Showing papers on "Secret sharing published in 2006"
28 May 2006
TL;DR: In this paper, a distributed protocol for generating shares of random noise, secure against malicious participants, was proposed, where the purpose of the noise generation is to create a distributed implementation of the privacy-preserving statistical databases described in recent papers.
Abstract: In this work we provide efficient distributed protocols for generating shares of random noise, secure against malicious participants. The purpose of the noise generation is to create a distributed implementation of the privacy-preserving statistical databases described in recent papers [14,4,13]. In these databases, privacy is obtained by perturbing the true answer to a database query by the addition of a small amount of Gaussian or exponentially distributed random noise. The computational power of even a simple form of these databases, when the query is just of the form ∑if(di), that is, the sum over all rows i in the database of a function f applied to the data in row i, has been demonstrated in [4]. A distributed implementation eliminates the need for a trusted database administrator.
The results for noise generation are of independent interest. The generation of Gaussian noise introduces a technique for distributing shares of many unbiased coins with fewer executions of verifiable secret sharing than would be needed using previous approaches (reduced by a factor of n). The generation of exponentially distributed noise uses two shallow circuits: one for generating many arbitrarily but identically biased coins at an amortized cost of two unbiased random bits apiece, independent of the bias, and the other to combine bits of appropriate biases to obtain an exponential distribution.
1,567 citations
23 Jul 2006
TL;DR: K-resilient Nash equilibria, joint strategies where no member of a coalition C of size up to k can do better, even if the whole coalition defects, exist for secret sharing and multiparty computation, provided that players prefer to get the information than not to get it.
Abstract: We study k-resilient Nash equilibria, joint strategies where no member of a coalition C of size up to k can do better, even if the whole coalition defects. We show that such k-resilient Nash equilibria exist for secret sharing and multiparty computation, provided that players prefer to get the information than not to get it. Our results hold even if there are only 2 players, so we can do multiparty computation with only two rational agents. We extend our results so that they hold even in the presence of up to t players with "unexpected" utilities. Finally, we show that our techniques can be used to simulate games with mediators by games without mediators.
406 citations
TL;DR: The proposed method utilizes the void and cluster algorithm to encode a secret binary image into n halftone shares (images) carrying significant visual information, and shows that the visual quality of the obtained halftones are observably better than that attained by any available visual cryptography method known to date.
Abstract: Visual cryptography encodes a secret binary image (SI) into n shares of random binary patterns. If the shares are xeroxed onto transparencies, the secret image can be visually decoded by superimposing a qualified subset of transparencies, but no secret information can be obtained from the superposition of a forbidden subset. The binary patterns of the n shares, however, have no visual meaning and hinder the objectives of visual cryptography. Extended visual cryptography was proposed recently to construct meaningful binary images as shares using hypergraph colourings, but the visual quality is poor. In this paper, a novel technique named halftone visual cryptography is proposed to achieve visual cryptography via halftoning. Based on the blue-noise dithering principles, the proposed method utilizes the void and cluster algorithm to encode a secret binary image into n halftone shares (images) carrying significant visual information. The simulation shows that the visual quality of the obtained halftone shares are observably better than that attained by any available visual cryptography method known to date.
402 citations
04 Mar 2006
TL;DR: In this paper, it was shown that if a set of players hold shares of a value $a \in \mathbb{F}_p $ for some prime p (where the set of shares is written [a]p), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a0]p,..., [al−−1]p such that l = ⌈ log2p ⌉, a0,..., al−1∈
Abstract: We show that if a set of players hold shares of a value $a \in \mathbb{F}_p $ for some prime p (where the set of shares is written [a]p), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a0]p, ..., [al−−1]p such that l = ⌈ log2p ⌉, a0,...,al−1∈{0,1} and a = ∑i=0l−−1ai 2i. Our protocol is secure against active adversaries and works for any linear secret sharing scheme with a multiplication protocol. The complexity of our protocol is $\mathcal{O}(l {\rm log} l)$ invocations of the multiplication protocol for the underlying secret sharing scheme, carried out in $\mathcal{O}(1)$ rounds.
This result immediately implies solutions to other long-standing open problems such as constant-rounds and unconditionally secure protocols for deciding whether a shared number is zero, comparing shared numbers, raising a shared number to a shared exponent and reducing a shared number modulo a shared modulus.
373 citations
TL;DR: A sufficient condition for all nonzero codewords of a linear code to be minimal is derived from exponential sums, and then used to construct secret sharing schemes with nice access structures.
