scispace - formally typeset
Search or ask a question

Showing papers on "Secret sharing published in 1992"


Journal ArticleDOI
TL;DR: This paper presents numerous direct constructions for secret sharing schemes, such as the Shamir threshold scheme, the Boolean circuit construction of Benaloh and Leichter, the vector space construction of Brickell, and the Simmons geometric construction, emphasizing combinatorial construction methods.
Abstract: This paper is an explication of secret sharing schemes, emphasizing combinatorial construction methods. The main problem we consider is the construction of perfect secret sharing schemes, for specified access structures, with the maximum possible information rate. In this paper, we present numerous direct constructions for secret sharing schemes, such as the Shamir threshold scheme, the Boolean circuit construction of Benaloh and Leichter (for general access structures), the vector space construction of Brickell, and the Simmons geometric construction. We discuss the connections between ideal schemes (i.e., those with information rate equal to one) and matroids. We also mention the entropy bounds of Capocelli et al. Then we give a very general construciton, called the decomposition construction, and numerous applications of it. In particular, we study schemes for access structures based on graphs and the many interesting bounds that can be proved; and we determine the exact value of the optimal information rate for all access structures on at most four participants.

429 citations


Journal ArticleDOI
TL;DR: It is proved that, for any graphG having maximum degreed, there is a perfect secret sharing scheme realizingG in which the information rate is at least 2/(d+3), which improves the best previous general bound by a factor of almost two.
Abstract: In this paper we study secret sharing schemes for access structures based on graphs. A secret sharing scheme enables a secret key to be shared among a set of participants by distributing partial information called shares. Suppose we desire that some specified pairs of participants be able to compute the key. This gives rise in a natural way to a graphG which contains these specified pairs as its edges. The secret sharing scheme is calledperfect if a pair of participants corresponding to a nonedge ofG can obtain no information regarding the key. Such a perfect secret sharing scheme can be constructed for any graph. In this paper we study the information rate of these schemes, which measures how much information is being distributed as shares compared with the size of the secret key. We give several constructions for secret sharing schemes that have a higher information rate than previously known schemes. We prove the general result that, for any graphG having maximum degreed, there is a perfect secret sharing scheme realizingG in which the information rate is at least 2/(d+3). This improves the best previous general bound by a factor of almost two.

164 citations


Book ChapterDOI
13 Dec 1992
TL;DR: This paper generalizes results from constructions of threshold schemes using linear block codes to construct secret sharing schemes for arbitrary access structure and presents a solution to the problem of retrieving the secret.
Abstract: In this paper we address the problem of constructing secret sharing schemes for general access structures. The construction is inspired by linear block codes. Already in the beginning of the eighties constructions of threshold schemes using linear block codes were presented in [6] and [7]. In this paper we generalize those results to construct secret sharing schemes for arbitrary access structure. We also present a solution to the problem of retrieving the secret.

89 citations


Book ChapterDOI
16 Aug 1992
TL;DR: In this article, it was shown that any graph with n vertices admits a secret sharing scheme with information rate Ω((log n)/n), where n is an arbitrary positive constant.
Abstract: We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1/2 + e, where e is an arbitrary positive constant. We also provide several general lower bounds on information rate and average information rate of graphs. In particular, we show that any graph with n vertices admits a secret sharing scheme with information rate Ω((log n)/n).

81 citations


Book ChapterDOI
16 Aug 1992
TL;DR: Two combinatorial techniques are used to apply a decomposition construction in obtaining general lower bounds on information rate and average information rate of certain general classes of access structures.
Abstract: We use two combinatorial techniques to apply a decomposition construction in obtaining general lower bounds on information rate and average information rate of certain general classes of access structures. The first technique uses combinatorial designs (in particular, Steiner systems S(t, k, v)). The second technique uses equitable edge-colourings of bipartite graphs. For uniform access structures of rank t, this second technique improves the best previous general bounds by a factor of t (asymptotically).

