scispace - formally typeset
Search or ask a question

Showing papers on "Secret sharing published in 1993"


Journal ArticleDOI
TL;DR: As the first part of a study of problems involving common randomness at distance locations, information-theoretic models of secret sharing (generating a common random key at two terminals, without letting an eavesdropper obtain information about this key) are considered.
Abstract: As the first part of a study of problems involving common randomness at distance locations, information-theoretic models of secret sharing (generating a common random key at two terminals, without letting an eavesdropper obtain information about this key) are considered. The concept of key-capacity is defined. Single-letter formulas of key-capacity are obtained for several models, and bounds to key-capacity are derived for other models. >

1,471 citations


Journal ArticleDOI
TL;DR: This work shows that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size, the first proof that there exist access structures for which the best achievable information rate is bounded away from 1.
Abstract: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multiparty secure protocols. We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures that meets the bound with equality.

282 citations


Journal ArticleDOI
TL;DR: By observing a simple set-theoretic property of an access structure, this paper proposes its mathematical definition and proves that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.
Abstract: In a secret sharing scheme, a datumd is broken into shadows which are shared by a set of trustees. The family {P?⊆P:P? can reconstructd} is called the access structure of the scheme. A (k, n)-threshold scheme is a secret sharing scheme having the access structure {P?⊆P: |P?|?k}. In this paper, by observing a simple set-theoretic property of an access structure, we propose its mathematical definition. Then we verify the definition by proving that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.

146 citations


Book ChapterDOI
22 Aug 1993
TL;DR: This paper establishes a formal setting to study secret sharing schemes in which the dealer has the feature of being able to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets by sending to all participants the same broadcast message.
Abstract: We consider secret sharing schemes in which the dealer has the feature of being able (after a preprocessing stage) to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets (in different time instants) by sending to all participants the same broadcast message. In this paper we establish a formal setting to study such secret sharing schemes. The security of the schemes presented is unconditional, since they are not based on any computational assumption. We give bounds on the size of the shares held by participants and on the site of the broadcast message in such schemes.

81 citations


Journal ArticleDOI
TL;DR: It is shown that no ℱn secret-sharing scheme over any countable domain exists (for anyn ≥ 2), and noperfect private-key encryption schemes, over the set of all strings, exist.
Abstract: Let ? n be a monotone, nontrivial family of sets over {1, 2, ?,n}. An ? n perfect secret-sharing scheme is a probabilistic mapping of a secret ton shares, such that: Various secret-sharing schemes have been proposed, and applications in diverse contexts were found. In all these cases the set of secrets and the set of shares are finite. In this paper we study the possibility of secret-sharing schemes overinfinite domains. The major case of interest is when the secrets and the shares are taken from acountable set, for example all binary strings. We show that no ? n secret-sharing scheme over any countable domain exists (for anyn ? 2). One consequence of this impossibility result is that noperfect private-key encryption schemes, over the set of all strings, exist. Stated informally, this means that there is no way to encrypt all strings perfectly without revealing information about their length. These impossibility results are stated and proved not only for perfect secret-sharing and private-key encryption schemes, but also for wider classes--weak secret-sharing and private-key encryption schemes. We constrast these results with the case where both the secrets and the shares are real numbers. Simple perfect secret-sharing schemes (and perfect private-key encryption schemes) are presented. Thus, infinity alone does not rule out the possibility of secret sharing.

51 citations


Book ChapterDOI
06 Dec 1993
TL;DR: The problem of secret sharing schemes (555) in the case where all sharing functions are linear maps over a finite field is investigated and the nonexistence of an ideal threshold linear 555 for the cases where the number of participants is twice as large as thenumber of possible values of a secret is shown.
Abstract: The problem of secret sharing schemes (555) in the case where all sharing functions are linear maps over a finite field is investigated. We evaluate the performance of linear secret sharing schemes using the tools of linear algebra and coding theory. In particular, the nonexistence of an ideal threshold linear 555 for the case where the number of participants is twice as large as the number of possible values of a secret is shown.

43 citations


Journal ArticleDOI
TL;DR: Upper bounds on both the number of participants in total and in the lower level are presented, which constitute the only nontrivial cases, and examples for the extremal cases are constructed.
Abstract: In this paper, using recent results in finite geometry, we study a certain class of 2-level shared secret schemes. We shall present upper bounds on both the number of participants in total and on the number of participants in the lower level, which constitute the only nontrivial cases, and construct examples for the extremal cases.

