Showing papers on "Secret sharing published in 1999"

Quantum secret sharing

Abstract: Secret sharing is a procedure for splitting a message into several parts so that no subset of parts is sufficient to read the message, but the entire set is. We show how this procedure can be implemented using Greenberger-Horne-Zeilinger (GHZ) states. In the quantum case the presence of an eavesdropper will introduce errors so that his presence can be detected. We also show how GHZ states can be used to split quantum information into two parts so that both parts are necessary to reconstruct the original qubit.

Quantum entanglement for secret sharing and secret splitting

Abstract: We show how a quantum secret sharing protocol, similar to that of Hillery, Buzek, and Berthiaume (Los Alamos e-print archive quant-ph/9806063), can be implemented using two-particle quantum entanglement, as available experimentally today. We also discuss in some detail how both two- and three-particle protocols must be carefully designed in order to detect eavesdropping or a dishonest participant. We also discuss the extension of a multiparticle entanglement secret sharing and splitting scheme toward a protocol so that m of n persons with $ml~n$ can retrieve the secret.

Minimal Codewords and Secret Sharing

Abstract: The use of a linear code to "split" secrets into equal-size shares is considered. The determination of which sets of shares can be used to obtain the secret leads to the apparently new notion of minimal codewords in a linear code. It is shown that the minimal codewords in the dual code completely specify the access structure of the secret-sharing scheme, and conversely.

Dense Probabilistic Encryption

Abstract: This paper describes a method of dense probabilistic encryption. Previous probabilistic encryption methods require large numbers of random bits and product large amounts of ciphertext for the encryption of each bit of plaintext. This paper develops a method of probabilistic encryption in which the ratio of ciphertext text size to plaintext size and theproportion of random bits to plaintext can both be made arbitrarily close to one. The methods described here have applications which are not in any apparent way possible with previous methods. These applications include simple and efficient protocols for noninteractive verifiable secret sharing and a method for conducting practical and verifiable secret-ballot elections.

A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic

Abstract: A publicly verifiable secret sharing (PVSS) scheme is a veri fiable secret sharing scheme with the property that the validity of the shares distributed by the dealer can be verified by any party; hence verification is not limited to the respective participants receiving the shares. We present a new construction for PVSS schemes, which compared to previous solutions by Stadler and later by Fujisaki and Okamoto, achieves improvements both in efficiency and in the type of intractability assumptions. The running time is O(nk), where k is a security parameter, and n is the number of participants, hence essentially optimal. The intractability assumptions are the standard Diffie-Hellman assumption and its decisional variant. We present several applications of our PVSS scheme, among which is a new type of universally verifiable election scheme based on PVSS. The election scheme becomes quite practical and combines several advantages of related electronic voting schemes, which makes it of interest in its own right.

Image Size Invariant Visual Cryptography

Abstract: In the visual secret sharing scheme proposed by Naor and Shamir [3], a secret image is encoded into shares, of which size is larger than that of the secret image and the shares are decoded by stacking them without performing any cryptographic computation. In this paper we propose a (k, n) visual secret sharing scheme to encode a black-and-white image into the same size shares as the secret image, where the reconstructed image of the proposed scheme is visible as well as that of the conventional scheme. key words: secret sharing, visual secret sharing, visual cryptography

Efficient multiparty computations secure against an adaptive adversary

Abstract: We consider verifiable secret sharing (VSS) and multiparty computation (MPC) in the secure-channels model, where a broadcast channel is given and a non-zero error probability is allowed. In this model Rabin and Ben-Or proposed VSS and MPC protocols secure against an adversary that can corrupt any minority of the players. In this paper, we first observe that a subprotocol of theirs, known as weak secret sharing (WSS), is not secure against an adaptive adversary, contrary to what was believed earlier. We then propose new and adaptively secure protocols for WSS, VSS and MPC that are substantially more efficient than the original ones. Our protocols generalize easily to provide security against general Q2-adversaries.

A Quick Group Key Distribution Scheme with Entity Revocation

Abstract: This paper proposes a group key distribution scheme with an “entity revocation”, which renews a group key of all the entities except one (or more) specific entity (ies). In broadcast systems such as Pay-TV, Internet multicast and mobile telecommunication for a group, a manager should revoke a dishonest entity or an unauthorized terminal as soon as possible to protect the secrecy of the group communication. However, it takes a long time for the “entity revocation” on a large group, if the manager distributes a group key to each entity except the revoked one. A recently published paper proposed a group key distribution scheme in which the amount of transmission and the delay do not rely on the number of entities of the group, using a type of secret sharing technique. This paper devises a novel key distribution scheme with “entity revocation” that makes frequent key distribution a practical reality. This scheme uses a technique similar to “threshold cryptosystems” and the one-pass Diffie-Hellman key exchange scheme.

