COMPUTER IMPLEMENTED METHOD AND SYSTEM FOR TRANSFERRING CONTROL OF A DIGITAL ASSET

Abstract

A computer-implemented method of transferring control of a digital asset on a blockchain network. The method described in one of the embodiments provides an advantage of enabling easy increase of the number of participants in the signature scheme. The method comprises the steps of distributing a version of cryptographic key, encrypted by means of cryptography system, to a plurality of second participants, wherein a homomorphic property enables derivation of a second public key from a first public key and said version of said cryptographic key. The shares communicated to each a first and/or second participant may be inaccessible to each other said first and/or second participants.

Claims

1-19. (canceled)

20. A computer-implemented method of transferring control of a digital asset, the method comprising: distributing first shares of a first secret value among a plurality of first participants, wherein said first secret value is a first private key of a first private-public key pair of a cryptography system having a homomorphic property, said first secret value is accessible by way of a first threshold number of said first shares of said first secret value, and is inaccessible in the absence of said first threshold number of said first shares of said first secret value, and access to said digital asset is provided by a digital signature of a first encrypted message with said first private key; distributing second shares of a second secret value among a plurality of second participants, wherein said second secret value is a second private key of a second private-public key pair of said cryptography system, said second secret value is accessible by way of a second threshold number of said second shares of said second secret value, and is inaccessible in the absence of said second threshold number of said second shares of said second secret value; providing a second encrypted message, wherein access to said digital asset is provided by the digital signature of said second encrypted message with a third private key of a second private-public key pair of said cryptography system and wherein said third private key is a combination of the first private key and the second private key; and generating third shares of a third secret value, wherein said third secret value is said second encrypted message signed with said third private key, and wherein said second encrypted message can be signed with said third private key by way of a third threshold number of said third shares of said third secret value, and cannot be signed in the absence of said third threshold number of said third shares of said third secret value.

21. The computer-implemented method according to claim 20, wherein at least one of said first participants is also a second participant.

22. The computer-implemented method according to claim 20, wherein the second private key is a deterministic key.

23. The computer-implemented method according to claim 20, wherein at least one of the steps of communicating shares to each said first and/or second participant of the pluralities of first and second participants comprises providing a respective encrypted communication channel with said first and/or second participant.

24. The computer-implemented method according to claim 20, wherein the third shares are generated using shares of an ephemeral key and masking shares.

25. The computer-implemented method according to claim 20, wherein at least one of said third shares is generated by a pair of participants, comprising one of said first participants and one of said second participants.

26. The computer-implemented method according to claim 20, wherein the cryptography system is an elliptic curve cryptography system, a public key of each of said first and second private-public key pairs is related to a corresponding private key by multiplication of an elliptic curve generator point by said corresponding private key, and said third private key is obtained by addition of said second private key to said first private key.

27. A computer-implemented system comprising: a processor; and memory including executable instructions that, as a result of execution by the processor, cause the computer implemented system to transfer control of a digital asset by at least: distributing first shares of a first secret value among a plurality of first participants, wherein said first secret value is a first private key of a first private-public key pair of a cryptography system having a homomorphic property, said first secret value is accessible by way of a first threshold number of said first shares of said first secret value, and is inaccessible in the absence of said first threshold number of said first shares of said first secret value, and access to said digital asset is provided by digital signature of a first encrypted message with said first private key; distributing second shares of a second secret value among a plurality of second participants, wherein said second secret value is a second private key of a second private-public key pair of said cryptography system, said second secret value is accessible by way of a second threshold number of said second shares of said second secret value, and is inaccessible in the absence of said second threshold number of said second shares of said second secret value; providing a second encrypted message, wherein access to said digital asset is provided by a digital signature of said second encrypted message with a third private key of a second private public-key pair of said cryptography system and wherein said third private key is a combination of the first private key and the second private key; and generating third shares of a third secret value, wherein said third secret value is said second encrypted message signed with said third private key, and wherein said second encrypted message can be signed with said third private key by way of a third threshold number of said third shares of said third secret value, and cannot be signed in the absence of said third threshold number of said third shares of said third secret value.