Abstract: Secret sharing has been a subject of study for over 20 years, and has had a number of real-world applications. There are several approaches to the construction of secret sharing schemes. One of them is based on coding theory. In principle, every linear code can be used to construct secret sharing schemes. But determining the access structure is very hard as this requires the complete characterization of the minimal codewords of the underlying linear code, which is a difficult problem in general. In this paper, a sufficient condition for all nonzero codewords of a linear code to be minimal is derived from exponential sums. Some linear codes whose covering structure can be determined are constructed, and then used to construct secret sharing schemes with nice access structures.
298 citations
TL;DR: In the method proposed in this study, the difference image of the secret image is encoded using Huffman coding scheme, and the arithmetic calculations of the sharing functions are evaluated in a power-of-two Galois Field GF(2^t).
226 citations
06 Sep 2006
TL;DR: The problem of rational secret sharing among n rational players was introduced by Halpern and Teague (STOC 2004) as mentioned in this paper, who showed that a solution is impossible for n = 2 but showed a solution for the case n = 3.
Abstract: We consider the problem of secret sharing among n rational players. This problem was introduced by Halpern and Teague (STOC 2004), who claim that a solution is impossible for n=2 but show a solution for the case n≥3. Contrary to their claim, we show a protocol for rational secret sharing among n=2 players; our protocol extends to the case n≥3, where it is simpler than the Halpern-Teague solution and also offers a number of other advantages. We also show how to avoid the continual involvement of the dealer, in either our own protocol or that of Halpern and Teague.
Our techniques extend to the case of rational players trying to securely compute an arbitrary function, under certain assumptions on the utilities of the players.
211 citations
TL;DR: This paper proposes a generalization of the model proposed by Yang, and proves that there is a one-to-one mapping between deterministic schemes and probabilistic schemes with no pixel expansion, where contrast is traded for the probability factor.
Abstract: Visual cryptography schemes allow the encoding of a secret image, consisting of black or white pixels, into n shares which are distributed to the participants. The shares are such that only qualified subsets of participants can 'visually' recover the secret image. The secret pixels are shared with techniques that subdivide each secret pixel into a certain number m, m ≥ 2 of subpixels. Such a parameter m is called pixel expansion. Recently Yang introduced a probabilistic model. In such a model the pixel expansion m is 1, that is, there is no pixel expansion. The reconstruction of the image however is probabilistic, meaning that a secret pixel will be correctly reconstructed only with a certain probability. In this paper we propose a generalization of the model proposed by Yang. In our model we fix the pixel expansion m ≥ 1 that can be tolerated and we consider probabilistic schemes attaining such a pixel expansion. For m = 1 our model reduces to the one of Yang. For big enough values of m, for which a deterministic scheme exists, our model reduces to the classical deterministic model. We show that between these two extremes one can trade the probability factor of the scheme with the pixel expansion. Moreover, we prove that there is a one-to-one mapping between deterministic schemes and probabilistic schemes with no pixel expansion, where contrast is traded for the probability factor.
208 citations
TL;DR: The experimental results demonstrate that cheating is possible when the cheaters form a coalition in order to deceive honest participants, and a simple cheating prevention visual cryptographic schemes are proposed.
Abstract: A secret sharing scheme allows a secret to be shared among a set of participants, P, such that only authorized subsets of P can recover the secret, but any unauthorized subset cannot recover the secret. In 1995, Naor and Shamir proposed a variant of secret sharing, called visual cryptography, where the shares given to participants are xeroxed onto transparencies. If X is an authorized subset of P, then the participants in X can visually recover the secret image by stacking their transparencies together without performing any computation. In this paper, we address the issue of cheating by dishonest participants, called cheaters, in visual cryptography. The experimental results demonstrate that cheating is possible when the cheaters form a coalition in order to deceive honest participants. We also propose two simple cheating prevention visual cryptographic schemes.
150 citations
TL;DR: A new c-colored k-out-of-n VSSS is proposed by using a pixel expansion of @?log"2c@?xm that is more efficient than ever.
149 citations
TL;DR: A special attack strategy to the multiparty quantum secret sharing protocol is come up with, using fake signal and Bell measurement, the agent Bob who generates the initial signals can elicit Alice's secret message.
21 Oct 2006
TL;DR: This paper presents a verifiable quantum secret sharing protocol (VQSS), and a general secure multiparty quantum computation (MPQC) protocol, which can tolerate any cheaters among n players.
