An Efficient Robust Secret Sharing Scheme with Optimal Cheater Resiliency
TL;DR: A simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2, is designed.
Abstract: In this paper, we consider the problem of (t, δ) robust secret sharing secure against rushing adversary. We design a simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2. The later condition on cheater resilience is optimal for the case of public reconstruction of the secret, on which we focus in this work.
Citations
More filters
Book•
01 Jan 2011
TL;DR: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011, and contains 31 papers, presented together with 2 invited talks.
Abstract: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.
238 citations
TL;DR: This paper considers cheating problem in bivariate polynomial based secret sharing scheme, and proposes two cheating identification algorithms respectively that are efficient with respect of cheater identification capabilities and achieves stronger capability of cheating identification with the collaboration of the rest n − m users who are not involved in secret reconstruction.
57 citations
09 Aug 2016
TL;DR: This paper considers two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase.
Abstract: In this paper, we consider two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase. Towards this, we present four different schemes. Among these, first we present two k-out-of-n secret sharing schemes, the first one being capable of detecting \((k-1)/3\) cheaters such that \(|V_i|=|S|/\epsilon ^3\) and the second one being capable of detecting \(n-1\) cheaters such that \(|V_i|=|S|/\epsilon ^{k+1}\), where S denotes the set of all possible secrets, \(\epsilon \) denotes the successful cheating probability of cheaters and \(V_i\) denotes set all possible shares. Next we present two k-out-of-n secret sharing schemes, the first one being capable of identifying \((k-1)/3\) rushing cheaters with share size \(|V_i|\) that satisfies \(|V_i|=|S|/\epsilon ^k\). This is the first scheme, whose size of shares does not grow linearly with n but only with k, where n is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient k-out-of-n secret sharing scheme against rushing cheaters having the share size \(|V_i|= (n-t)^{n+2t}|S|/\epsilon ^{n+2t}\). The proposed scheme achieves flexibility in the sense that the security level (i.e., the cheater(s) success probability) is independent of the secret size. Each of the four proposed schemes has the smallest share size among the existing schemes having the mentioned properties in the respective models.
14 citations
17 Dec 2018
TL;DR: This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting and proposes protocols secure against rushing adversary.
Abstract: Various adversarial scenarios have been considered in secret sharing for threshold access structure. However, threshold access structure can not provide efficient solution when participants are classified in different compartments. Of many access structures for which ideal secret sharing schemes can be realized, compartmental access structure is an important one. This paper is targeted to initiate the study of secret sharing schemes for compartmental access structure secure against malicious adversary. This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting. Moreover in case of cheater identification and robustness, proposed protocols are secure against rushing adversary who are allowed to submit (possibly forged) shares after observing shares of the honest participants in the reconstruction phase.
7 citations
01 Nov 2019
TL;DR: The security model for cheater identifiable ramp secret sharing schemes is defined and two constructions for cheating cheaters are provided, one of which is secure against rushing cheaters who are allowed to submit their shares during secret reconstruction after observing other participants’ responses in one round.
Abstract: Abstract Secret sharing allows one to share a piece of information among n participants in a way that only qualified subsets of participants can recover the secret whereas others cannot. Some of these participants involved may, however, want to forge their shares of the secret(s) in order to cheat other participants. Various cheater identifiable techniques have been devised in order to identify such cheaters in secret sharing schemes. On the other hand, Ramp secret sharing schemes are a practically efficient variant of usual secret sharing schemes with reduced share size and some loss in security. Ramp secret sharing schemes have many applications in secure information storage, information-theoretic private information retrieval and secret image sharing due to producing relatively smaller shares. However, to the best of our knowledge, there does not exist any cheater identifiable ramp secret sharing scheme. In this paper we define the security model for cheater identifiable ramp secret sharing schemes and provide two constructions for cheater identifiable ramp secret sharing schemes. In addition, the second construction is secure against rushing cheaters who are allowed to submit their shares during secret reconstruction after observing other participants’ responses in one round. Also, we do not make any computational assumptions for the cheaters, i.e., cheaters may be equipped with unlimited time and resources, yet, the cheating probability would be bounded above by a very small positive number.
6 citations
References
More filters
NEC1
TL;DR: Flaws in existing secret sharing schemes against cheating are pointed out and it is shown that a scheme proposed by Ghodosi and Pieprzyk and one presented by Obana and Araki are both insecure against single cheater.
Abstract: In this paper, we point out flaws in existing secret sharing schemes against cheating. Namely, we show that a scheme proposed by Ghodosi and Pieprzyk presented at ACISP 2000 and a one by Obana and Araki presented at Asiacrypt 2006 are both insecure against single cheater. We further show that the scheme by Obana et al. can be made secure by slight modification.
14 citations
"An Efficient Robust Secret Sharing ..." refers methods in this paper
...Tompa and Woll [28] first presented a cheater-detecting secret sharing scheme and this work is followed by several other works (for example, [1], [2], [11], [6], [23], [24])....