28. The computer-implemented system according to claim 27, wherein at least one of said first participants is also a second participant.

29. The computer-implemented system according to claim 27, wherein the second private key is a deterministic key.

30. The computer-implemented system according to claim 27, wherein at least one of the steps of communicating shares to each said first and/or second participant of the pluralities of first and second participants comprises providing a respective encrypted communication channel with said first and/or second participant.

31. The computer-implemented system according to claim 27, wherein the third shares are generated using shares of an ephemeral key and masking shares.

32. The computer-implemented system according to claim 27, wherein at least one of said third shares is generated by a pair of participants, comprising one of said first participants and one of said second participants.

33. The computer-implemented system according to claim 27, wherein the cryptography system is an elliptic curve cryptography system, a public key of each of said first and second private-public key pairs is related to a corresponding private key by multiplication of an elliptic curve generator point by said corresponding private key, and said third private key is obtained by addition of said second private key to said first private key.

34. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by a processor of a computer system, cause the computer system to transfer control of a digital asset by at least: distributing first shares of a first secret value among a plurality of first participants, wherein said first secret value is a first private key of a first private-public key pair of a cryptography system having a homomorphic property, said first secret value is accessible by way of a first threshold number of said first shares of said first secret value, and is inaccessible in the absence of said first threshold number of said first shares of said first secret value, and access to said digital asset is provided by digital signature of a first encrypted message with said first private key; distributing second shares of a second secret value among a plurality of second participants, wherein said second secret value is a second private key of a second private public key pair of said cryptography system, said second secret value is accessible by way of a second threshold number of said second shares of said second secret value, and is inaccessible in the absence of said second threshold number of said second shares of said second secret value; providing a second encrypted message, wherein access to said digital asset is provided by a digital signature of said second encrypted message with a third private key of a second private-public key pair of said cryptography system and wherein said third private key is a combination of the first private key and the second private key; and generating third shares of a third secret value, wherein said third secret value is said second encrypted message signed with said third private key, and wherein said second encrypted message can be signed with said third private key by way of a third threshold number of said third shares of said third secret value, and cannot be signed in the absence of said third threshold number of said third shares of said third secret value.

35. The non-transitory computer-readable storage medium according to claim 34, wherein at least one of said first participants is also a second participant.

36. The non-transitory computer-readable storage medium according to claim 34, wherein the second private key is a deterministic key.

37. The non-transitory computer-readable storage medium according to claim 34, wherein at least one of the steps of communicating shares to each said first and/or second participant of the pluralities of first and second participants comprises providing a respective encrypted communication channel with said first and/or second participant.

38. The non-transitory computer-readable storage medium according to claim 34, wherein the third shares are generated using shares of an ephemeral key and masking shares.

39. The non-transitory computer-readable storage medium according to claim 34, wherein at least one of said third shares is generated by a pair of participants, comprising one of said first participants and one of said second participants.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0046] These and other aspects of the present invention will be apparent from and elucidated with reference to, the embodiment described herein. An embodiment of the present invention will now be described, by way of example only, and with reference to the accompany drawings, in which:

[0047] FIG. 1 is a schematic diagram of a system embodying the present invention for transferring control of a digital asset in the form of a cryptocurrency; and

[0048] FIG. 2 is a schematic diagram illustrates a computing environment in which various embodiments can be implemented.

DETAILED DESCRIPTION

[0049] Prior Work

[0050] Shamir Secret Sharing Scheme (SSSS)

[0051] Shamir (1979) first introduced a dealer based secret sharing scheme that allowed for a distributed management of keys. The problems associated with this scheme come from the necessity of trusting a dealer who cannot be verified. This form of the scheme is fully compatible with the system disclosed in the present application and can be used for group distribution of individual key slices that are created through the process noted herein.