35 citations


Book ChapterDOI
19 Jul 1993
TL;DR: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any non-qualified subset has absolutely no information on the secret.
Abstract: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any non-qualified subset has absolutely no information on the secret

23 citations


Proceedings ArticleDOI
01 Dec 1993
TL;DR: A verifiable secret sharing scheme for a class of geometry-based secret sharing schemes based on finite geometries that provides verifiable sharing of secrets according to general monotone access structures and relies on the homomorphic properties of the discrete exponentiation and therefore on the cryptographic security ofThe discrete logarithm.
Abstract: Several verifiable secret sharing schemes for threshold schemes based on polynomial interpolation have been presented in the literature. Simmons and others introduced secret sharing (also called shared control) schemes based on finite geometries, which allow istributing a secret according to any monotone access structure.In this paper we present a verifiable secret sharing scheme for a class of these geometry-based secret sharing schemes, which thus provides verifiable sharing of secrets according to general monotone access structures.Our scheme relies on the homomorphic properties of the discrete exponentiation and therefore on the cryptographic security of the discrete logarithm. The version based on Simmons' scheme is non-interactive.

13 citations


Book ChapterDOI
01 Jan 1993
TL;DR: A secret sharing scheme is a method for dividing a secret key k among a set P of participants in such a way that any set A ⊆ P, which is not qualified to know the secret, has absolutely no information on k.
Abstract: A secret sharing scheme is a method for dividing a secret key k among a set P of participants in such a way that: if the participants in A ⊆ P are qualified to know the secret they can reconstruct the secret key k; but any set A ⊆ P, which is not qualified to know the secret, has absolutely no information on k.

10 citations


Patent
20 Apr 1993
TL;DR: In this article, the authors proposed a public-key cryptosystem for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys.
Abstract: A method, using a public-key cryptosystem, for enabling a predetermined entity (18) to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys. According to the method, each user's secret key is broken into shares. Then, each user provides a plurality of 'trustees' (22a) pieces of information. The pieces of information provided to each trustee (22a) enable that trustee (22a) to verify that such information includes a 'share' of a secret key of some given public key. Each trustee (22a) can verify that the pieces of information provided include a share of the secret key without interaction with any other trustee (22a) or by sending messages to the user. Upon a predetermined request or condition, e.g., a court order (20) authorizing the entity (18) to monitor the communications of a user suspected of unlawful activity, the trustees (22a) reveal to the entity (18) the shares of the secret key of such user. This enables the entity (18) to reconstruct the secret key and monitor the suspect user's communications.

Book ChapterDOI
01 Jan 1993
TL;DR: This work proposes a new homomorphic perfect secret sharing scheme over any finite Abelian group for which the group operation and inverses are computable in polynomial time and introduces the concept of zero-knowledge sharing scheme to prove that the distributor does not reveal anything.
Abstract: A secret sharing (threshold) scheme is an algorithm in which a distributor creates shares of a secret such that a minimum number of shares are needed to regenerate the secret. We propose a new homomorphic perfect secret sharing scheme over any finite Abelian group for which the group operation and inverses are computable in polynomial time. We introduce the concept of zero-knowledge sharing scheme to prove that the distributor does not reveal anything. A stronger condition than not revealing anything about the secret.

Proceedings Article
12 May 1993
TL;DR: All of these schemes for sharing a secret can be implemented by adapting a t-out-of-n perfect threshold scheme originally proposed by Shamir in 1979, based on polynomials modulo a large prime.
Abstract: Over the past fourteen years many different types of systems for sharing a secret have been proposed. These include t-out-of-n perfect threshold schemes, general secret sharing schemes, democratic schemes, multipart schemes, multilevel schemes and prepositioned schemes. In this paper it is shown that all of these schemes can be implemented by adapting a t-out-of-n perfect threshold scheme originally proposed by Shamir in 1979. This scheme is based on polynomials modulo a large prime. It provides one with an efficient method for generating shares, decoding to recover the secret and changing the access structure when required.

