Universal Construction of Cheater-Identifiable Secret Sharing Against Rushing Cheaters Based on Message Authentication
15 Aug 2018-pp 2614-2618
TL;DR: This paper explicitly proposes the concepts of “individual identification” and “agreed identification" and provides protocols for cheater-identifiable secret sharing and removes both conditions simultaneously from any secret sharing scheme.
Abstract: For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase, they can disturb the protocol and only they can reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, using message authentication, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we explicitly propose the concepts of “individual identification” and “agreed identification”. For both settings, we provide protocols for cheater-identifiable secret sharing. In our protocols, the security parameter can be set independently of the share size and the underlying finite field size.
Citations
More filters
TL;DR: This scheme is the first verifiable secret sharing scheme that guarantees verifiability even when a majority of the parties are malicious and relies on the hardness of LWE.
16 citations
Cites background from "Universal Construction of Cheater-I..."
...However, unlike the identifiable secret sharing solutions [72, 178, 227, 201, 228, 154, 142, 69], our scheme supports share verification and does not require any digital signature or message authentication subroutines....
[...]
08 Dec 2020
TL;DR: In this paper, the authors examined the developed mouse tracking application along with the developed Moodle plugin in a blended course mid-term (20%) examination for the purpose of detecting and identifying the potential cheaters.
Abstract: Academic cheating is a significantly common occurrence at the university level in developing countries particularly, in Afghanistan. In online education practices, it could be a difficult task for a better process of secret reconstruction and identifying/ detecting the potential cheaters. Due to a huge number of students and the rapid increase of online education and penetration of the internet (the diversity of electronic devices used by learners in online activities), a big gap exists across creating an honest culture and teacher practices in the classroom. As such, raising the way of early prediction of potential cheaters through the mouse-tracking technique should be an urgent priority. In this paper, the authors examine the developed mouse tracking application along with the developed Moodle plugin in a blended course mid-term (20%) examination for the purpose of detecting and identifying the potential cheaters. The proposed model correctly predicted 94% of students committing illicit actions during the online mid-term examination, which can be possible to early intervene and prevent illegal actions. The study outcome can be used to analyze the learners’ mouse tracking behaviors that lead to a better process of secret reconstruction and transparent space.
6 citations
30 Oct 2019
TL;DR: It is shown that secure SMT protocols can be constructed even if all the channels are corrupted by such rational adversaries, and the situation in which both malicious and rational adversaries exist is studied.
Abstract: Secure Message Transmission (SMT) is a two-party protocol by which the sender can privately transmit a message to the receiver through multiple channels. An adversary can corrupt a subset of channels and makes eavesdropping and tampering over the corrupted channels. Fujita et al. (GameSec 2018) introduced a game-theoretic security notion of SMT, and showed protocols that are secure even if an adversary corrupts all but one of the channels, which is impossible in the standard cryptographic setting. In this work, we study a game-theoretic setting in which all the channels are corrupted by two or more independent adversaries. Specifically, we assume that there are several adversaries who exclusively corrupt subsets of the channels, and prefer to violate the security of SMT with being undetected. Additionally, we assume that each adversary prefers other adversaries’ tampering to be detected. We show that secure SMT protocols can be constructed even if all the channels are corrupted by such rational adversaries. We also study the situation in which both malicious and rational adversaries exist.
5 citations
Posted Content•
TL;DR: The asymptotic rate in a linear network with the secrecy and robustness conditions when the above type of attacker exists and the network is composed of a partially trusted relay of quantum key distribution is discussed.
Abstract: When there exists a malicious attacker in the network, we need to be careful of eavesdropping and contamination. This problem is crucial for network communication when the network is realized by a partially trusted relay of quantum key distribution. We discuss the asymptotic rate in a linear network with the secrecy and robustness conditions when the above type of attacker exists. Also, under the same setting, we discuss the asymptotic rate in a linear network when we impose the secrecy condition alone. Then, we apply these results to the network composed of a partially trusted relay of quantum key distribution, which enables us to realize secure long-distance communication via short-distance quantum key distribution.
4 citations
Posted Content•
TL;DR: This work introduces a game-theoretic security model for SMT in which adversaries have some preferences for the protocol execution, and presents several perfect SMT protocols, including a non-interactive protocol based on the idea of cheater-identifiable secret sharing.