[0052] Joint Random Secret Sharing (JRSS) (Pedersen, 1992)

[0053] The stated aim of this procedure is to create a method where a group of participants may collectively share a secret without any participant having knowledge of the secret. Each participant selects a random value as their local secret and distributes a value derived from this using SSSS with the group. Each participant then adds all the shares received from the participants, including its own. This sum is the joint random secret share. The randomness offered by a single honest participant is sufficient to maintain the confidentiality of the combined secret value. This state remains true even if all (n1) other participants intentionally select non-random secret values).

[0054] Joint Zero Secret Sharing (JZSS) (Ben-or, 1988)

[0055] JZSS is like JRSS, with the difference that each participant shares 0 as an alternative to the random value. The shares produced using this technique aid in removing any potential weak points in the JRSS algorithm.

[0056] Desmedt [1987] introduced the concept of group orientated cryptography. This process allowed a participant to send a message to a group of people in a manner that only allowed a selected subset of the participants to decrypt the message. In the system, the members were said to be known if the sender must know them using a public key and the group is anonymous if there is a single public key for the group that is held independently of the members. The system disclosed in the present application integrates both methodologies and allows for known and anonymous senders and signers to exist within a group simultaneously.

[0057] Method and Implementation

[0058] Initially, secure communication channels are established between participants in a manner described in detail in International Patent Application WO 2017/145016, so that data can be exchanged between participants without being made available to other participants.

[0059] When secure communication channels have been established between the participants, shares d.sub.A(i) of a first private key d.sub.A are distributed between a group of first participants by means of a method as described below.

[0060] Algorithm 1 Key Generation [0061] Domain Parameters (CURVE, Cardinality n, Generator G) [0062] Input: N/A [0063] Output: Key Shares d.sub.A1, d.sub.A2 . . . d.sub.AN

[0064] The method for algorithm 1 follows: [0065] 1) Each participant p.sub.(i) of (N) where 1iN exchanges an ECC public key (or in this implementation, a Bitcoin address) with all other participants. This address is the Group identity address and does not need to be used for any other purpose.

[0066] It should be noted that this is a derived address, for example as disclosed in International patent application WO2017/145016, and key based on a shared value between each of the participants from the process disclosed therein. [0067] 2) Each participant p.sub.(i) selects a polynomial .sub.i(x) of degree (k1) with random coefficients in a manner that is secret from all other parties.

[0068] This function is subject to the participant's secret a.sub.0.sup.(i) that is selected as the polynomial free term. This value is not shared. This value is calculated using a derived private key. .sub.i(h) is defined to be the result of the function, .sub.(x) that was selected by participant p.sub.(i) for the value at point (x=h), and the base equation for participant p.sub.(i) is defined as the function:

.sub.(x)=.sub.p=0.sup.(k-1)a.sub.px.sup.p mod n

[0069] In this equation, a.sub.0 is the secret for each participant p.sub.(i) and is not shared. Hence, each participant p.sub.(i) has a secretly kept function .sub.i(x) that is expressed as the degree (k1) polynomial with a free term a.sub.0.sup.(i) being defined as that participant's secret such that:

.sub.i=.sub.=0.sup.(k-1)a.sub.x.sup. mod n [0070] 3) Each participant p.sub.(i) encrypts .sub.i(h) to participant P.sub.(h)h={1, . . . , (i1), (i+1), . . . , N} using P.sub.(h) 's public key as noted above and exchanges the value for P.sub.(h) to decrypt.

