Book ChapterDOI

# An Efficient Robust Secret Sharing Scheme with Optimal Cheater Resiliency

, Rui Xu2
18 Oct 2014-Space (Springer, Cham)-Vol. 8804, pp 47-58
TL;DR: A simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2, is designed.
Abstract: In this paper, we consider the problem of (t, δ) robust secret sharing secure against rushing adversary. We design a simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2. The later condition on cheater resilience is optimal for the case of public reconstruction of the secret, on which we focus in this work.
Topics: Secret sharing (68%)
##### Citations
More filters

Book
01 Jan 2011-
TL;DR: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011, and contains 31 papers, presented together with 2 invited talks.
Abstract: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.

234 citations

Journal ArticleDOI
Yanxiao Liu
TL;DR: This paper considers cheating problem in bivariate polynomial based secret sharing scheme, and proposes two cheating identification algorithms respectively that are efficient with respect of cheater identification capabilities and achieves stronger capability of cheating identification with the collaboration of the rest n − m users who are not involved in secret reconstruction.
Abstract: In ( k, n ) secret sharing scheme, any m out of the n users ( m ≥ k ) can reconstruct the secret and any less than k users cannot get any information on the secret. However, some cheaters can submit fake shares to fool other honest users during secret reconstruction. Cheating identification is an important technical to prevent such cheating behavior. In this paper, we consider cheating problem in bivariate polynomial based secret sharing scheme, and propose two cheating identification algorithms respectively. The first algorithm can identify cheaters by the m users who participate in secret reconstruction; the second algorithm can achieves stronger capability of cheater identification with the collaboration of the rest n − m users who are not involved in secret reconstruction. In our scheme, the cheating identification is only based on the symmetry property of bivariate polynomial and linearity of interpolated polynomial. Both the two algorithms are efficient with respect of cheater identification capabilities.

31 citations

Book ChapterDOI

09 Aug 2016-
TL;DR: This paper considers two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase.
Abstract: In this paper, we consider two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase. Towards this, we present four different schemes. Among these, first we present two k-out-of-n secret sharing schemes, the first one being capable of detecting $$(k-1)/3$$ cheaters such that $$|V_i|=|S|/\epsilon ^3$$ and the second one being capable of detecting $$n-1$$ cheaters such that $$|V_i|=|S|/\epsilon ^{k+1}$$, where S denotes the set of all possible secrets, $$\epsilon$$ denotes the successful cheating probability of cheaters and $$V_i$$ denotes set all possible shares. Next we present two k-out-of-n secret sharing schemes, the first one being capable of identifying $$(k-1)/3$$ rushing cheaters with share size $$|V_i|$$ that satisfies $$|V_i|=|S|/\epsilon ^k$$. This is the first scheme, whose size of shares does not grow linearly with n but only with k, where n is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient k-out-of-n secret sharing scheme against rushing cheaters having the share size $$|V_i|= (n-t)^{n+2t}|S|/\epsilon ^{n+2t}$$. The proposed scheme achieves flexibility in the sense that the security level (i.e., the cheater(s) success probability) is independent of the secret size. Each of the four proposed schemes has the smallest share size among the existing schemes having the mentioned properties in the respective models.

13 citations

Book ChapterDOI

17 Dec 2018-
TL;DR: This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting and proposes protocols secure against rushing adversary.
Abstract: Various adversarial scenarios have been considered in secret sharing for threshold access structure. However, threshold access structure can not provide efficient solution when participants are classified in different compartments. Of many access structures for which ideal secret sharing schemes can be realized, compartmental access structure is an important one. This paper is targeted to initiate the study of secret sharing schemes for compartmental access structure secure against malicious adversary. This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting. Moreover in case of cheater identification and robustness, proposed protocols are secure against rushing adversary who are allowed to submit (possibly forged) shares after observing shares of the honest participants in the reconstruction phase.

6 citations

Book ChapterDOI
Partha Sarathi Roy
25 Sep 2018-
TL;DR: This paper resolves this long-standing open issue by presenting definitions and constructions of both cheater identifiable and robust HSS schemes secure against rushing adversary, in the information-theoretic setting.
Abstract: Threshold access structures of secret sharing schemes capture a scenario in which all the participants have the same weight (or power) and their contributions are equal. However, in some situations such as gradation among officials in an organization, the participants have different weights. Hierarchical access structures capture those natural scenarios, where different levels of hierarchy are present and a participant belongs precisely to one of them. Although an extensive research addressing the issues of cheater identifiability and robustness have been done for threshold secret sharing, no such research has been carried out for hierarchical secret sharing (HSS). This paper resolves this long-standing open issue by presenting definitions and constructions of both cheater identifiable and robust HSS schemes secure against rushing adversary, in the information-theoretic setting.

5 citations

##### References
More filters

Journal ArticleDOI
TL;DR: This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
Abstract: In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.