Abstract: Secret sharing and multiparty computation (also called "secure function evaluation") are fundamental primitives in modern cryptography, allowing a group of mutually distrustful players to perform correct, distributed computations under the sole assumption that some number of them will follow the protocol honestly. This paper investigates how much trust is necessary -- that is, how many players must remain honest -- in order for distributed quantum computations to be possible. We present a verifiable quantum secret sharing (VQSS) protocol, and a general secure multiparty quantum computation (MPQC) protocol, which can tolerate any \left[ {\frac{{n - 1}} {2}} \right] cheaters among n players. Previous protocols for these tasks tolerated \left[ {\frac{{n - 1}} {4}} \right] and \left[ {\frac{{n - 1}} {6}} \right] cheaters, respectively. The threshold we achieve is tight -- even in the classical case, "fair" multiparty computation is not possible if any set of n/2 players can cheat. Our protocols rely on approximate quantum errorcorrecting codes, which can tolerate a larger fraction of errors than traditional, exact codes. We introduce new families of authentication schemes and approximate codes tailored to the needs of our protocols, as well as new state purification techniques along the lines of those used in faulttolerant quantum circuits.
TL;DR: In this article, a circular quantum secret sharing protocol is proposed, which is useful and efficient when one of the parties of secret sharing is remote to the others who are in adjacent, especially the parties are more than three.
Abstract: A circular quantum secret sharing protocol is proposed, which is useful and efficient when one of the parties of secret sharing is remote to the others who are in adjacent, especially the parties are more than three. We describe the process of this protocol and discuss its security when the quantum information carrying is polarized single photons running circularly. It will be shown that entanglement is not necessary for quantum secret sharing. Moreover, the theoretic efficiency is improved to approach 100% as almost all the instances can be used for generating the private key, and each photon can carry one bit of information without quantum storage. It is straightforwardly to utilize this topological structure to complete quantum secret sharing with multi-level two-particle entanglement in high capacity securely.
TL;DR: It will be shown that entanglement is not necessary for quantum secret sharing, and the theoretic efficiency is improved to approach 100% as almost all the instances can be used for generating the private key, and each photon can carry one bit of information without quantum storage.
Abstract: A circular quantum secret sharing protocol is proposed, which is useful and efficient when one of the parties of secret sharing is remote to the others who are in adjacent, especially the parties are more than three. We describe the process of this protocol and discuss its security when the quantum information carrying is polarized single photons running circularly. It will be shown that entanglement is not necessary for quantum secret sharing. Moreover, the theoretic efficiency is improved to approach 100% as almost all the instances can be used for generating the private key, and each photon can carry one bit of information without quantum storage. It is straightforwardly to utilize this topological structure to complete quantum secret sharing with multi-level two-particle entanglement in high capacity securely.
TL;DR: A very simple approach to secure multi-party computation with straight-forward security proofs, which naturally yields protocols secure for mixed (active and passive) corruption and general adversary structures, confirming the previously proved tight bounds in a simpler framework.
Posted Content•
TL;DR: A tight lower bound on the size of shares is derived for secret sharing schemes that protect against this type of attack and an optimum scheme is presented that meets the equality of this bound by using "difference sets".
Abstract: Tompa and Woll introduced a problem of cheating in $(k,n)$ threshold secret sharing schemes. In this problem $k-1$ malicious participants aim to cheat an honest one by opening forged shares and causing the honest participant to reconstruct the wrong secret. We first derive a tight lower bound on the size of shares $|\cV_i|$ for secret sharing schemes that protect against this type of attack: $ |\cV_i| \geq (|\cS|-1)/\delta + 1 $, where $\cV_i$ denotes the set of shares of participant $P_i$, $\cS$ denotes the set of secrets, and $\delta$ denotes the cheating probability. We next present an optimum scheme, which meets the equality of our bound, by using "difference sets." A partial converse and some extensions are also shown.
03 Apr 2006
TL;DR: A secure buyer-seller watermarking protocol without the assistance of a TTP is proposed in which there are only two participants, a seller and a buyer, which can trace piracy and protect the customer's rights.
Abstract: In the existing watermarking protocols, a trusted third party (TTP) is introduced to guarantee that a protocol is fair to both the seller and buyer in a digital content transaction. However, the TTP decreases the security and affects the protocol implementa- tion. To address this issue, in this article a secure buyer-seller watermarking protocol without the assistance of a TTP is proposed in which there are only two participants, a seller and a buyer. Based on the idea of sharing a secret, a watermark embedded in digital content to trace piracy is composed of two pieces of secret information, one produced by the seller and one by the buyer. Since neither knows the exact watermark, the buyer cannot remove the watermark from watermarked digital content, and at the same time the seller cannot fabricate piracy to frame an innocent buyer. In other words, the proposed protocol can trace piracy and protect the customer's rights. In addition, because no third party is introduced into the proposed protocol, the problem of a seller (or a buyer) colluding with a third party to cheat the buyer (or the seller), namely, the conspiracy problem, can be avoided.