Unconditionally Secure Proactive Secret Sharing Scheme with Combinatorial Structures

Abstract: . Verifiable secret sharing schemes (VSS) are secret sharing schemes dealing with possible cheating by the participants. In this paper, we propose a new unconditionally secure VSS. Then we construct a new proactive secret sharing scheme based on that VSS. In a proactive scheme, the shares are periodically renewed so that an adversary cannot get any information about the secret unless he is able to access a specified number of shares in a short time period. Furthermore, we introduce some combinatorial structure into the proactive scheme to make the scheme more efficient. The combinatorial method might also be used to improve some of the previously constructed proactive schemes.

Introduction to Secure Computation

Abstract: The objective of this paper is to give an elementary introduction to fundamental concepts, techniques and results of Secure Computation. Topics covered include classical results for general secure computation by Yao, Goldreich & Micali & Wigderson, Kilian, Ben-Or & Goldwasser & Wigderson, and Chaum & CrEpeau & Damgaard. We also introduce such concepts as oblivious transfer, security against malicious attacks and verifiable secret sharing, and for some of these important primitives we discuss realization. This paper is organized as follows. Part I deals with oblivious transfer and secure (general) two-party computation. Part II discusses secure general multi-party computation and verifiable secret sharing. Part III addresses information theoretic security and presents detailed but elementary explanations of some recent results in Verifiable Secret Sharing and Multi-Party Computation. The importance of theory and general techniques often lies in the fact that the true nature of security is uncovered and that this henceforth enables to explore what is "possible at all". This then motivates the search for concrete and often specialized realizations that are more efficient. Nevertheless, many principles developed as part of the general theory are fundamental to the design of practical solutions as well.

Changing Thresholds in the Absence of Secure Channels

Abstract: The ways the threshold parameter can be modified after the setup of a secret sharing scheme is the main theme of this work. The considerations are limited to the case when there are no secure channels. First we motivate the problem and discuss methods of threshold change when the dealer is still active and can use broadcasting to implement the change required. Next we study the case when participants themselves initiate the change of threshold without the dealer's help. A general model for threshold changeable secret sharing is developed and two constructions are given. The first generic construction allows the design of a threshold changeable secret sharing scheme which can be implemented using the Shamir approach. The second construction is geometrical in nature and is optimal in terms of the size of shares. The work is concluded by showing that any threshold scheme can be given some degree of threshold change capability.

Efficient Publicly Verifiable Secret Sharing Schemes with Fast or Delayed Recovery

Abstract: A publicly verifiable secret sharing scheme is a secret sharing scheme in which everyone, not only the shareholders, can verify that the secret shares are correctly distributed We present new such schemes and use them to share discrete logarithms and integer factorizations The shareholders will be able to recover their shares quickly (fast recovery) or after a predetermined amount of computations (delayed recovery) to prevent the recovery of all the secrets by un-trustworthy shareholders (eg if these schemes are used for escrowing secret keys) The main contribution of this paper is that all the schemes we present need much less computations and communicated bits than previous ones [BGo, FOk, Mao, Sta, YYu] By the way, we introduce in this paper several tools which are of independent interest: a proof of equality of two discrete logarithms modulo two different numbers, an efficient proof of equality of a discrete logarithm and a third root, and an efficient proof of knowledge of the factorization of any composite number n, where it is not necessary to prove previously that n is the product of two prime factors

