Showing papers on "Secret sharing published in 1996"
12 May 1996
TL;DR: Publicly verifiable secret sharing schemes are called, new applications to escrow cryptosystems and to payment systems with revocable anonymity are discussed, and two new realizations based on ElGamal's Cryptosystem are presented.
Abstract: A secret sharing scheme allows to share a secret among several participants such that only certain groups of them can recover it. Verifiable secret sharing has been proposed to achieve security against cheating participants. Its first realization had the special property that everybody not only the participants, can verify that Ihe shares are correctly distributed. We will call such schemes publicly verifiable secret sharing schemes, we discuss new applications to escrow cryptosystems and to payment systems with revocable anonymity, and we present two new realizations based on ElGamal's cryptosystem.
581 citations
18 Aug 1996
TL;DR: A new principle of construction for k out of n secret sharing schemes is presented which is easy to apply and in most cases gives much better results than the former principlcs.
Abstract: Naor and Shamir ([1]) defined the basic problem of visual cryptography by a visual variant of the k out, of n secret sharing problem: how can an original picture be encoded by n transparencies so that less than k of them give no information about the original, but by stacking k of them the original can be seen? They described a solution to this problem by a structure called k out of n secret sharing scheme whose parameters directly correspond to quality and usability of the solution. In this paper a new principle of construction for such schemes is presented which is easy to apply and in most cases gives much better results than the former principlcs. New bounds on relevant parameters of k out of n schemes are developed, too. Furthermore, an extension of the basic problem is introduced a.nd solved in which every combination of the transparencies can contain independent information.
249 citations
TL;DR: The first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1/2 + e is given, where e is an arbitrary positive constant.
91 citations
Patent•
21 Aug 1996TL;DR: In this article, a secret sharing scheme for reconstructing a secret over a public communication channel using perfect t-out-of-n secret sharing was proposed, where the secret reconstructing procedure includes the following steps: (i) receiving over said public communication channels l-1 encoded secret shares from the l 1 participants, respectively; (ii) decoding each one of the l- 1 encoded secret share, thereby obtaining l 1 decoded secret shares; and (iii) reconstructing the secret from the L 1 decoding secret shares and from the self secret share of the recipient
Abstract: A method for reconstructing a secret, over a public communication channel, using a perfect t-out-of-n secret sharing scheme. The scheme having a dealer which utilizes a delivering procedure for privately delivering n secret shares of the secret along with n keys to n participants that are interlinked by the channel. The scheme further having a secret reconstructing procedure for being executed by selected recipient participants, for reconstructing the secret by utilizing self secret share of the recipient participant and l-1 secret shares of the other participants. The secret reconstructing procedure includes the following steps: (i) receiving over said public communication channel l-1 encoded secret shares from the l-1 participants, respectively; (ii) decoding each one of the l-1 encoded secret shares, thereby obtaining l-1 decoded secret shares; and (iii) reconstructing the secret from the l-1 decoded secret shares and from the self secret share of the recipient participant.
87 citations
12 May 1996
TL;DR: A tight lower bound on the size of shares is derived for this problem of cheaters in (k, n) threshold secret sharing schemes by using "difference sets."
Abstract: Tompa and Woll considered a problem of cheaters in (k, n) threshold secret sharing schemes We first derive a tight lower bound on the size of shares |νi| for this problem: |νi|≥ (|S|-1)/δ+1, where νi denotes the set of shares of participant Pi, S denotes thr set of secrets, and δ denotes the cheating probabilily We next present an optimum scheme which meets the equality of our bound by using "difference sets"
80 citations
TL;DR: Techniques for obtaining bounds on the information rates of perfect secret sharing schemes are discussed and illustrated using the set of monotone access structures on five participants.
Abstract: A perfect secret sharing scheme is a system for the protection of a secret among a number of participants in such a way that only certain subsets of these participants can reconstruct the secret, and the remaining subsets can obtain no additional information about the secret. The efficiency of a perfect secret sharing scheme can be assessed in terms of its information rates. In this paper we discuss techniques for obtaining bounds on the information rates of perfect secret sharing schemes and illustrate these techniques using the set of monotone access structures on five participants. We give a full listing of the known informtion rate bounds for all the monotone access structures on five participants.
78 citations
12 May 1996
TL;DR: A new recursive construction for multiplicative threshold schemes is described which makes it possible to extend the number of users of such schemes for a relatively small expansion of the share size.
Abstract: Multiplicative threshold schemes are useful tools in threshold cryptography. For example, such schemes can be used with a wide variety of practical homomorphic cryptosystems (such as the RSA, the El Gamal and elliptic curve systems) for threshold decryption, signatures, or proofs. The paper describes a new recursive construction for multiplicative threshold schemes which makes it possible to extend the number of users of such schemes for a relatively small expansion of the share size. We discuss certain properties of the schemes, such as the information rate and zero knowledge aspects.