[0071] Given that Z.sub.n is a field and it is possible to validly do Lagrange interpolation modulo n over the values selected as ECC private keys, a condition exists which leads to the conclusion that Shamir's Secret Sharing Scheme SSSS [5] can be implemented over Z.sub.n. [0072] 4) Each participant P.sub.(i) broadcasts the values below to all participants.

a.sub..sup.(i)G={0, . . . ,(k1)}a)

.sub.i(h)Gh={1, . . . ,N}b)

[0073] The value associated with the variable h in the equation above can either be the position of the participant P.sub.(h) such that if participant P.sub.(h) represents the third participant in a scheme, then h=3 or equally may represent the value of the ECC public key used by the participant as an integer. Use cases and scenarios exist for either implementation. In the latter implementation, the value h={1, . . . , N} would be replaced by an array of values mapped to the individual participant's utilised public key. [0074] 5) Each participant P.sub.(hi) verifies the consistency of the received shares with those received from each other participant. That is:

.sub.=0.sup.(k-1)h.sup.a.sub..sup.(i)G=.sub.i(h)G

[0075] And that .sub.i(h)G is consistent with the participant's share. [0076] 6) Each participant P.sub.(hi) validates that the share owned by that participant (P.sub.(hi)) and which was received is consistent with the other received shares:

a.sub.0.sup.(i)G=.sub.hB.sub.j.sub.i(h)GP.sub.(hi)

[0077] In effect, this means that the participant carries out a process which would recover the shared secret from the received shares, but instead recovers the shared secret multiplied by the generator point G, from the shares multiplied by G. If this is not consistent, the participant rejects the protocol and starts again. [0078] 7) Participant p.sub.(i) now either calculates their share d.sub.A(i) as:

TABLE-US-00001 SHARE( p.sub.(i) ) = d.sub.A(i) = .sub.h=1.sup.j f.sub.h (i)modn Where:SHARE( p.sub.(i) )Z.sub.n and Where:Q.sub.A = Exp Interpolate(f.sub.1,...,f.sub.N) [= G d.sub.A]

[0079] Where the operation Exp-Interpolate(.sub.1, . . . , .sub.N) means carrying out an operation to recover the shared secret value Gd.sub.A, from the shares .sub.1G, . . . .sub.NG, in the manner usually used to recover a shared secret d.sub.A, from the shares .sub.i, . . . .sub.N, for example by means of interpolation using Lagrange coefficients in the case of a Shamir secret sharing scheme.

[0080] Return (d.sub.A(i),Q.sub.A)

[0081] Participant p.sub.(i) now uses the share in calculating signatures. This role can be conducted by any participant or by a party p.sub.(c) that acts as a coordinator in the process of collecting a signature. The participant p.sub.(c) can vary and does not need to be the same party on each attempt to collect enough shares to sign a transaction.

[0082] Hence private key shares d.sub.A(i)Z.sub.n* have been created without knowledge of the other participant's shares.

[0083] Algorithm 2 Updating the Private Key [0084] Input: Participant P.sub.i's share of private key d.sub.A denoted as d.sub.A(i). [0085] Output: Participant P.sub.i's new private key share d.sub.A(i).

[0086] Algorithm 2 can be used to both update the private key as well as to add randomness into the protocol. [0087] 1) Each participant selects a random polynomial of degree (k1) subject to zero as its free term. This is analogous to Algorithm 1 but that the participants must validate that the selected secret of all other participants is zero.

[0088] It should be noted that: G=nG=0 where 0 is a point at infinity on the elliptic curve.

[0089] Using this equality, all active participants validate the function:

a.sub.0.sup.(i)G= i={1, . . . ,N} [0090] Generate the zero share: z.sub.iZ.sub.n* [0091] 2) d.sub.A(i)=d.sub.A(i)+z.sub.i [0092] 3) Return: d.sub.A(i)

[0093] A collection of participants construct private key shares d.sub.A.sub.1, d.sub.A.sub.2, . . . , d.sub.A.sub.N in accordance with algorithm 1. New key shares Dk.sub.1, Dk.sub.2, . . . , Dk.sub.N are introduced to each participant in the collection. These shares may be constructed using algorithm 1 above in which a threshold share of participants may be able to construct a shared secret Dk that is not previously known. Alternatively, Dk may be known in advance (eg a deterministic key) and shares may be constructed in a manner similar to algorithm but such that a pre-known Dk is chosen to be the free term in the polynomial. In either case, Dk.Math.G is known to all but only a slice Dk.sub.1, Dk.sub.2, . . . , Dk.sub.N is known by each of the participant in the collection.

