Showing papers on "Secret sharing published in 2007"
TL;DR: Using the theory of reciprocity for antennas and electromagnetic propagation, a key distribution method is proposed that uses the ultrawideband channel pulse response between two transceivers as a source of common randomness that is not available to enemy observers in other locations.
Abstract: To establish a secure communications link between any two transceivers, the communicating parties require some shared secret, or key, with which to encrypt the message so that it cannot be understood by an enemy observer. Using the theory of reciprocity for antennas and electromagnetic propagation, a key distribution method is proposed that uses the ultrawideband (UWB) channel pulse response between two transceivers as a source of common randomness that is not available to enemy observers in other locations. The maximum size of a key that can be shared in this way is characterized by the mutual information between the observations of two radios, and an approximation and upper bound on mutual information is found for a general multipath channel and examples given for UWB channel models. The exchange of some information between the parties is necessary to achieve these bounds, and various information-sharing strategies are considered and their performance is simulated. A qualitative assessment of the vulnerability of such a secret sharing system to attack from a radio in a nearby location is also given.
345 citations
TL;DR: A scheme to improve authentication ability that prevents dishonest participants from cheating is presented and the arrangement of embedded bits is defined to improve the quality of stego-image.
287 citations
TL;DR: This paper designs algorithms by using random grids to accomplish the encryption of the secret gray-level and color images in such a way that neither of the two encrypted shares alone leaks the information of thesecret image, whereas the secret can be seen when these two shares are superimposed.
267 citations
16 Apr 2007
TL;DR: This paper presents a simplified bit-decomposition protocol by analyzing the original protocol and constructs more efficient protocols for a comparison, interval test and equality test of shared secrets without relying on the bit- Decomposition Protocol.
Abstract: Damgard et al. [11] showed a novel technique to convert a polynomial sharing of secret a into the sharings of the bits of a in constant rounds, which is called the bit-decomposition protocol. The bit-decomposition protocol is a very powerful tool because it enables bitoriented operations even if shared secrets are given as elements in the field. However, the bit-decomposition protocol is relatively expensive.
In this paper, we present a simplified bit-decomposition protocol by analyzing the original protocol. Moreover, we construct more efficient protocols for a comparison, interval test and equality test of shared secrets without relying on the bit-decomposition protocol though it seems essential to such bit-oriented operations. The key idea is that we do computation on secret a with c and r where c = a + r, c is a revealed value, and r is a random bitwise-shared secret. The outputs of these protocols are also shared without being revealed.
The realized protocols as well as the original protocol are constantround and run with less communication rounds and less data communication than those of [11]. For example, the round complexities are reduced by a factor of approximately 3 to 10.
251 citations
TL;DR: A probabilistic (2,n) scheme for binary images and a deterministic (n,n), which provides a better contrast and significantly smaller recognized areas than other methods and gives an exact reconstruction.
240 citations
TL;DR: By a special strategy, Bob can steal Charlie's portion of information without being detected and then recover Alice's secret by himself and point out a possible way to improve the protocol to stand against this attack.
Abstract: The ring-arrangement quantum secret sharing protocol in the paper [K. Bradler and M. Dusek (2004) J. Opt. B: Quantum Semiclass. Opt. 6 63] is analyzed and it is shown that this protocol is secure for any eavesdropper except for a dishonest participant. For example, by a special strategy, Bob can steal Charlie's portion of information without being detected and then recover Alice's secret by himself. We give a description of this strategy and point out a possible way to improve the protocol to stand against this attack.
239 citations
TL;DR: A perfect secret sharing scheme for threshold secret sharing in groups with hierarchical structure that uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values.
Abstract: We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings, the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k0 0 members from the highest level, as well as at least k1 > k0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past, none of the existing solutions addresses the simple setting where, say, a bank transfer should be signed by three employees, at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that, unlike most secret sharing schemes that are suitable for hierarchical structures, is ideal. As in Shamir's scheme, the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently, our scheme uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In addition, we devise an ideal and efficient secret sharing scheme for the closely related hierarchical threshold access structures that were studied by Simmons and Brickell.
233 citations
TL;DR: This paper proposes a visual secret sharing scheme that encodes a set of x≥2 secrets into two circle shares such that none of any single share leaks the secrets and the x secrets can be obtained one by one by stacking the first share and the rotated second shares with x different rotation angles.
222 citations
TL;DR: A secure and efficient key management framework (SEKM) for mobile ad hoc networks that builds PKI by applying a secret sharing scheme and an underlying multicast server group and an efficient server group updating scheme is proposed.
215 citations
12 Nov 2007
TL;DR: Using the theory of reciprocity for antennas and electromagnetic propagation, a key distribution method is proposed that uses the ultrawideband channel pulse response between two transceivers as a source of common randomness that is not available to enemy observers in other locations.