26 Jun 2006
TL;DR: A strong (k,n) threshold-based ramp secret sharing scheme with k access levels with large compression rate on the size of the shares and strong protection of the secrets is presented.
Abstract: This paper presents a strong (k,n) threshold-based ramp secret sharing scheme with k access levels The secrets are the elements represented in a square matrix S The secret matrix S can be shared among n different participants using a matrix projection technique where: i) any subset of k participants can collaborate together to reconstruct the secret, and ii) any subset of (k-1) or fewer participants cannot partially discover the secret matrix The primary advantages are its large compression rate on the size of the shares and its strong protection of the secrets
Posted Content•
TL;DR: In this paper, the characterization of ideal multipartite access structures is studied with all generality, based on the well-known connections between ideal secret sharing and matroids and on the introduction of a new combinatorial tool in secret sharing, integer polymatroids.
Abstract: Multipartite secret sharing schemes are those having a multipartite access structure, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. In this work, the characterization of ideal multipartite access structures is studied with all generality. Our results are based on the well-known connections between ideal secret sharing schemes and matroids and on the introduction of a new combinatorial tool in secret sharing, integer polymatroids .
Our results can be summarized as follows. First, we present a characterization of multipartite matroid ports in terms of integer polymatroids. As a consequence of this characterization, a necessary condition for a multipartite access structure to be ideal is obtained. Second, we use representations of integer polymatroids by collections of vector subspaces to characterize the representable multipartite matroids. In this way we obtain a sufficient condition for a multipartite access structure to be ideal, and also a unified framework to study the open problems about the efficiency of the constructions of ideal multipartite secret sharing schemes. Finally, we apply our general results to obtain a complete characterization of ideal tripartite access structures, which was until now an open problem.
04 Mar 2006
TL;DR: It is demonstrated that one round is sufficient for WSS when n > 4t, and that VSS can be achieved in 1 + e amortized rounds (for any e > 0 ) when n>3t.
Abstract: We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that no t of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed in the sharing phase. Gennaro, Ishai, Kushilevitz and Rabin showed that three rounds are necessary and sufficient when n > 3t. Sufficiency, however, was only demonstrated by means of an inefficient (i.e., exponential-time) protocol, and the construction of an efficient three-round protocol was left as an open problem.
In this paper, we present an efficient three-round protocol for VSS. The solution is based on a three-round solution of so-called weak verifiable secret sharing (WSS), for which we also prove that three rounds is a lower bound. Furthermore, we also demonstrate that one round is sufficient for WSS when n > 4t, and that VSS can be achieved in 1 + e amortized rounds (for any e > 0 ) when n>3t.
TL;DR: In this article, a robust (n,n)-threshold scheme of multiparty quantum secret sharing of key over two collective-noise channels (i.e., the collective dephasing channel and the collective rotating channel) is proposed.
Abstract: Based oil a polarization-based quantum key distribution Protocol over a collective-noise channel [Phys. Rev. Lett. 92 (2004) 017901], a robust (n,n)-threshold scheme of multiparty quantum secret sharing of key over two collective-noise channels (i.e., the collective dephasing channel and the collective rotating channel) is proposed. In this scheme the sharer entirety can establish a joint key with the message sender only if all the sharers collaborate together. Since Bell singlets are enough for use and only single-photon polarization needs to be identified, this scheme is feasible according to the present-day technique. (c) 2005 Elsevier B.V. All rights reserved.
29 Sep 2006
TL;DR: This approach's advantages are its large compression rate on the size of the image shares, its strong protection of the secret image and its ability for the realtime processing.
Abstract: This paper presents a reliable image secret sharing method which incorporates two k-out-of-n secret sharing schemes: i) Shamir's secret sharing scheme and ii) matrix projection secret sharing scheme. The technique allows a colored secret image to be divided as n image shares so that: i) any k image shares (k \leqslant n) are sufficient to reconstruct the secret image in the lossless manner and ii) any (k - 1) or fewer image shares cannot get enough information to reveal the secret image. It is an effective, reliable and secure method to prevent the secret image from being lost, stolen or corrupted. In comparison with other image secret sharing methods, this approach's advantages are its large compression rate on the size of the image shares, its strong protection of the secret image and its ability for the realtime processing.
TL;DR: In this article, the authors revisited the scheme on multiparty secret sharing of an atomic quantum state information via entanglement swapping in cavity QED and proposed an improved version.
Journal Article•
TL;DR: In this article, a three-round solution of weak verifiable secret sharing (WSS) was proposed, and it was shown that three rounds is sufficient and sufficient for WSS when n > 4t and 1 + e amortized rounds when any e > 0.