64 citations


Book
01 Jan 1992
TL;DR: This work focuses on the design and analysis of protocols for access control in distributed systems, and the shared generation of authenticators and signatures in public Cryptosystems.
Abstract: Protocol Design and Analysis.- A Calculus for Access Control in Distributed Systems.- Deriving the Complete Knowledge of Participants in Cryptographic Protocols.- Systematic Design of Two-Party Authentication Protocols.- Combinatorics and Authentication.- Combinatorial characterizations of authentication codes.- Universal hashing and authentication codes.- On Correlation-immune functions.- Secret Sharing and Information Theory.- On the Size of Shares for Secret Sharing Schemes.- On Verification in Secret Sharing.- Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing.- Multiparty Secret Key Exchange Using a Random Deal of Cards.- Cryptanalysis.- Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer.- A Known Plaintext Attack of FEAL-4 and FEAL-6.- A switching closure test to analyze cryptosystems.- An Attack on the Last Two Rounds of MD4.- The Cryptanalysis of a New Public-Key Cryptosystem based on Modular Knapsacks.- Complexity Theory.- A One-Round, Two-Prover, Zero-Knowledge Protocol for NP.- Interactive Proofs with Space Bounded Provers.- Functional Inversion and Communication Complexity.- The Use of Interaction in Public Cryptosystems..- Cryptographic Schemes Based on Number Theory.- New Public-Key Schemes Based on Elliptic Curves over the Ring Zn.- Efficient Algorithms for the Construction of Hyperelliptic Cryptosystems.- CM-Curves with Good Cryptographic Properties.- A New ID-Based Key Sharing System.- Pseudorandomness.- Pseudo-random Generators from One-way Functions.- New Results on Pseudorandom Permutation Generators Based on the Des Scheme.- Applications and Implementations.- Faster Modular Multiplication by Operand Scaling.- Universal Electronic Cash.- How to Break and Repair a "Provably Secure" Untraceable Payment System.- Practical Quantum Oblivious Transfer.- Exploiting Parallelism in Hardware Implementation of the DES.- Secure Computation Protocols.- Foundations of Secure Interactive Computing.- Secure Computation.- A Cryptographic Scheme for Computerized General Elections.- Efficient Multiparty Protocols Using Circuit Randomization.- Public-Key Cryptosystems and Signatures.- Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack.- Towards Practical Public Key Systems Secure Against Chosen Ciphertext attacks.- Shared generation of authenticators and signatures.- Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer.

59 citations


Book ChapterDOI
24 May 1992
TL;DR: This paper studies the information rate of secret sharing schemes for access structures based on graphs, which measures how much information is being distributed as shares as compared to the size of the secret key, and the average information rate, which is the ratio between the secret size and the arithmetic mean of the sizes of the shares.
Abstract: In this paper, we continue a study of secret sharing schemes for access structures based on graphs. Given a graph G, we require that a subset of participants can compute a secret key if they contain an edge of G otherwise, they can obtain no information regarding the key. We study the information rate of such schemes, which measures how much information is being distributed as shares as compared to the size of the secret key, and the average information rate, which is the ratio between the secret size and the arithmetic mean of the size of the shares. We give both upper and lower bounds on the optimal information rate and average information rate that can be obtained. Upper bounds arise by applying entropy arguments due to Capocelli et al [10]. Lower bounds come from constructions that are based on graph decompositions. Application of these constructions requires solving a particular linear programming problem. We prove some general results concerning the information rate and average information rate for paths, cycles and trees. Also, we study the 30 (connected) graphs on at most five vertices, obtaining exact values for the optimal information rate in 26 of the 30 cases, and for the optimal avebage information rate in 28 of the 30 cases.

49 citations


Journal ArticleDOI
01 Mar 1992
TL;DR: This report first shows how this can be done such that every person can verify (by himself) that his part of the secret is correct even though fewer than k persons get no Shannon information about the secret.
Abstract: Secret sharing allows a secret key to be distributed among n persons, such that k(1 <= k <= n) of these must be present in order to recover it at a later time. This report first shows how this can be done such that every person can verify (by himself) that his part of the secret is correct even though fewer than k persons get no Shannon information about the secret. However, this high level of security is not needed in public key schemes, where the secret key is uniquely determined by a corresponding public key. It is therefore shown how such a secret key (which can be used to sign messages or decipher cipher texts) can be distributed. This scheme has the property, that even though everybody can verify his own part, sets of fewer than k persons cannot sign/decipher unless they could have done so given just the public key. This scheme has the additional property that more than k persons can use the key without compromising their parts of it. Hence, the key can be reused. This technique is further developed to be applied to undeniable signatures. These signatures differ from traditional signatures as they can only be verified with the signer's assistance. The report shows how the signer can authorize agents who can help verifying signatures, but they cannot sign (unless the signer permits it).

36 citations


Book ChapterDOI
13 Dec 1992
TL;DR: This paper characterizes nonperfect secret sharing schemes and derives a lower bound of ¦Vi¦ in terms of a distance between Γ1 and Γ3.
Abstract: A nonperfect secret sharing scheme (NSS) consists of a family of access subsets Γ1, a family of semi-access subsets Γ2 and a family of non-access subsets Γ3. In an NSS, it is possible that ¦Vi¦<¦S¦, where ¦Vi¦ is the size of the share and ¦S¦ is the size of the secret. This paper characterizes nonperfect secret sharing schemes. First, we show that (Γ1, Γ2, Γ3) is realizable if and only if Γ1 is monotone and Γ1 ∪ Γ2 is monotone. Then, we derive a lower bound of ¦Vi¦ in terms of a distance between Γ1 and Γ3. Finally, we show a condition for (Γ1, Γ2, Γ3) to achieve ¦V i ¦=¦S¦/2 for all i.