12,938 citations

### "An Efficient Robust Secret Sharing ..." refers background or methods in this paper

• ...In case of up to t cheaters among n (≥ 3t+ 1) participants, it was observed by McEliece and Sarwate [21] that Shamir secret sharing scheme [26] is robust via its connection to Reed-Solomon codes....

[...]

• ...Suppose the dealer D wants to share the secret s with the help of a polynomial f(x) of degree at most t over a finite field F as in Shamir scheme [26]....

[...]

• ...Shamir [26] and Blakley [4] independently addressed this problem in 1979 when they introduced the concept of the threshold secret sharing....

[...]

Book
01 Jan 1977-
TL;DR: This book presents an introduction to BCH Codes and Finite Fields, and methods for Combining Codes, and discusses self-dual Codes and Invariant Theory, as well as nonlinear Codes, Hadamard Matrices, Designs and the Golay Code.
Abstract: Linear Codes. Nonlinear Codes, Hadamard Matrices, Designs and the Golay Code. An Introduction to BCH Codes and Finite Fields. Finite Fields. Dual Codes and Their Weight Distribution. Codes, Designs and Perfect Codes. Cyclic Codes. Cyclic Codes: Idempotents and Mattson-Solomon Polynomials. BCH Codes. Reed-Solomon and Justesen Codes. MDS Codes. Alternant, Goppa and Other Generalized BCH Codes. Reed-Muller Codes. First-Order Reed-Muller Codes. Second-Order Reed-Muller, Kerdock and Preparata Codes. Quadratic-Residue Codes. Bounds on the Size of a Code. Methods for Combining Codes. Self-dual Codes and Invariant Theory. The Golay Codes. Association Schemes. Appendix A. Tables of the Best Codes Known. Appendix B. Finite Geometries. Bibliography. Index.

10,073 citations

### "An Efficient Robust Secret Sharing ..." refers background in this paper

• ..., f(xn)) is a codeword of Reed-Solomon error correcting code [19] of the message (a0, ....

[...]

Proceedings ArticleDOI
01 Dec 1979-
TL;DR: Certain cryptographic keys, such as a number which makes it possible to compute the secret decoding exponent in an RSA public key cryptosystem, 1 , 5 or the system master key and certain other keys in a DES cryptos system, 3 are so important that they present a dilemma.
Abstract: Certain cryptographic keys, such as a number which makes it possible to compute the secret decoding exponent in an RSA public key cryptosystem, 1 , 5 or the system master key and certain other keys in a DES cryptosystem, 3 are so important that they present a dilemma. If too many copies are distributed one might go astray. If too few copies are made they might all be destroyed.

3,042 citations

### "An Efficient Robust Secret Sharing ..." refers background in this paper

• ...Shamir [26] and Blakley [4] independently addressed this problem in 1979 when they introduced the concept of the threshold secret sharing....

[...]

BookDOI
01 Jan 1999-

2,784 citations

Book ChapterDOI
19 Aug 2001-
Abstract: We present a new generic black-box traitor tracing model in which the pirate-decoder employs a self-protection technique. This mechanism is simple, easy to implement in any (software or hardware) device and is a natural way by which a pirate (an adversary) which is black-box accessible, may try to evade detection. We present a necessary combinatorial condition for black-box traitor tracing of self-protecting devices. We constructively prove that any system that fails this condition, is incapable of tracing pirate-decoders that contain keys based on a superlogarithmic number of traitor keys. We then combine the above condition with specific properties of concrete systems. We show that the Boneh-Franklin (BF) scheme as well as the Kurosawa-Desmedt scheme have no black-box tracing capability in the self-protecting model when the number of traitors is superlogarithmic, unless the ciphertext size is as large as in a trivial system, namely linear in the number of users. This partially settles in the negative the open problem of Boneh and Franklin regarding the general black-box traceability of the BF scheme: at least for the case of superlogarithmic traitors. Our negative result does not apply to the Chor-Fiat-Naor (CFN) scheme (which, in fact, allows tracing in our self-protecting model); this separates CFN black-box traceability from that of BF. We also investigate a weaker form of black-box tracing called single-query "black-box confirmation." We show that, when suspicion is modeled as a confidence weight (which biases the uniform distribution of traitors), such single-query confirmation is essentially not possible against a self-protecting pirate-decoder that contains keys based on a superlogarithmic number of traitor keys.

1,132 citations

##### Network Information
###### Related Papers (5)
01 Nov 1979, Communications of The ACM

17 Jul 2019

Shen Hua, Sun Daijie +2 more

25 Sep 2018

Partha Sarathi Roy, Sabyasachi Dutta +5 more

15 Aug 2018

Masahito Hayashi, Takeshi Koshiba

18 Nov 2013

Rui Xu, Kirill Morozov +1 more

##### Performance
###### Metrics
No. of citations received by the Paper in previous years
YearCitations
20212
20201
20191
20183
20161
20151