[0094] As all participants know 1.sup.st public key

P.sub.1S=d.sub.A.Math.G

they can calculate

P.sub.2S=P.sub.1S+Dk.Math.G

[0095] without broadcasting their slice of the d.sub.A or Dk, because the first V.sub.1S and second V.sub.2S private keys are related by V.sub.2S=V.sub.1S+Dk. The individual shares

d.sub.A.sub.1, . . . ,d.sub.A.sub.N and Dk.sub.1, . . . ,Dk.sub.N

[0096] remain known only to each individual participant.

[0097] A new address P.sub.2S can be created and a transaction tx signed to this, that changes who controls the main funds. That is, a payment from P.sub.1S to P.sub.2S can be signed by members of address P.sub.1S.

[0098] The Dk collection can be set as either a group from P.sub.1S collection (either a threshold number or all members) or may be a new group. Each threshold slice of Dk is able to be assigned separately, but it should be remembered that if P.sub.1S and Dk are controlled separately then this creates a dual signing structure where both P.sub.1S and Dk are required at the respective threshold rates to sign a transaction tx. It should also be noted that P.sub.1S and Dk do not require the same members nor the same proportions.

[0099] Algorithm 3 Signature Generation [0100] Input: [0101] Message to be signed

e=H(m).

[0102] Private Key Share

d.sub.A.sub.1, . . . ,d.sub.A.sub.N where d.sub.A.sub.iZ.sub.n*.

[0103] Deterministic Key Share

Dk.sub.1, . . . ,Dk.sub.N where Dk.sub.iZ.sub.n*.

[0104] The private key shares d.sub.A.sub.1, d.sub.A.sub.2, . . . , d.sub.A.sub.N are generated by means of algorithm 1. The deterministic key shares Dk.sub.1, Dk.sub.2, . . . , Dk.sub.N are generated by means of algorithm 1 using a random constant as the free term in the polynomial or using a pre-known deterministic key Dk as the free term. [0105] Output: [0106] Signature

(r,s) where r,sZ.sub.n*.

[0107] The signatures are generated using a method which incorporates both the shares of the private key d.sub.A and shares of the deterministic key Dk into the signature. This is described in detail as follows.

[0108] Firstly, each participant generates ephemeral key shares using algorithm 1

k.sub.iZ.sub.n*.

[0109] Next mask shares are generated using algorithm 1 above

.sub.iZ.sub.n*

[0110] and zero mask shares are generated using algorithm 2 above

.sub.iZ.sub.n c.sub.iZ.sub.n.

[0111] Each participant knows k.sub.i, .sub.i, .sub.i, c.sub.i and they are not known to anyone else. [0112] 1)

e=H(m)

[0113] Distribute the message (transaction to be signed). Broadcast

v.sub.i=k.sub.i.sub.i+.sub.i mod n

and

.sub.i=G.Math..sub.i. [0114] 2) Calculate :=Interpolate(v.sub.1, . . . ,v.sub.N) mod n

[=k mod n]

[0115] where is the private key corresponding to the mask shares .sub.i, and the operation Interpolate (v.sub.1, . . . v.sub.N) means obtain the shared secret from the shares v.sub.1, . . . v.sub.N, for example by using 20 Lagrange interpolation coefficients. [0116] 3) Calculate : =ExpInterpolate(.sub.1, . . . , .sub.N) mod n

[=G.Math.]. [0117] 4) Calculate (R.sub.x, R.sub.y) where

R.sub.xy:=(R.sub.x,R.sub.y)=.Math..sup.1.

[=G.Math.k.sub.1]. [0118] 5) Define

r:=r.sub.x=R.sub.x mod n.