Fundamentals of Cryptology: A Professional Reference and Interactive Tutorial

Abstract: From the Publisher: The protection of sensitive information against unauthorized access or fraudulent changes has been of prime concern throughout the centuries. Modern communication techniques, using computers connected through networks, make all data even more vulnerable to these threats. In addition, new issues have surfaced that did not exist previously, e.g. adding a signature to an electronic document. Cryptology addresses the above issues -- it is at the foundation of all information security. The techniques employed to this end have become increasingly mathematical in nature. Basic Concepts in Cryptology serves as an introduction to modern cryptographic methods. After a brief survey of classical cryptosystems, it concentrates on three main areas. First, stream ciphers and block ciphers are discussed. These systems have extremely fast implementations, but sender and receiver must share a secret key. Second, the book presents public key cryptosystems, which make it possible to protect data without a prearranged key. Their security is based on intractable mathematical problems, such as the factorization of large numbers. The remaining chapters cover a variety of topics, including zero-knowledge proofs, secret sharing schemes and authentication codes. Two appendices explain all mathematical prerequisites in detail: one presents elementary number theory (Euclid's Algorithm, the Chinese Remainder Theorem, quadratic residues, inversion formulas, and continued fractions) and the other introduces finite fields and their algebraic structure. Basic Concepts in Cryptology is an updated and improved version of An Introduction to Cryptology, originally published in 1988. Apartfrom a revision of the existing material, there are many new sections, and two new chapters on elliptic curves and authentication codes, respectively. In addition, the book is accompanied by a full text electronic version on CD-ROM as an interactive Mathematica manuscript. Basic Concepts in Cryptology will be of interest to computer scientists, mathematicians, and researchers, students, and practitioners in the area of cryptography.

Conference Key Agreement from Secret Sharing

Abstract: The work proposes new conference key agreement protocols based on secret sharing. We discuss roles of the dealer and recovery algorithms in the trust structure which is the necessary condition for any key establishment protocol to achieve the intended security goals. Our conference key agreement protocol tackles the problem of entity authentication in conference key agreement protocols. The entity authentication is replaced by group authentication. To start a new conference all principals have to be active and broadcast their shares. If the conference goes ahead, all principals are sure that all principals are present and alive. The paper is concluded with a discussion about possible modifications and extensions of the protocol.

Bounds and Techniques for Efficient Redistribution of Secret Shares to New Access Structures

Abstract: We consider the problem of redistributing shares in a secret sharing scheme in such a way that shareholders of a scheme with one access structure can transfer information to a new set of shareholders, resulting in a sharing of the old secret among a new access structure. We describe a number of different scenarios and applications within which such a redistribution might be required, give some techniques for conducting a redistribution, and discuss the optimisation of the efficiency of such a process.

Secret Sharing Schemes with Detection of Cheaters for a General Access Structure

Abstract: In a secret sharing scheme, some participants can lie about the value of their shares when reconstructing the secret in order to obtain some illicit benefits. We present in this paper two methods to modify any linear secret sharing scheme in order to obtain schemes that are unconditionally secure against that kind of attack. The schemes obtained by the first method are robust, that is, cheaters are detected with high probability even if they know the value of the secret. The second method provides secure schemes, in which cheaters that do not know the secret are detected with high probability. When applied to ideal linear secret sharing schemes, our methods provide robust and secure schemes whose relation between the probability of cheating and the information rate is almost optimal. Besides, those methods make it possible to construct robust and secure schemes for any access structure.

Visual cryptography and threshold schemes

Abstract: Visual cryptography is a secret sharing scheme that uses the human visual system to perform computations. In this article, we present some background to traditional secret-sharing schemes, then explain visual schemes, describing some of the basic construction techniques used. topics discussed include: two out of two scheme, two out of n schemes, and graph access structures.

The proactive security toolkit and applications

Abstract: Existing security mechanisms focus on prevention of penetrations, detection of a penetration and (manual) recovery tools Indeed attackers focus their penetration efforts on breaking into critical modules, and on avoiding detection of the attack. As a result, security tools and procedures may cause the attackers to lose control over a specific module (computer, account), since the attacker would rather lose control than risk detection of the attack. While controlling the module, attacker may learn critical secret information or modify the module that make it much easier for the attacker to regain control over that module later. Recent results in cryptography give some hope of improving this situation; they show that many fundamental security tasks can be achieved with proactive security. Proactive security does not assume that there is any module completely secure against penetration Instead, we assume that at any given time period (day, week,.), a sufficient number of the modules in the system are secure (not penetrated). The results obtained so far include some of the most important cryptographic primitives such as signatures, secret sharing, and secure communication However, there was no usable implementation, and several critical issues (for actual use) were not addressedIn this work we report on a practical toolkit implementing the key proactive security mechanisms The toolkit provides secure interfaces to make it easy for applications to recover from penetrations. The toolkit also addresses other critical implementation issues, such as the initialization of the proactive secure system.We describe the toolkit and discuss some of the potential applications. Some applications require minimal enhancements to the existing implementations - e.g. for secure logging (especially for intrusion detection), secure end-to-end communication and timestamping. Other applications require more significant enhancements, mainly distribution over multiple servers, examples are certification authority, key recovery, and secure file system or archive

