An Efficient Robust Secret Sharing Scheme with Optimal Cheater Resiliency
TL;DR: A simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2, is designed.
Abstract: In this paper, we consider the problem of (t, δ) robust secret sharing secure against rushing adversary. We design a simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2. The later condition on cheater resilience is optimal for the case of public reconstruction of the secret, on which we focus in this work.
Citations
More filters
Book•
01 Jan 2011
TL;DR: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011, and contains 31 papers, presented together with 2 invited talks.
Abstract: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.
238 citations
TL;DR: This paper considers cheating problem in bivariate polynomial based secret sharing scheme, and proposes two cheating identification algorithms respectively that are efficient with respect of cheater identification capabilities and achieves stronger capability of cheating identification with the collaboration of the rest n − m users who are not involved in secret reconstruction.
57 citations
09 Aug 2016
TL;DR: This paper considers two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase.
Abstract: In this paper, we consider two very important issues namely detection and identification of k-out-of-n secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares after observing shares of the honest users in the reconstruction phase. Towards this, we present four different schemes. Among these, first we present two k-out-of-n secret sharing schemes, the first one being capable of detecting \((k-1)/3\) cheaters such that \(|V_i|=|S|/\epsilon ^3\) and the second one being capable of detecting \(n-1\) cheaters such that \(|V_i|=|S|/\epsilon ^{k+1}\), where S denotes the set of all possible secrets, \(\epsilon \) denotes the successful cheating probability of cheaters and \(V_i\) denotes set all possible shares. Next we present two k-out-of-n secret sharing schemes, the first one being capable of identifying \((k-1)/3\) rushing cheaters with share size \(|V_i|\) that satisfies \(|V_i|=|S|/\epsilon ^k\). This is the first scheme, whose size of shares does not grow linearly with n but only with k, where n is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient k-out-of-n secret sharing scheme against rushing cheaters having the share size \(|V_i|= (n-t)^{n+2t}|S|/\epsilon ^{n+2t}\). The proposed scheme achieves flexibility in the sense that the security level (i.e., the cheater(s) success probability) is independent of the secret size. Each of the four proposed schemes has the smallest share size among the existing schemes having the mentioned properties in the respective models.
14 citations
17 Dec 2018
TL;DR: This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting and proposes protocols secure against rushing adversary.
Abstract: Various adversarial scenarios have been considered in secret sharing for threshold access structure. However, threshold access structure can not provide efficient solution when participants are classified in different compartments. Of many access structures for which ideal secret sharing schemes can be realized, compartmental access structure is an important one. This paper is targeted to initiate the study of secret sharing schemes for compartmental access structure secure against malicious adversary. This paper presents definitions of cheating detectable, cheater identifiable and robust secret sharing schemes in compartmental access structure and their realization through five different constructions in the information-theoretic setting. Moreover in case of cheater identification and robustness, proposed protocols are secure against rushing adversary who are allowed to submit (possibly forged) shares after observing shares of the honest participants in the reconstruction phase.
7 citations
01 Nov 2019
TL;DR: The security model for cheater identifiable ramp secret sharing schemes is defined and two constructions for cheating cheaters are provided, one of which is secure against rushing cheaters who are allowed to submit their shares during secret reconstruction after observing other participants’ responses in one round.
Abstract: Abstract Secret sharing allows one to share a piece of information among n participants in a way that only qualified subsets of participants can recover the secret whereas others cannot. Some of these participants involved may, however, want to forge their shares of the secret(s) in order to cheat other participants. Various cheater identifiable techniques have been devised in order to identify such cheaters in secret sharing schemes. On the other hand, Ramp secret sharing schemes are a practically efficient variant of usual secret sharing schemes with reduced share size and some loss in security. Ramp secret sharing schemes have many applications in secure information storage, information-theoretic private information retrieval and secret image sharing due to producing relatively smaller shares. However, to the best of our knowledge, there does not exist any cheater identifiable ramp secret sharing scheme. In this paper we define the security model for cheater identifiable ramp secret sharing schemes and provide two constructions for cheater identifiable ramp secret sharing schemes. In addition, the second construction is secure against rushing cheaters who are allowed to submit their shares during secret reconstruction after observing other participants’ responses in one round. Also, we do not make any computational assumptions for the cheaters, i.e., cheaters may be equipped with unlimited time and resources, yet, the cheating probability would be bounded above by a very small positive number.
6 citations
References
More filters
01 Jan 2011
TL;DR: This book constitutes the refereed proceedings of the 6th International Workshop on Security, IWSEC 2011, held in Tokyo, Japan, in November 2011, and contains 14 revised full papers presented.
119 citations
Journal Article•
102 citations
"An Efficient Robust Secret Sharing ..." refers background in this paper
...More generally, as first shown in [10], [16], [27]...
[...]
02 Jan 1994
TL;DR: An explicit relation between authentication codes and codes correcting independent errors is shown, which gives rise to several upper bounds on A-codes and how to construct A- codes starting from error correcting codes.
Abstract: In this paper we show an explicit relation between authentication codes and codes correcting independent errors. This relation gives rise to several upper bounds on A-codes. We also show how to construct A-codes starting from error correcting codes. The latter is used to show that if PS exceeds PI by an arbitrarily small positive amount, then the number of source states grows exponentially with the number of keys but if PS = PI it will grow only linearly.
93 citations
"An Efficient Robust Secret Sharing ..." refers background in this paper
...More generally, as first shown in [10], [16], [27]...
[...]
TL;DR: A tight lower bound on the size of shares is derived for secret sharing schemes that protect against this type of attack and an optimum scheme is presented that meets the equality of this bound by using "difference sets".
Abstract: Tompa and Woll introduced a problem of cheating in $(k,n)$ threshold secret sharing schemes. In this problem $k-1$ malicious participants aim to cheat an honest one by opening forged shares and causing the honest participant to reconstruct the wrong secret. We first derive a tight lower bound on the size of shares $|\cV_i|$ for secret sharing schemes that protect against this type of attack: $ |\cV_i| \geq (|\cS|-1)/\delta + 1 $, where $\cV_i$ denotes the set of shares of participant $P_i$, $\cS$ denotes the set of secrets, and $\delta$ denotes the cheating probability. We next present an optimum scheme, which meets the equality of our bound, by using "difference sets." A partial converse and some extensions are also shown.
85 citations
TL;DR: Two methods are presented to modify any linear secret sharing scheme in order to obtain schemes that are unconditionally secure against that kind of attack, and those methods make it possible to construct robust and secure schemes for any access structure.
Abstract: In a secret sharing scheme, some participants can lie about the value of their shares when reconstructing the secret in order to obtain some illicit benefit. We present in this paper two methods to modify any linear secret sharing scheme in order to obtain schemes that are unconditionally secure against that kind of attack. The schemes obtained by the first method are robust, that is, cheaters are detected with high probability even if they know the value of the secret. The second method provides secure schemes, in which cheaters that do not know the secret are detected with high probability. When applied to ideal linear secret sharing schemes, our methods provide robust and secure schemes whose relation between the probability of cheating and the information rate is almost optimal. Besides, those methods make it possible to construct robust and secure schemes for any access structure.
83 citations
"An Efficient Robust Secret Sharing ..." refers methods in this paper
...Tompa and Woll [28] first presented a cheater-detecting secret sharing scheme and this work is followed by several other works (for example, [1], [2], [11], [6], [23], [24])....
[...]