calculate the encryption key.

Generalized scheme
We summarize the scheme for an arbitrary number of users. We map the number aiÎZp to each user ui, p -prime number. The polynomial F(x,y,z) from the three variables is stored in secret on the server. We do all the calculations in Zp.

F(x,y,z)=F(x,z,y)
We conclude that the polynomials f2(y,z), f1(y,z), f0(y,z) are symmetric with respect to the variables y and z.
The server generates key materials for each user ui (i=1,…,n). Two numbers x1i and x2i (i=1,…,n) are selected arbitrarily for each user. All numbers for all users must be different. Each number must occur only once in the set {x11, x21, x12, x22, …, x1n, x2n}.
The server generates two secret components for each user. These components are functions from one variable z.
1. The user ui initiates the common key generation for symmetric encryption. 2. The user ui extracts aj from the open base and calculates two numbers.

q1i=r1i(aj) q2i=r2i(aj)
3. The user ui forwards a message containing his name, number x1i and number q1i to the user uj. 4. The user uj, having received the message, extracts the number ai from the common base and calculates two numbers.

q1j=r1j(ai) q2j=r2j(ai)
5. The user uj forwards to the user ui a message containing its name, number x1j and number q1j.
Unknown is a vector b=(b0, b1, b2). The user uj calculates the pair key based on the equation solution.
kji=h (b0, b1, b2) The function of the three variables h=h(x,y,z) is an open part of the schema and is known to all participants.
7. The user ui receives a message from the user uj and solves the system of equations.
Unknown is a vector b= (b0, b1, b2). The user ui calculates the pair key based on the equation solution.

kji=h(b0, b1, b2)
Both users receive the same key. We consider an example of using this scheme for three users.
We set the polynomial to form key materials. All calculations are performed in the Z11.
We calculate the key materials for user u1.

Conclusion
Combining the pre-distribution key scheme and the secret sharing scheme is proposed in this article. The Blom's key distribution scheme is used as a basis. Shamir's secret sharing scheme is added to the key distribution scheme. This new scheme is resistant to key compromising. Combining these two schemes allows the user to control the key generation process. The encryption key cannot be calculated without user input.