35 citations


Book ChapterDOI
13 Dec 1992
TL;DR: It is shown that every non-degenerate geometric secret sharing scheme is ‘contained’ in the corresponding cumulative scheme.
Abstract: Cumulative secret sharing schemes were introduced by Simmons et al (1991) based on the generalised secret sharing scheme of Ito et al (1987). A given monotone access structure together with a security level is associated with a unique cumulative scheme. Geometric secret sharing schemes form a wide class of secret sharing schemes which have many desirable properties including good information rates. We show that every non-degenerate geometric secret sharing scheme is ‘contained’ in the corresponding cumulative scheme. As there is no known practical algorithm for constructing efficient secret sharing schemes, the significance of this result is that, at least theoretically, a geometric scheme can be constructed from the corresponding cumulative scheme.

32 citations


Proceedings Article
16 Aug 1992
TL;DR: The first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1/2 + e is given, where e is an arbitrary positive constant.
Abstract: We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1/2 + ?, where ? is an arbitrary positive constant. We also provide several general lower bounds on information rate and average information rate of graphs. In particular, we show that any graph with n vertices admits a secret sharing scheme with information rate ?((logn)/n).

Book ChapterDOI
24 May 1992
TL;DR: It is proved that there exist infinitely many Abelian groups over which there does not exist an ideal homomorphic threshold scheme.
Abstract: Threshold schemes allow any t out of l individuals to recompute a secret (key). General sharing schemes are a generalization. In homomorphic sharing schemes the "product" of shares of the keys gives a share of the product of the keys. We prove that there exist infinitely many Abelian groups over which there does not exist an ideal homomorphic threshold scheme. Additionally we classify ideal homomorphic general sharing schemes. We discuss the potential impact of our result on the construction of general sharing schemes.

Journal ArticleDOI
TL;DR: An information-theoretic characterization of perfect schemes is proved, and it is used to determine which access structures can be encoded by strongly ideal schemes.
Abstract: We define strongly ideal secret sharing schemes to be ideal secret sharing schemes in which certain natural requirements are placed on the decoder. We prove an information-theoretic characterization of perfect schemes, and use it to determine which access structures can be encoded by strongly ideal schemes. We also discuss a hierarchy of secret sharing schemes that are more powerful than strongly ideal schemes.

Proceedings Article
16 Aug 1992
TL;DR: For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties, such that only subsets in the access structure can reconstruct the secret.
Abstract: Given a set of parties {1,, n}, an access structure is a monotone collection of subsets of the parties For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties, such that only subsets in the access structure can reconstruct the secretA secret sharing scheme is ideal if the domains of the shares are the same as the domain of the secrets An access structure is universally ideal if there is an ideal secret sharing scheme for it over every finite domain of secrets An obvious necessary condition for an access structure to be universally ideal is to be ideal over the binary and ternary domains of secrets In this work, we prove that this condition is also sufficient In addition, we give an exact characterization for each of these two conditions, and show that each condition by itself is not sufficient for universally ideal access structures

Book ChapterDOI
16 Aug 1992
TL;DR: A secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties, such that only subsets in the access structure can reconstruct the secret as mentioned in this paper.
Abstract: Given a set of parties {1, ..., n}, an access structure is a monotone collection of subsets of the parties. For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties, such that only subsets in the access structure can reconstruct the secret.

Book ChapterDOI
16 Aug 1992
TL;DR: An l-span secret sharing scheme for the general sharing policy is proposed to solve the secret/shadows regeneration problem by extending the life span of the shadows from 1 to l, i.
Abstract: For some secret sharing applications, the secret reconstructed is not revealed to the participants, and therefore, the secret/shadows can be repeatedly used without having to be changed. But for other applications, in which the secret reconstructed is revealed to participants, a new secret must be chosen and its corresponding shadows must be regenerated and then secretly distributed to participants again, in order to enforce the same secret sharing policy. This is inefficient because of the overhead in the generation and distribution of shadows. In this paper, an l-span secret sharing scheme for the general sharing policy is proposed to solve the secret/shadows regeneration problem by extending the life span of the shadows from 1 to l, i. e., the shadows can be repeatedly used for l times to generate l different secrets.

Journal ArticleDOI
TL;DR: A practical noninteractive scheme is proposed to simultaneously solve several open problems in group oriented cryptography and can be shown to be equivalent to the difficulty of solving the discrete logarithm problem.

Journal ArticleDOI
TL;DR: In this article, the authors consider some combinatorial problems arising from the need to provide security on a communications network and describe authentication schemes, known as authentication schemes, which may be used to provide encodings which can detect such alterations.