[0119] If r=0 start over. [0120] 6) [0121] Broadcast

S.sub.i:=k.sub.i(e+[d.sub.A.sub.i+D.sub.k.sub.i]r)+c.sub.i mod n. [0122] Note that if d.sub.A.sub.i and D.sub.k.sub.i represent different collections of participants then two participants from each collection must communicate to broadcast each individual S.sub.i. [0123] 7)

s:=Interpolate(S.sub.1, . . . ,S.sub.M)mod n

[=k(e+[d.sub.A+Dk]r)mod n].

[0124] If S=0 start over. [0125] 8) Return (r, s). [0126] 9) Construct a transaction that comes from P.sub.2S=(d.sub.A+Dk).Math.G. This is a standard Bitcoin transaction with an (r, s) signature. At no point have d.sub.A or Dk been reconstructed (unless Dk has been split from an existing known value).

[0127] Referring to FIG. 1, a method embodying the invention for transferring control of a digital asset 2 such as a quantity of cryptocurrency such as Bitcoin is described. Initially shares d.sub.Ai of a first private key d.sub.A are distributed using algorithm 1 above among a plurality of first participants 4. In order to transfer the asset 2 to a third party 14, the first private key d.sub.A is accessible by means of a first threshold number 6 of shares d.sub.Ai of the first private key d.sub.A, and is inaccessible in the absence of the first threshold number 6 of shares d.sub.Ai of the first private key d.sub.A. Shares D.sub.ki of a deterministic key D.sub.k are distributed among the plurality of second participants 4, such that the deterministic key D.sub.k is accessible by means of a second threshold number 10 of shares D.sub.ki of the deterministic key D.sub.k, and is inaccessible in the absence of the second threshold number 10 shares D.sub.ki. After generating signature shares S.sub.i according to the process of algorithm 3 described above, access to the digital asset 2 is provided by digital signature with a second private key d.sub.A+D.sub.k based on a third threshold number 12 of signature shares S.sub.i.

[0128] Turning now to FIG. 2, there is provided an illustrative, simplified block diagram of a computing device 2600 that may be used to practice at least one embodiment of the present disclosure. In various embodiments, the computing device 2600 may be used to implement any of the systems illustrated and described above. For example, the computing device 2600 may be configured for use as a data server, a web server, a portable computing device, a personal computer, or any electronic computing device. As shown in FIG. 2, the computing device 2600 may include one or more processors with one or more levels of cache memory and a memory controller (collectively labelled 2602) that can be configured to communicate with a storage subsystem 2606 that includes main memory 2608 and persistent storage 2610. The main memory 2608 can include dynamic random-access memory (DRAM) 2618 and read-only memory (ROM) 2620 as shown. The storage subsystem 2606 and the cache memory 2602 and may be used for storage of information, such as details associated with transactions and blocks as described in the present disclosure. The processor(s) 2602 may be utilized to provide the steps or functionality of any embodiment as described in the present disclosure.

[0129] The processor(s) 2602 can also communicate with one or more user interface input devices 2612, one or more user interface output devices 2614, and a network interface subsystem 2616.

[0130] A bus subsystem 2604 may provide a mechanism for enabling the various components and subsystems of computing device 2600 to communicate with each other as intended. Although the bus subsystem 2604 is shown schematically as a single bus, alternative embodiments of the bus subsystem may utilize multiple busses.

[0131] The network interface subsystem 2616 may provide an interface to other computing devices and networks. The network interface subsystem 2616 may serve as an interface for receiving data from, and transmitting data to, other systems from the computing device 2600. For example, the network interface subsystem 2616 may enable a data technician to connect the device to a network such that the data technician may be able to transmit data to the device and receive data from the device while in a remote location, such as a data centre.

[0132] The user interface input devices 2612 may include one or more user input devices such as a keyboard; pointing devices such as an integrated mouse, trackball, touchpad, or graphics tablet; a scanner; a barcode scanner; a touch screen incorporated into the display; audio input devices such as voice recognition systems, microphones; and other types of input devices. In general, use of the term input device is intended to include all possible types of devices and mechanisms for inputting information to the computing device 2600.