The paper extends the Karnin-Greene-Hellman bound on the parameters of ideal secret sharing schemes to schemes which are not necessarily ideal and then uses this as a yardstick to compare the performance of currently known multiplicative sharing schemes.
62 citations
TL;DR: This paper establishes a formal setting to study secret sharing schemes in which the dealer has the feature of being able to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets by sending to all participants the same broadcast message.
55 citations
Posted Content•
TL;DR: In this article, the authors proposed a method of controlling the access to a secure database via quorum systems, where only the servers in a complete quorum can collectively grant (or revoke) access permission.
Abstract: We suggest a method of controlling the access to a secure database via quorum systems. A quorum system is a collection of sets (quorums) every two of which have a nonempty intersection. Quorum systems have been used for a number of applications in the area of distributed systems. We propose a separation between access servers, which are protected and trustworthy, but may be outdated, and the data servers, which may all be compromised. The main paradigm is that only the servers in a complete quorum can collectively grant (or revoke) access permission. The method we suggest ensures that, after authorization is revoked, a cheating user Alice will not be able to access the data even if many access servers still consider her authorized and even if the complete raw database is available to her. The method has a low overhead in terms of communication and computation. It can also be converted into a distributed system for issuing secure signatures. An important building block in our method is the use of secret sharing schemes that realize the access structures of quorum systems. We provide several efficient constructions of such schemes which may be of interest in their own right.
53 citations
TL;DR: A systematic analysis of the amount of randomness needed by secret sharing schemes and secure key distribution schemes is given and a lower bound is provided, thus showing the optimality of a recently proposed key distribution protocol.
Abstract: Randomness is a useful computation resource due to its ability to enhance the capabilities of other resources. Its interaction with resources such as time, space, interaction with provers and its role in several areas of computer science has been extensively studied. In this paper we give a systematic analysis of the amount of randomness needed by secret sharing schemes and secure key distribution schemes. We give both upper and lower bounds on the number of random bits needed by secret sharing schemes. The bounds are tight for several classes of secret sharing schemes. For secure key distribution schemes we provide a lower bound on the amount of randomness needed, thus showing the optimality of a recently proposed key distribution protocol.
TL;DR: The extent to which the results that connect ideal secret sharing schemes to matroids can be appropriately generalized are explored and a general method of construction is provided for such schemes.
Abstract: We consider secret sharing schemes which, through an initial issuing of shares to a group of participants, permit a number of different secrets to be protected. Each secret is associated with a (potentially different) access structure and a particular secret can be reconstructed by any group of participants from its associated access structure without the need for further broadcast information. We consider ideal secret sharing schemes in this more general environment. In particular, we classify the collections of access structures that can be combined in such an ideal secret sharing scheme and we provide a general method of construction for such schemes. We also explore the extent to which the results that connect ideal secret sharing schemes to matroids can be appropriately generalized.
18 Aug 1996
TL;DR: It is shown that the n-out-of-n threshold undeniable signature scheme has an actual security of only 2-out of-n, and the discrete log based threshold signature schemes have a weakness in the key generation protocol.
Abstract: Threshold cryptosystems allow n members of a group to share a private key such that any k of them can use the key without revealing its value. These systems can be divided into two categories, systems which use a trusted center to generate the shares and systems which create the shares in a distributed manner. This paper describes a number of security weaknesses which arise in systems which do not use a trusted center. We show that the n-out-of-n threshold undeniable signature scheme [8] has an actual security of only 2-out-of-n. The discrete log based threshold signature schemes [7, 11, 12] have a weakness in the key generation protocol. Finally, the generalized threshold cryptosystem [9] is not secure for some access structures.
01 Jan 1996
TL;DR: In this paper, the authors proposed a method of controlling the access to a secure database via quorum systems, where only the servers in a complete quorum can collectively grant (or revoke) access permission.
Abstract: We suggest a method of controlling the access to a secure database via quorum systems. A quorum system is a collection of sets (quorums) every two of which have a nonempty intersection. Quorum systems have been used for a number of applications in the area of distributed systems. We propose a separation between access servers which are protected and trustworthy, but may be outdated, and the data servers which may all be compromised. The main paradigm is that only the servers in a complete quorum can collectively grant (or revoke) access permission. The method we suggest ensures that after authorization is revoked, a cheating user Alice will not be able to access the data even if many access servers still consider her authorized, and even if the complete raw database is available to her. The method has a low overhead in terms of communication and computation. It can also be converted into a distributed system for issuing secure signatures.
