Showing papers on "Homomorphic secret sharing published in 1983"
TL;DR: A linear coding scheme for secret sharing is exhibited which subsumes the polynomial interpolation method proposed by Shamir and can also be viewed as a deterministic version of Blakley's probabilistic method.
Abstract: A "secret sharing system" permits a secret to be shared among n trustees in such a way that any k of them can recover the secret, but any k-1 have complete uncertainty about it. A linear coding scheme for secret sharing is exhibited which subsumes the polynomial interpolation method proposed by Shamir and can also be viewed as a deterministic version of Blakley's probabilistic method. Bounds on the maximum value of n for a given k and secret size are derived for any system, linear or nonlinear. The proposed scheme achieves the lower bound which, for practical purposes, differs insignificantly from the upper bound. The scheme may be extended to protect several secrets. Methods to protect against deliberate tampering by any of the trustees are also presented.
695 citations
07 Nov 1983
TL;DR: A cryptographic protocol allowing two mutually distrusting parties, A and B, each having a secret bit, to "simultaneously" exchange the values of those bits is presented, and a new tool to implement this protocol is developed: a slightly biased symmetric coin.
Abstract: We present a cryptographic protocol allowing two mutually distrusting parties, A and B, each having a secret bit, to "simultaneously" exchange the values of those bits. It is assumed that initially each party presents a correct encryption of his secret bit to the other party. We develop a new tool to implement our protocol: a slightly biased symmetric coin. The key property of this coin is that from each flip A receives a piece of probabilistic information about B's secret bit which is symmetric to the piece of information B receives about A's secret bit.
115 citations
01 Jan 1983
TL;DR: As an application of strongly universal-2 classes of hash functions, Wegman and Carter have proposed a provably secure authentication tag system that requires that the sender and the receiver share a rather long secret key if they wish to use the system more than once.
Abstract: As an application of strongly universal-2 classes of hash functions, Wegman and Carter have proposed a provably secure authentication tag system.1 Their technique allows the receiver to be certain that a message is genuine. An enemy, even one with infinite computing power, cannot forge or modify a message without detection. Moreover, there are no messages that just happen to be easy to forge. Unfortunately, their scheme requires that the sender and the receiver share a rather long secret key if they wish to use the system more than once. Indeed, the length of the key is essentially n log(1/p), where n is the number of messages they wish to be able to authenticate before having to agree on a new secret key, and p is the probability of undetected forgery they are willing to tolerate. Since they also proved that n log(1/p) is a lower bound on the number of bits required by any tag system that assures security against infinite computing power, it is clearly necessary to resort to computational complexity if we wish to have a scheme usable in practice allowing a potentially very large number of messages to be authenticated.
114 citations
01 Jan 1983
TL;DR: The value of a variable is secret for a given piece of equipment if the possibility of use of this equipment by trying all possible values of the variable is very long compared to a given duration.
Abstract: All through this paper the notion of secret that we will discuss is a notion linked to the use of a digital quantity called “key” for a given equipment that is turned on by this key. To be more precise: the value of a variable is secret for a given piece of equipment if the possibility of use of this equipment, by trying all possible values of the variable is very long compared to a given duration.
9 citations