Detection of Cheaters in Vector Space Secret Sharing Schemes

Abstract: A perfect secret sharing scheme is a method of distributing shares of a secret among a set P of participants in such a way that only qualified subsets of P can reconstruct the secret from their shares and non-qualified subsets have absolutely no information on the value of the secret. In a secret sharing scheme, some participants could lie about the value of their shares in order to obtain some illicit benefit. Therefore, the security against cheating is an important issue in the implementation of secret sharing schemes. Two new secret sharing schemes in which cheaters are detected with high probability are presented in this paper. The first one has information rate equal to 1/2 and can be implemented not only in threshold structures, but in a more general family of access structures. We prove that the information rate of this scheme is almost optimal among all schemes with the same security requirements. The second scheme we propose is a threshold scheme in which cheaters are detected with high probability even if they know the secret. The information rate is in this case 1/3. In both schemes, the probability of cheating successfully is a fixed value that is determined by the size of the secret.

A network system using a threshold secret sharing method

Abstract: In a data encryption/decryption method including an encryption step and a decryption step. In the encryption step, there are prepared n pairs of secret keys and public keys in a public-key cryptographic scheme, where n is a positive integer. A new key is generated in accordance with at least one of the public keys. Data is encrypted in a common-key cryptographic scheme by use of the new key. There is prepared a (k,n) threshold logic (k is an integer equal to or less than n) having terms associated with the new key and the n public keys. A calculation of the threshold logic is conducted by use of the new key and the n public keys, and encrypted data and a result of the calculation of the threshold logic are stored. In the decryption step, the new key is restored from k secret keys selected from the n secret keys and the stored result of the threshold logic calculation in accordance with a threshold reverse logic corresponding to the threshold logic and stored data is decrypted by the restored key in the common-key cryptographic scheme.

Improved Magic Ink Signatures Using Hints

Abstract: We introduce two improvements to the recently proposed so called magic ink DSS signatures. A first improvement is that we reduce the overhead for tracing without noticeably increasing any other cost. The tracing cost is linear in the number of generated signatures in the original proposal; our improved version reduces this to a logarithmic cost in the common case. A second improvement is that we introduce a method for determining whether forged currency is in circulation, without affecting the privacy of honest users. Our improvements rely on our introducing a so called hint value. This is an encryption of the signature transcript received, submitted by the signature receiver. Part of the processing of this hint value is done using a new technique in which the high costs of secret sharing and robust computation on shared data are avoided by manipulation of encrypted data rather than plaintext. (Whereas the idea of computing on encrypted data is not a new notion in itself, it has to the best of our knowledge not previously been employed to limit the use of costly secret sharing based protocols.).

Dealing necessary and sufficient numbers of cards for sharing a one-bit secret key

Abstract: Using a random deal of cards to players and a computationally unlimited eavesdropper, all players wish to share a one-bit secret key which is information-theoretically secure from the eavesdropper. This can be done by a protocol to make several pairs of players share one-bit secret keys so that all these pairs form a spanning tree over players. In this paper we obtain a necessary and sufficient condition on the number of cards for the existence of such a protocol. Our condition immediately yields an efficient linear-time algorithm to determine whether there exists a protocol to achieve such a secret key sharing.

Constructing Perfect Secret Sharing Schemes for General And Uniform Access Structures

Abstract: pants in such a way that only qualified subsets of participants can recover the secret, and unqualified subsets of participants obtain no information regarding the secret In this paper, we propose a construction of perfect secret sharing schemes with uniform, generalized ac- cess structures of rank 3 Compared with other constructions, our construction has some improved lower bounds on the information rate In addition, we also generalize the con- struction to perfect secret sharing schemes with uniform, generalized access structures of constant rank

Zero-Knowledge Proofs of Possession of Digital Signatures and Its Applications

Abstract: Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authentication, identity escrow, publicly verifiable secret sharing and group signature. This paper presents a general construction of zero-knowledge proof of possession of digital signatures. An implementation is shown for discrete logarithm settings. It includes protocols of proving exponentiation and modulo operators, which are the most interesting operators in digital signatures. The proposed construction is applicable for ElGamal signature scheme and its variations. The construction also works for the RSA signature scheme. In discrete logarithm settings, our technique is O(l) times more efficient than previously known methods.