scispace - formally typeset
Search or ask a question
Book ChapterDOI

An Efficient Robust Secret Sharing Scheme with Optimal Cheater Resiliency

18 Oct 2014-Space (Springer, Cham)-Vol. 8804, pp 47-58
TL;DR: A simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2, is designed.
Abstract: In this paper, we consider the problem of (t, δ) robust secret sharing secure against rushing adversary. We design a simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2. The later condition on cheater resilience is optimal for the case of public reconstruction of the secret, on which we focus in this work.
Citations
More filters
Book
01 Jan 2011
TL;DR: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011, and contains 31 papers, presented together with 2 invited talks.
Abstract: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.

238 citations

Journal ArticleDOI
TL;DR: This paper considers cheating problem in bivariate polynomial based secret sharing scheme, and proposes two cheating identification algorithms respectively that are efficient with respect of cheater identification capabilities and achieves stronger capability of cheating identification with the collaboration of the rest n − m users who are not involved in secret reconstruction.

57 citations

Book ChapterDOI
09 Aug 2016
TL;DR: This paper considers two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase.
Abstract: In this paper, we consider two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase. Towards this, we present four different schemes. Among these, first we present two k-out-of-n secret sharing schemes, the first one being capable of detecting \((k-1)/3\) cheaters such that \(|V_i|=|S|/\epsilon ^3\) and the second one being capable of detecting \(n-1\) cheaters such that \(|V_i|=|S|/\epsilon ^{k+1}\), where S denotes the set of all possible secrets, \(\epsilon \) denotes the successful cheating probability of cheaters and \(V_i\) denotes set all possible shares. Next we present two k-out-of-n secret sharing schemes, the first one being capable of identifying \((k-1)/3\) rushing cheaters with share size \(|V_i|\) that satisfies \(|V_i|=|S|/\epsilon ^k\). This is the first scheme, whose size of shares does not grow linearly with n but only with k, where n is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient k-out-of-n secret sharing scheme against rushing cheaters having the share size \(|V_i|= (n-t)^{n+2t}|S|/\epsilon ^{n+2t}\). The proposed scheme achieves flexibility in the sense that the security level (i.e., the cheater(s) success probability) is independent of the secret size. Each of the four proposed schemes has the smallest share size among the existing schemes having the mentioned properties in the respective models.

14 citations

Book ChapterDOI
17 Dec 2018
TL;DR: This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting and proposes protocols secure against rushing adversary.
Abstract: Various adversarial scenarios have been considered in secret sharing for threshold access structure. However, threshold access structure can not provide efficient solution when participants are classified in different compartments. Of many access structures for which ideal secret sharing schemes can be realized, compartmental access structure is an important one. This paper is targeted to initiate the study of secret sharing schemes for compartmental access structure secure against malicious adversary. This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting. Moreover in case of cheater identification and robustness, proposed protocols are secure against rushing adversary who are allowed to submit (possibly forged) shares after observing shares of the honest participants in the reconstruction phase.

7 citations

Journal ArticleDOI
01 Nov 2019
TL;DR: The security model for cheater identifiable ramp secret sharing schemes is defined and two constructions for cheating cheaters are provided, one of which is secure against rushing cheaters who are allowed to submit their shares during secret reconstruction after observing other participants’ responses in one round.
Abstract: Abstract Secret sharing allows one to share a piece of information among n participants in a way that only qualified subsets of participants can recover the secret whereas others cannot. Some of these participants involved may, however, want to forge their shares of the secret(s) in order to cheat other participants. Various cheater identifiable techniques have been devised in order to identify such cheaters in secret sharing schemes. On the other hand, Ramp secret sharing schemes are a practically efficient variant of usual secret sharing schemes with reduced share size and some loss in security. Ramp secret sharing schemes have many applications in secure information storage, information-theoretic private information retrieval and secret image sharing due to producing relatively smaller shares. However, to the best of our knowledge, there does not exist any cheater identifiable ramp secret sharing scheme. In this paper we define the security model for cheater identifiable ramp secret sharing schemes and provide two constructions for cheater identifiable ramp secret sharing schemes. In addition, the second construction is secure against rushing cheaters who are allowed to submit their shares during secret reconstruction after observing other participants’ responses in one round. Also, we do not make any computational assumptions for the cheaters, i.e., cheaters may be equipped with unlimited time and resources, yet, the cheating probability would be bounded above by a very small positive number.

6 citations

References
More filters
Journal ArticleDOI
TL;DR: This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
Abstract: In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.