[0133] The one or more user interface output devices 2614 may include a display subsystem, a printer, or non-visual displays such as audio output devices, etc. The display subsystem may be a cathode ray tube (CRT), a flat-panel device such as a liquid crystal display (LCD), light emitting diode (LED) display, or a projection or other display device. In general, use of the term output device is intended to include all possible types of devices and mechanisms for outputting information from the computing device 2600. The one or more user interface output devices 2614 may be used, for example, to present user interfaces to facilitate user interaction with applications performing processes described and variations therein, when such interaction may be appropriate.

[0134] The storage subsystem 2606 may provide a computer-readable storage medium for storing the basic programming and data constructs that may provide the functionality of at least one embodiment of the present disclosure. The applications (programs, code modules, instructions), when executed by one or more processors, may provide the functionality of one or more embodiments of the present disclosure, and may be stored in the storage subsystem 2606. These application modules or instructions may be executed by the one or more processors 2602. The storage subsystem 2606 may additionally provide a repository for storing data used in accordance with the present disclosure. For example, the main memory 2608 and cache memory 2602 can provide volatile storage for program and data. The persistent storage 2610 can provide persistent (non-volatile) storage for program and data and may include flash memory, one or more solid state drives, one or more magnetic hard disk drives, one or more floppy disk drives with associated removable media, one or more optical drives (e.g. CD-ROM or DVD or Blue-Ray) drive with associated removable media, and other like storage media. Such program and data can include programs for carrying out the steps of one or more embodiments as described in the present disclosure as well as data associated with transactions and blocks as described in the present disclosure.

[0135] The computing device 2600 may be of various types, including a portable computer device, tablet computer, a workstation, or any other device described below. Additionally, the computing device 2600 may include another device that may be connected to the computing device 2600 through one or more ports (e.g., USB, a headphone jack, Lightning connector, etc.). The device that may be connected to the computing device 2600 may include a plurality of ports configured to accept fibre-optic connectors. Accordingly, this device may be configured to convert optical signals to electrical signals that may be transmitted through the port connecting the device to the computing device 2600 for processing. Due to the ever-changing nature of computers and networks, the description of the computing device 2600 depicted in FIG. 2 is intended only as a specific example for purposes of illustrating the preferred embodiment of the device. Many other configurations having more or fewer components than the system depicted in FIG. 2 are possible.

[0136] It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word comprising and comprises, and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present specification, comprises means includes or consists of and comprising means including or consisting of. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

REFERENCES

[0137] 1) Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing. pp. 1-10. STOC '88, ACM, New York, NY, USA (1988) [0138] 2) Chaum, David (1983). Blind signatures for untraceable payments (PDF). Advances in Cryptology Proceedings of Crypto. 82 (3): 199-203. [0139] 3) Desmedt. Yuo (1987). Society and Group Oriented Cryptography: A New Concept. In A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology (CRYPTO '87), Carl Pomerance (Ed.). Springer-Verlag, London, UK, UK, 120-127. [0140] 4) Feldman. P. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th IEEE Annual Symposium on Foundations of Computer Science, pages 427-437, 1987. [0141] 5) Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Proceedings of the 15th Annual International Conference on Theory and Application of Cryptographic Techniques. pp. 354-371. EUROCRYPT '96, SpringerVerlag, Berlin, Heidelberg (1996) [0142] 6) Ibrahim, M., Ali, I., Ibrahim, I., El-sawi, A.: A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: Circuits and Systems, 2003 IEEE 46th Midwest Symposium on. vol. 1, pp. 276-280 (2003) [0143] 7) Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) Advances in CryptologyCRYPTO '91, LNCS, vol. 576, pp. 129-140. Springer (1992) [0144] 8) Shamir, Adi (1979), How to share a secret, Communications of the ACM, 22 (11): Pp. 612-613