Conference key computing. each participant Ui does the following: (a) Fault detection and exclusion: for each j ƒ= i, – Compute z = (u )x−1 mod p and verify whether (r ,s ) is the sig- nature of zj. j,i i j j – Verify NIPVS(g, y1, y2,... , ▇▇, ▇▇,▇, ▇▇,▇,... , ▇▇,▇). If both checkings are correct, add Uj to its honest participant set Ui. (b) Compute the conference key: assume that Ui’s honest participant set Ui )x−1 is {Ui1 , Ui2 ,... , Uim }. Ui computes the conference key K = (u i1,i ui2,i im,i = gki1 +ki2 +···+▇▇▇ mod p. Note that only legal participants can verify whether (ri, si) is the signature of the subkey zi. This property is crucial to the proof of releasing no useful information in the random oracle model.
Appears in 2 contracts
Sources: Conference Key Agreement Protocol, Conference Key Agreement Protocols