24 Jun 1996
TL;DR: The access structure of a number of secret-sharing schemes that are based on error-correcting linear codes with respect to two approaches are determined.
Abstract: In this paper, we determine the access structure of a number of secret-sharing schemes that are based on error-correcting linear codes with respect to two approaches. Some secret-sharing, schemes based on linear codes are also constructed. The relation between the minimum distance of codes and the access structure of secret-sharing schemes is also investigated.
TL;DR: A protocol for computationally secure ‘on line’ secret-sharing is presented, based on the intractability of the Diffie-Hellman problem, in which the participants' shares can be reused.
Abstract: A protocol for computationally secure ‘on line’ secret-sharing is presented, based on the intractability of the Diffie-Hellman problem, in which the participants' shares can be reused.
Book•
06 May 1996
TL;DR: This paper presents a meta-modelling system that automates the very labor-intensive and therefore time-heavy and expensive process of manually encrypting and decrypting data.
Abstract: Introduction - what is information? how is it transmitted? where can it go? basic encryption secret sharing error-correcting codes hiding information in the noise hiding information in text reversible machines.
30 May 1996
TL;DR: Subliminal channels are closely related to covert channels and are used to hide secret information and exploit the inherent randomness of the systems.
Abstract: Subliminal channels axe closely related to covert channels and are used to hide secret information. They abuse the communications resource. Subliminal channels can be introduced in many cryptographic systems, and exploit the inherent randomness of the systems. For example, secret information can be hidden in the randomness of the authenticators of an authentication system. Similarly secret information can be hidden in the randomness (of the prover or verifier) of both zero-knowledge proof systems and signature systems.
Proceedings Article•
10 Apr 1996
TL;DR: This book constitutes the strictly refereed post-workshop proceedings of the 5th International Workshop on Security Protocols, held in Paris, France, in April 1997, and addresses all current aspects of security protocols.
Abstract: From the Publisher:
This book constitutes the strictly refereed post-workshop proceedings of the 5th International Workshop on Security Protocols, held in Paris, France, in April 1997. The 17 revised full papers presented address all current aspects of security protocols. Among the topics covered are secure distribution of knowledge, electronic voting systems, secure Internet transactions, digital signatures, key exchange, cryprographic protocols, authentication, threshold systems, secret sharing, ect. The 17 revised full papers presented address all current aspects of security protocols. Among the topics covered are secure distribution of knowledge, electronic voting systems, secure Internet transactions, digital signatures, key exchange, cryprographic protocols, authentication, threshold systems, secret sharing, ect.
03 Nov 1996
TL;DR: This paper uses visual secret sharing schemes to limit the space from which one can see the decoded image, and proposes a secure human identification scheme that is secure against peeping, and can detect simple fake terminals.
Abstract: In this paper, we propose new uses of visual secret sharing schemes. That is, we use visual secret sharing schemes to limit the space from which one can see the decoded image. (We call this scheme limiting the visible space visual secret sharing schemes (LVSVSS).) We investigate the visibility of the decoded image when the viewpoint is changed, and categorize the space where the viewpoint belongs according to the visibility. Finally, we consider the application of LVSVSS to human identification, and propose a secure human identification scheme. The proposed human identification scheme is secure against peeping, and can detect simple fake terminals. Moreover, it can be actualized easily at a small cost.
TL;DR: A secure voting scheme that reduces the cryptographic and communication requirements in comparison with other schemes which have been presented and can be easily implemented on any existing computer network.
TL;DR: This paper presents an efficient construction of perfect secret sharing schemes for graph-based access structures where a vertex denotes a participant and an edge does a qualified pair of participants and an application of the scheme to the reduction of storage and computation loads on the communication granting server in a secure network.
Abstract: In this paper, we propose an efficient construction of perfect secret sharing schemes for graph-based access structures where a vertex denotes a participant and an edge does a qualified pair of participants. The secret sharing scheme is based on the assumptions that the pairs of participants corresponding to edges in the graph can compute the master key but the pairs of participants corresponding to nonedges in the graph cannot. The information rate of our scheme is 1 (n − 1) , where n is the number of participants. We also present an application of our scheme to the reduction of storage and computation loads on the communication granting server in a secure network.
Journal Article•
TL;DR: This paper describes secret sharing schemes based on Room squares and their critical sets, and proposes a model of sharing based on critical sets of Room squares.