Book
01 Nov 1993
TL;DR: Public-key cryptosystem based on the discrete logarithm problem, including a modular exponentiation unit based on systolic arrays, and the design of a conference key distribution system.
Abstract: Threshold cryptosystems.- Authentication codes with perfect protection.- Practical proven secure authentication with arbitration.- Authentication codes under impersonation attack.- Cumulative arrays and geometric secret sharing schemes.- Nonperfect secret sharing schemes.- A construction of practical secret sharing schemes using linear block codes.- HAVAL - A one-way hashing algorithm with variable length of output (extended abstract).- On the power of memory in the design of collision resistant hash functions.- A practical digital multisignature scheme based on discrete logarithms (extended abstract).- Group-oriented undeniable signature schemes without the assistance of a mutually trusted party.- Highly nonlinear 0-1 balanced boolean functions satisfying strict avalanche criterion (extended abstract).- Linear nonequivalence versus nonlinearity.- Constructing large cryptographically strong S-boxes.- Nonasymptotic estimates of information protection efficiency for the wire-tap channel concept.- Cryptanalysis of LOKI 91.- Cryptanalysis of summation generator.- Secure addition sequence and its applications on the server-aided secret computation protocols.- Subliminal channels for signature transfer and their application to signature distribution schemes.- A practical secret voting scheme for large scale elections.- Privacy for multi-party protocols.- New protocols for electronic money.- Modelling and analyzing cryptographic protocols using Petri nets.- On verifiable implicit asking protocols for RSA computation.- Modified Maurer-Yacobi's scheme and its applications.- The vulnerability of geometric sequences based on fields of odd characteristic.- A fast cryptographic checksum algorithm based on stream ciphers.- An approach to the initial state reconstruction of a clock-controlled shift register based on a novel distance measure.- Construction of m-ary de Bruijn sequences (extended abstract).- Information technology security standards - An Australian perspective.- Non-interactive generation of shared pseudorandom sequences.- A generalized description of DES-based and Benes-based permutationgenerators.- Prime generation with the Demytko-Miller-Trbovich algorithm.- Constructions of feebly-one-way families of permutations.- On bit correlations among preimages of "Many to one" One-way functions.- The fast cascade exponentiation algorithm and its applications on cryptography.- The design of a conference key distribution system.- Remarks on "The design of a Conference Key Distribution System".- Public-key cryptosystem based on the discrete logarithm problem.- Elliptic curves over F p suitable for cryptosystems.- The probability Distribution of the Diffie-Hellman Key.- A modular exponentiation unit based on systolic arrays.- A comparison of key distribution patterns constructed from circle geometries.- A block cipher method using combinations of different methods under the control of the user key.- An attack on two hash functions by Zheng-Matsumoto-Imai.- Primality testing with Lucas functions.

Book
01 Dec 1993
TL;DR: Practical Approaches to Attaining Security against Adaptively Chosen Ciphertext attacks and non-existence of homomorphic general sharing schemes for some key spaces are studied.
Abstract: Digital Signatures and Identification I.- Provably Unforgeable Signatures.- New Constructions of Fail-Stop Signatures and Lower Bounds.- Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes.- An Efficient Digital Signature Scheme Based on an Elliptic Curve over the Ring Z n.- The Digital Signature Standard.- Designing and Detecting Trapdoors for Discrete Log Cryptosystems.- Response to Comments on the NIST Proposed Digital Signature Standard.- Applications and New Problems.- Wallet Databases with Observers.- Making Electronic Refunds Safer.- Fair Public-Key Cryptosystems.- Pricing via Processing or Combatting Junk Mail.- Secret Sharing I.- On the Information Rate of Secret Sharing Schemes.- New General Lower Bounds on the Information Rate of Secret Sharing Schemes.- Universally Ideal Secret Sharing Schemes.- Theory I.- Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions.- Low communication 2-prover zero-knowledge proofs for NP.- Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent.- On the Discrepancy between Serial and Parallel of Zero-Knowledge Protocols.- Cryptographic Functions.- On the Design of SP Networks from an Information Theoretic Point of View.- Partially-bent functions.- Digital Signatures and Identifcation II.- Practical Approaches to Attaining Security against Adaptively Chosen Ciphertext Attacks.- On the Security of the Permuted Kernel Identification Scheme.- Computational Number Theory.- Massively Parallel Computation of Discrete Logarithms.- A Quadratic Sieve on the n-Dimensional Cube.- Efficient Multiplication on Certain Nonsupersingular Elliptic Curves.- Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method.- On Generation of Probable Primes by Incremental Search.- Cryptography Education.- Kid Krypto.- Theory II.- On Defining Proofs of Knowledge.- Public Randomness in Cryptography.- Necessary and Sufficient Conditions for Collision-Free Hashing.- Certifying Cryptographic Tools: The Case of Trapdoor Permutations.- Key Distribution.- Protocols for Secret Key Agreement by Public Discussion Based on Common Information.- Perfectly-Secure Key Distribution for Dynamic Conferences.- DES.- Differential Cryptanalysis of the Full 16-round DES.- Iterative Characteristics of DES and s2-DES.- DES is not a Group.- A High-speed DES Implementation for Network Applications.- Secret Sharing II.- Threshold Schemes with Disenrollment.- Non-existence of homomorphic general sharing schemes for some key spaces.- An l-Span Generalized Secret Sharing Scheme.- Rump Session.- Provable Security Against Differential Cryptanalysis.- Content-Addressable Search Engines and DES-like Systems.- FFT-Hash-II is not yet Collision-free.