14,340 citations


"An Efficient Robust Secret Sharing ..." refers background or methods in this paper

  • ...In case of up to t cheaters among n (≥ 3t+ 1) participants, it was observed by McEliece and Sarwate [21] that Shamir secret sharing scheme [26] is robust via its connection to Reed-Solomon codes....

    [...]

  • ...Suppose the dealer D wants to share the secret s with the help of a polynomial f(x) of degree at most t over a finite field F as in Shamir scheme [26]....

    [...]

  • ...Shamir [26] and Blakley [4] independently addressed this problem in 1979 when they introduced the concept of the threshold secret sharing....

    [...]

Book
01 Jan 1977
TL;DR: This book presents an introduction to BCH Codes and Finite Fields, and methods for Combining Codes, and discusses self-dual Codes and Invariant Theory, as well as nonlinear Codes, Hadamard Matrices, Designs and the Golay Code.
Abstract: Linear Codes. Nonlinear Codes, Hadamard Matrices, Designs and the Golay Code. An Introduction to BCH Codes and Finite Fields. Finite Fields. Dual Codes and Their Weight Distribution. Codes, Designs and Perfect Codes. Cyclic Codes. Cyclic Codes: Idempotents and Mattson-Solomon Polynomials. BCH Codes. Reed-Solomon and Justesen Codes. MDS Codes. Alternant, Goppa and Other Generalized BCH Codes. Reed-Muller Codes. First-Order Reed-Muller Codes. Second-Order Reed-Muller, Kerdock and Preparata Codes. Quadratic-Residue Codes. Bounds on the Size of a Code. Methods for Combining Codes. Self-dual Codes and Invariant Theory. The Golay Codes. Association Schemes. Appendix A. Tables of the Best Codes Known. Appendix B. Finite Geometries. Bibliography. Index.

10,083 citations


"An Efficient Robust Secret Sharing ..." refers background in this paper

  • ..., f(xn)) is a codeword of Reed-Solomon error correcting code [19] of the message (a0, ....

    [...]

Proceedings ArticleDOI
01 Dec 1979
TL;DR: Certain cryptographic keys, such as a number which makes it possible to compute the secret decoding exponent in an RSA public key cryptosystem, 1 , 5 or the system master key and certain other keys in a DES cryptos system, 3 are so important that they present a dilemma.
Abstract: Certain cryptographic keys, such as a number which makes it possible to compute the secret decoding exponent in an RSA public key cryptosystem, 1 , 5 or the system master key and certain other keys in a DES cryptosystem, 3 are so important that they present a dilemma. If too many copies are distributed one might go astray. If too few copies are made they might all be destroyed.

3,184 citations


"An Efficient Robust Secret Sharing ..." refers background in this paper

  • ...Shamir [26] and Blakley [4] independently addressed this problem in 1979 when they introduced the concept of the threshold secret sharing....

    [...]

BookDOI
01 Jan 1999

2,795 citations

Book ChapterDOI
19 Aug 2001
TL;DR: In this article, it was shown that the Boneh-Franklin (BF) scheme and the Kurosawa-Desmedt (KDS) scheme have no black-box traceability in the self-protecting model when the number of traitors is super-logarithmic.
Abstract: We present a new generic black-box traitor tracing model in which the pirate-decoder employs a self-protection technique. This mechanism is simple, easy to implement in any (software or hardware) device and is a natural way by which a pirate (an adversary) which is black-box accessible, may try to evade detection. We present a necessary combinatorial condition for black-box traitor tracing of self-protecting devices. We constructively prove that any system that fails this condition, is incapable of tracing pirate-decoders that contain keys based on a superlogarithmic number of traitor keys. We then combine the above condition with specific properties of concrete systems. We show that the Boneh-Franklin (BF) scheme as well as the Kurosawa-Desmedt scheme have no black-box tracing capability in the self-protecting model when the number of traitors is superlogarithmic, unless the ciphertext size is as large as in a trivial system, namely linear in the number of users. This partially settles in the negative the open problem of Boneh and Franklin regarding the general black-box traceability of the BF scheme: at least for the case of superlogarithmic traitors. Our negative result does not apply to the Chor-Fiat-Naor (CFN) scheme (which, in fact, allows tracing in our self-protecting model); this separates CFN black-box traceability from that of BF. We also investigate a weaker form of black-box tracing called single-query "black-box confirmation." We show that, when suspicion is modeled as a confidence weight (which biases the uniform distribution of traitors), such single-query confirmation is essentially not possible against a self-protecting pirate-decoder that contains keys based on a superlogarithmic number of traitor keys.

1,132 citations