[...]
Posted Content•
TL;DR: In this paper, a necessary and sufficient condition for the existence of error-decodable secret-sharing schemes was established, where the secret can be recovered from the set of all shares, even after a coalition of participants corrupts the shares they possess.
Abstract: An error decodable secret-sharing scheme is a secret-sharing scheme with the additional property that the secret can be recovered from the set of all shares, even after a coalition of participants corrupts the shares they possess. In this paper we consider schemes that can tolerate corruption by sets of participants belonging to a monotone coalition structure, thus generalising both a related notion studied by Kurosawa, and the well-known error-correction properties of threshold schemes based on Reed-Solomon codes. We deduce a necessary and sucient condition for the existence of such schemes, and we show how to reduce the storage requirements of a technique of Kurosawa for constructing error-decodable secret-sharing schemes with ecient decoding algorithms. In addition, we explore the connection between one-round perfectly secure message transmission (PSMT) schemes with general adversary structures and secret-sharing schemes, and we exploit this connection to investigate factors aecting the performance of one-round PSMT schemes such as the number of channels required, the communication overhead, and the eciency of message recovery.
13 citations
TL;DR: This paper is able to show that some well-known results concerning one-round PSMT follow from known results on secret-sharing schemes, and to prove a theorem that explicitly shows the relation between these structures.
Abstract: An error decodable secret-sharing scheme is a secret-sharing scheme with the additional property that the secret can be recovered from the set of all shares, even after a coalition of participants corrupts the shares they possess. In this paper, schemes that can tolerate corruption by sets of participants belonging to a monotone coalition structure are considered. This coalition structure may be unrelated to the authorised sets of the secret-sharing scheme. This is generalisation of both a related notion studied in the context of multiparty computation, and the well-known error-correction properties of threshold schemes based on Reed-Solomon codes. Necessary and sufficient conditions for the existence of such schemes are deduced, and methods for reducing the storage requirements of a technique of Kurosawa for constructing error-decodable secret-sharing schemes with efficient decoding algorithms are demonstrated. In addition, the connection between one-round perfectly secure message transmission (PSMT) schemes with general adversary structures and secret-sharing schemes is explored. We prove a theorem that explicitly shows the relation between these structures. In particular, an error decodable secret-sharing scheme yields a one-round PSMT, but the converse does not hold. Furthermore, we are able to show that some well-known results concerning one-round PSMT follow from known results on secret-sharing schemes. These connections are exploited to investigate factors affecting the performance of one-round PSMT schemes such as the number of channels required, the communication overhead, and the efficiency of message recovery.
13 citations
"An Efficient Robust Secret Sharing ..." refers background in this paper
...Moreover, robust secret sharing is also related to Secure Message Transmission (SMT) protocols [13, 20]....
[...]
16 Jul 2012
TL;DR: It is shown that it is possible to match the lower bound on the set of all possible secrets in the amortized sense.
Abstract: We consider the problem of k-out-of-n secret sharing, capable of identifying up to t cheaters, with probability at least (1 - e), for a given error parameter e. In any such secret sharing scheme, t k/2 and the lower bound of |Vi| ≥ |S| - 1 / e + 1 holds. Here Vi denotes the set of all possible ith share, that can be assigned to the ith party and S denotes the set of all possible secrets. To the best of our knowledge, there does not exist any computationally efficient secret sharing scheme with k = 2t+1 (the minimum value of k), where |Vi| exactly matches the lower bound. We show that it is possible to match this bound in the amortized sense.
12 citations
"An Efficient Robust Secret Sharing ..." refers methods in this paper
...McEliece and Sarwate [21] were the first to point out cheater identification in secret sharing schemes and this work is followed by several other works (for example, [17], [22], [8], [31])....
[...]
TL;DR: This work proposes a new unconditionally-secure robust secret sharing scheme for the case with share size equal to the secret size, and extends it to realize a class of multilevel access structures that satisfy a special condition.
Abstract: Abstract. An n-player -secure robust secret sharing scheme is a (t,n)-threshold secret sharing scheme with the additional property that the secret can be recovered, with probability at least , from the set of all shares even if up to t players provide incorrect shares. The existing constructions of robust secret sharing schemes for the range have the share size larger than the secret size. An important goal in this area is to minimize the share size. In the paper, we propose a new unconditionally-secure robust secret sharing scheme for the case with share size equal to the secret size. This is the minimum possible size as dictated by the perfect secrecy of the scheme. We further extend our scheme to realize a class of multilevel access structures that satisfy a special condition. The property that the share size is equal to secret size is preserved in the extended scheme. The proposed scheme is the first known robust secret sharing scheme realizing multilevel access structure.
2 citations
"An Efficient Robust Secret Sharing ..." refers methods in this paper
...without any overhead) scheme by Jhanwar and Safavi-Naini [15]....
[...]