Abstract: In this paper, we describe secret sharing schemes. We discuss Room squares and their critical sets. We propose a model of sharing based on critical sets of Room squares. Disciplines Physical Sciences and Mathematics Publication Details Chaudhry G R, and Seberry J, Secret Sharing schemes based on Room squares,Proceedings of DMTCS'96, December , 1996, Auckland, New Zealand, Combinatorics, Complexity and Logic, Springer-Verlag Singapore 1996, 158-167. This conference paper is available at Research Online: http://ro.uow.edu.au/infopapers/1132 Secret Sharillg Schemes Based 011 Room Squares Ghnlalll Hasool Chaudhry awl ,knnif,'r Sel)(,lTY Tilt, C"Iltr" for COlllputer S"cllrity n"s"ard, DCl'artIlll'Ilt of COllll'llter ScicIlc" \;lliversity of \\'OllollgoIlg \\'OllOIlgOllg;, !'\SW 2522, ACSTHALI.-\ Abstract, In this pal'Pr, we d"scribe secret sharing schelll"s, \\'t' disIn this pal'Pr, we d"scribe secret sharing schelll"s, \\'t' disCUS" RoolU ''l"ares and their critical sets, \\ie propose a lllodel of ,('en't sharing; based on critical sets of RoolIl sqllares,
24 Jun 1996
TL;DR: A nonlinear secret-sharing scheme for n parties such that any set of k−1 or more shares can determine the secret, but it is computationally hard to extract information about the secret.
Abstract: In this paper, we have described a nonlinear secret-sharing scheme for n parties such that any set of k−1 or more shares can determine the secret, any set of less than k−1 shares might give information about the secret, but it is computationally hard to extract information about the secret. The scheme is based on quadratic forms and the computation of both the shares and the secret is easy.
12 May 1996
TL;DR: A new unifying approach which uses homomorphisms of secret sharing schemes, and presents a verifiable signature sharing scheme for which as many as (n - 1)/3 processors can be faulty, and for which the number of interactions is reduced.
Abstract: Franklin and Reiter introduced at Eurocrypt '95 verifiable signature sharing, a primitive for a fault tolerant distribution of signature verification. They proposed various practical protocols. For RSA signatures with exponent e = 3 and n processors their protocol allows for up to (n - 1)/5 faulty processors (in general (n - 1)/(2 + e)).
We consider a new unifying approach which uses homomorphisms of secret sharing schemes, and present a verifiable signature sharing scheme for which as many as (n - 1)/3 processors can be faulty (for any value of e), and for which the number of interactions is reduced.
TL;DR: It is proved that there exist no secret sharing schemes having a veto capability such that qualified minorities can prevent any other set of participants from reconstructing the secret if one does not assume that the reconstruction machine is trustworthy.
Journal Article•
24 Jun 1996
TL;DR: Without collecting and changing any secret shadows, the secret shadows can be reused after recovering or renewing the shared secret and the amount of public data is still proportional to the number of shadowholders.
Abstract: We propose an efficient dynamic threshold scheme with cheater detection By our scheme, without collecting and changing any secret shadows, the secret shadows can be reused after recovering or renewing the shared secret Thus the new scheme is efficient and practical In addition, the new scheme can detect the cheaters Furthermore, the amount of public data is still proportional to the number of shadowholders
Patent•
27 Sep 1996
TL;DR: The proactive threshold secret sharing cryptosystem as discussed by the authors uses a set of servers, and when at least (k+1) out of (n) servers are active and honest, services are maintained.
Abstract: PROBLEM TO BE SOLVED: To provide the system and method for public key cryptosystem having a proactive, robust, and recoverable distributed threshold secret sharing system. SOLUTION: The proactive threshold secret sharing cryptosystem uses a set of servers. When at least (k+1) out of (n) servers are active and honest, services are maintained. A secret signature key is compromised only when adversaries enter at least (k+1) servers. Further, an honest server detects a server having an error and the services are not interrupted. Further, even when an adversary erases all pieces of local information on the compromised server, the information can be restored immediately after the server returns to the execution of a correct protocol. This method and system have proactive, so an adversary needs to enter (k+1) servers in the same round of the algorithm in order to know secrecy.
12 Jun 1996
TL;DR: This paper presents a fast and perfect secret key sharing scheme based on a simple geometric method to solve group-oriented secret sharing problems in distributed systems that can reduce the needed time of sending messages to a group of receivers due to multiplication operations only.
Abstract: This paper presents a fast and perfect secret key sharing scheme based on a simple geometric method to solve group-oriented secret sharing problems in distributed systems. This scheme does not need the existence of the trusted authority and can reduce the needed time of sending messages to a group of receivers due to multiplication operations only. The scheme can be shown to be very secure, because it is not only a perfect secret sharing but also when the cryptanalyst tries to compute secret values, he must solve the simultaneous trigonometric equations with t-1 equations, where t is the threshold value in the secret key sharing scheme as presented in this paper and the number of unknown valves are much more than the number of equations so that he will obtain no exact solution. Furthermore, it can dynamically insert or delete any participant in a group without affecting these original participants, and it is easy to change the shares without changing the original secret key.