Abstract: We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that no t of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed in the sharing phase. Gennaro, Ishai, Kushilevitz and Rabin showed that three rounds are necessary and sufficient when n > 3t. Sufficiency, however, was only demonstrated by means of an inefficient (i.e., exponential-time) protocol, and the construction of an efficient three-round protocol was left as an open problem. In this paper, we present an efficient three-round protocol for VSS. The solution is based on a three-round solution of so-called weak verifiable secret sharing (WSS), for which we also prove that three rounds is a lower bound. Furthermore, we also demonstrate that one round is sufficient for WSS when n > 4t, and that VSS can be achieved in 1 + e amortized rounds (for any e > 0) when n > 3t.
Journal Article•
TL;DR: It is proved, using the concept of entropy, that in any perfect threshold secret sharing scheme the shares must be at least as long as the secret and, later on, Capocelli, De Santis, Gargano, and Vaccaro have extended this result to the …
Abstract: Preface A secret sharing scheme starts with a secret and then derives from it certain shares (or shadows) which are distributed to users. The secret may be recovered only by certain predetermined groups which belong to the access structure. Secret sharing schemes have been independently introduced by Blakley [12] and Shamir [134] as a solution for safeguarding cryptographic keys. Secret sharing schemes can be used for any situation in which the access to an important resource has to be restricted. We mention here the case of opening bank vaults or launching a nuclear missile. In the first secret sharing schemes only the number of the participants in the reconstruction phase was important for recovering the secret. Such schemes have been referred to as threshold secret sharing schemes. There are secret sharing schemes that deal with more complex access structures than the threshold ones. We mention here the weighted threshold secret sharing schemes in which a positive weight is associated to each user and the secret can be reconstructed if and only if the sum of the weights of the participants is greater than or equal to a fixed threshold, the hierarchical (or multilevel) secret sharing schemes in which the set of users is partitioned into some levels and the secret can be recovered if and only if there is an initialization level such that the number of the participants from this level or higher levels is greater than or equal to the initialization level threshold, the compartmented secret sharing schemes in which the set of users is partitioned into compartments and the secret can be recovered if and only if the number of participants from any compartment is greater than or equal to a compartment threshold and the total number of participants is greater than or equal to a global threshold. Ito, Saito, and Nishizeki [90], Benaloh and Leichter [9] have proposed constructions for realizing any monotone (i.e., if a group belongs to the access structure, so does a larger group) access iii iv structure. The schemes in which the unauthorized groups gain no information about the secret are referred to as perfect. Karnin, Greene, and Hellman [97] have proved, using the concept of entropy, that in any perfect threshold secret sharing scheme the shares must be at least as long as the secret and, later on, Capocelli, De Santis, Gargano, and Vaccaro [27] have extended this result to the …
TL;DR: This paper generalized the square block-wise approach to further reduce pixel expansion in an aspect ratio invariant visual secret sharing scheme and proposes a new scheme based on processing one and four pixel blocks.
Patent•
17 Feb 2006TL;DR: In this article, a method and system for determining a shared secret between two entities in a cryptosystem is presented, where a first random secret is selected that is known to the first entity and unknown to the second entity.
Abstract: A method and system are provided for determining a shared secret between two entities in a cryptosystem. A first random secret is selected that is known to the first entity and unknown to the second entity. A first intermediate shared secret component is determined using the first random secret and a system parameter. The first intermediate shared secret component is communicated to the second entity. A second random secret is selected that is known to the second entity, but unknown to the first entity. A second intermediate shared secret component is determined using the second random secret and the system parameter. The second intermediate shared secret component is communicated to the first entity. It is confirmed that both the first entity and the second entity know a non-interactive shared secret. An interactive shared secret is determined using the first random secret, the second random secret, and the system parameter.
TL;DR: This work by-passes this addition step and construct a polynomial size logarithmic depth unbounded fan-in monotone circuit for every weighted threshold function, i.e., it is shown that weighted threshold functions are in mAC^1.
24 Apr 2006
TL;DR: In this article, the notion of Linear Integer Secret Sharing (LISS) was introduced, and constructions of such schemes for any access structure were shown. But the construction of any LISS scheme can be used to build a secure distributed protocol for exponentiation in any group.
Abstract: We introduce the notion of Linear Integer Secret-Sharing (LISS) schemes, and show constructions of such schemes for any access structure. We show that any LISS scheme can be used to build a secure distributed protocol for exponentiation in any group. This implies, for instance, distributed RSA protocols for arbitrary access structures and with arbitrary public exponents.