I have a task:
Let’s say a bank has a cypher key K (just a long random string). That bank wishes to split it into two pieces p1 and p2 so that both are required for decryption. The p1 is then given to one executive, and p2 - to another, so both must contribute their pieces for decryption to proceed.
To accomplish that, the bank generates random k1 and sets k′1←k⊕k1. Note that k1⊕k′1=k. The bank gives k1 to one executive and k′1 to another. Both must be present for decryption to proceed since, by itself, each piece contains no information about the secret key k.
Now, suppose the bank wants to split k into three pieces p1,p2,p3 so that any two of the pieces enable decryption using k. This ensures that even if one executive is out sick, decryption can still succeed, but no employee can decrypt a message alone. To do so, the bank generates two random pairs (k1,k′1) and (k2,k′2) as in the previous paragraph so that k1⊕k′1=k2⊕k′2=k. How should the bank assign pieces so that any two pieces enable decryption using k, but no single piece can decrypt?
What is the answer to the question above?
p1 = (k1, k2), p2 = (k`1, k2), p3 = (k`2); p1 = (k1, k2), p2 = (k`1, k`2), p3 = (k`2); p1 = (k1, k2), p2 = (k1, k2), p3 = (k`2); p1 = (k1, k2), p2 = (k1), p3 = (k`2); p1 = (k1, k2), p2 = (k2, k`2), p3 = (k`2);
Explain me please, how does it work.
The first is the answer:
p1 = (k1, k2), p2 = (k`1, k2), p3 = (k`2);
because each possible pair can generate k:
Of course each of the parties cannot reconstruct the key by themselves.
The other possibilities are clearly wrong. Let's take the second possible answer and see if p2 & p3 can form a valid key. They cannot, because each have the same k'2 component, so that's not enough. Then p2 has a k'1, but p3 doesn't have a k1.