Abstract: Secure Message Transmission (SMT) is a two-party cryptographic protocol by which the sender can securely and reliably transmit messages to the receiver using multiple channels. An adversary for SMT can corrupt a subset of the channels and make eavesdropping and tampering over the channels. In this work, we introduce a game-theoretic security model for SMT in which adversaries have some preferences for the protocol execution. We define rational "timid" adversaries who prefer to violate the security requirements, but do not prefer the tampering to be detected. Such adversaries could arise since they may fear losing their corrupted channels for which they needed some cost or risks. First, we consider the basic setting in which a single adversary attacks the protocol. We show that, even if all but one of the channels are corrupted, we can construct perfect SMT protocols against rational adversaries. In the traditional cryptographic setting, perfect SMT can be constructed only when the adversary corrupts a minority of the channels. Our results demonstrate a way of circumventing the cryptographic impossibility results by a game-theoretic approach. Next, we study the setting in which all the channels can be corrupted by multiple adversaries who do not cooperate. Since we cannot hope for any security if a single adversary corrupts all the channels or multiple adversaries cooperate maliciously, the scenario can arise from a game-theoretic model. We present several perfect SMT protocols, including a non-interactive protocol based on the idea of cheater-identifiable secret sharing. We also study the scenario in which both malicious and rational adversaries exist.
3 citations
Cites background or methods from "Universal Construction of Cheater-I..."
...strongly universal) hash functions instead of universal hash functions in [30]....
[...]
...We construct a non-interactive SMT protocol based on the CISS of Hayashi and Koshiba [30]....
[...]
References
More filters
TL;DR: This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
Abstract: In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
14,340 citations
"Universal Construction of Cheater-I..." refers background in this paper
...Secret sharing is a basic primitive for secure information transmission [21]....
[...]
IBM1
TL;DR: An input independent average linear time algorithm for storage and retrieval on keys that makes a random choice of hash function from a suitable class of hash functions.
2,886 citations
IBM1
TL;DR: Several new classes of hash functions with certain desirable properties are exhibited, and two novel applications for hashing which make use of these functions are introduced, including a provably secure authentication technique for sending messages over insecure lines and the application of testing sets for equality.
1,586 citations
"Universal Construction of Cheater-I..." refers background in this paper
...Pr h i←H [hi(a)=b]= 1 |B| holds, where the probability is over the uniformly random choice of hi from H. The original definition of universal-2 hash functions and several constructions can be found in [25]. C. Toeplitz Matrices An (n ×m)-Toeplitz matrix T = (Ti,j) over Fq can be determined by s =s 1s 2···sn+m−1 ∈Fn+m−1 q \{0n+m−1} as follows: Set Tn,1 =s 1,...,T 1,1 =sn (for the first column) and T 1,2 ...
[...]
01 Feb 1989
TL;DR: This paper proves a conjecture of [Levin 87, sec. 5.6.2] that the scalar product of Boolean vectors p, g, x is a hard-core of every one-way function ƒ, and extends to multiple (up to the logarithm of security) such bits and to any distribution on the x .
Abstract: A central tool in constructing pseudorandom generators, secure encryption functions, and in other areas are “hard-core” predicates b of functions (permutations) ƒ, discovered in [Blum Micali 82]. Such b(x) cannot be efficiently guessed (substantially better than 50-50) given only ƒ(x). Both b, ƒ are computable in polynomial time.[Yao 82] transforms any one-way function ƒ into a more complicated one, ƒ*, which has a hard-core predicate. The construction applies the original ƒ to many small pieces of the input to ƒ* just to get one “hard-core” bit. The security of this bit may be smaller than any constant positive power of the security of ƒ. In fact, for inputs (to ƒ*) of practical size, the pieces effected by ƒ are so small that ƒ can be inverted (and the “hard-core” bit computed) by exhaustive search.In this paper we show that every one-way function, padded to the form ƒ(p, x) = (p, g(x)), VVpVV = VxV, has by itself a hard-core predicate of the same (within a polynomial) security. Namely, we prove a conjecture of [Levin 87, sec. 5.6.2] that the scalar product of Boolean vectors p, x is a hard-core of every one-way function ƒ(p, x) = (p, g(x)). The result extends to multiple (up to the logarithm of security) such bits and to any distribution on the x's for which ƒ is hard to invert.
1,419 citations
"Universal Construction of Cheater-I..." refers background in this paper
..., hard-core functions [8] and universal hash functions [14], [15])....
[...]
01 Feb 1989
TL;DR: In this paper, the authors present a verifiable secret sharing protocol for games with incomplete information and show that the secrecy achieved is unconditional and does not rely on any assumption about computational intractability.
Abstract: Under the assumption that each participant can broadcast a message to all other participants and that each pair of participants can communicate secretly, we present a verifiable secret sharing protocol, and show that any multiparty protocol, or game with incomplete information, can be achieved if a majority of the players are honest. The secrecy achieved is unconditional and does not rely on any assumption about computational intractability. Applications of these results to Byzantine Agreement are also presented.Underlying our results is a new tool of Information Checking which provides authentication without cryptographic assumptions and may have wide applications elsewhere.
1,061 citations