Abstract: To establish a secure communications link between any two transceivers, the communicating parties require some shared secret, or key, with which to encrypt the message so that it cannot be understood by an enemy observer. Using the theory of reciprocity for antennas and electromagnetic propagation, a key distribution method is proposed that uses the ultrawideband channel pulse response between two transceivers as a source of common randomness that is not available to enemy observers in other locations. The maximum size of a key that can be shared in this way is characterized by the mutual information between the observations of two radios, and an approximation on mutual information is found for a general multipath channel and examples given for UWB channel models. Simulation results of key lengths achieved using the proposed key sharing techniques over some ultrawideband channel models are presented.
160 citations
TL;DR: A generic method that converts a VCS to another VCS that has the property of cheating prevention is proposed and the overhead of the conversion is near optimal in both contrast degression and pixel expansion.
Abstract: Visual cryptography (VC) is a method of encrypting a secret image into shares such that stacking a sufficient number of shares reveals the secret image. Shares are usually presented in transparencies. Each participant holds a transparency. Most of the previous research work on VC focuses on improving two parameters: pixel expansion and contrast. In this paper, we studied the cheating problem in VC and extended VC. We considered the attacks of malicious adversaries who may deviate from the scheme in any way. We presented three cheating methods and applied them on attacking existent VC or extended VC schemes. We improved one cheat-preventing scheme. We proposed a generic method that converts a VCS to another VCS that has the property of cheating prevention. The overhead of the conversion is near optimal in both contrast degression and pixel expansion
21 Oct 2007
TL;DR: There is an obvious connection between IRSS schemes and the fact that there exist functions with an exponential gap in their communication complexity for k and k-1 rounds, and the scheme implies such a separation which is in several aspects stronger than the previously known ones.
Abstract: We introduce a new primitive called intrusion-resilient secret sharing (IRSS), whose security proof exploits the fact that there exist functions which can be efficiently computed interactively using low communication complexity in k, but not in k-1 rounds. IRSS is a means of sharing a secret message amongst a set of players which comes with a very strong security guarantee. The shares in an IRSS are made artificially large so that it is hard to retrieve them completely, and the reconstruction procedure is interactive requiring the players to exchange k short messages. The adversaries considered can attack the scheme in rounds, where in each round the adversary chooses some player to corrupt and some function, and retrieves the output of that function applied to the share of the corrupted player. This model captures for example computers connected to a network which can occasionally he infected by malicious software like viruses, which can compute any function on the infected machine, but cannot sent out a huge amount of data. Using methods from the bounded-retrieval model, we construct an IRSS scheme which is secure against any computationally unbounded adversary as long as the total amount of information retrieved by the adversary is somewhat less than the length of the shares, and the adversary makes at most k-1 corruption rounds (as described above, where k rounds are necessary for reconstruction). We extend our basic scheme in several ways in order to allow the shares sent by the dealer to be short (the players then blow them up locally) and to handle even stronger adversaries who can learn some of the shares completely. As mentioned, there is an obvious connection between IRSS schemes and the fact that there exist functions with an exponential gap in their communication complexity for k and k-1 rounds. Our scheme implies such a separation which is in several aspects stronger than the previously known ones.
TL;DR: This work presents an experimental demonstration of four-party quantum secret sharing via the resource ofFour-photon entanglement, a multiparty cryptographic task in which some secret information is split into several pieces which are distributed among the participants such that only an authorized set of participants can reconstruct the original secret.
Abstract: Secret sharing is a multiparty cryptographic task in which some secret information is split into several pieces which are distributed among the participants such that only an authorized set of participants can reconstruct the original secret. Similar to quantum key distribution, in quantum secret sharing, the secrecy of the shared information relies not on computational assumptions, but on laws of quantum physics. Here, we present an experimental demonstration of four-party quantum secret sharing via the resource of four-photon entanglement.
TL;DR: This paper proposes an innovative scheme, namely the scalable secret image sharing scheme, for sharing an image O among n participants such that the clarity of the reconstructed image scales with proportion with the number of participants.
Abstract: In this paper, we propose an innovative scheme, namely the scalable secret image sharing scheme, for sharing an image O among n participants such that the clarity of the reconstructed image (i.e., the amount of information therein) scales with proportion with the number of the participants. The proposed scheme encodes O into n shadow images that exhibit the following features: (a) each shadow image reveals no information about O, (b) each shadow image is only half the size of O, (c) any k (2=
TL;DR: A VSS scheme that maps a block in a secret image onto one corresponding equal-sized block in each share image without image size expansion is proposed, and two types of techniques, including histogram width-equalization and histogram depth- equalization, are proposed to generate the corresponding share blocks containing multiple levels.
TL;DR: A practical verifiable multi-secret sharing scheme, which is based on the YCH scheme and the intractability of the discrete logarithm, is proposed in this paper and can be used in practice widely.
TL;DR: In this paper, Asmuth et al. showed that the Chinese remainder theorem can be used for realizing more general access structures, such as the compartmented or the weighted threshold ones.
Patent•
07 Nov 2007
TL;DR: In this paper, a robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed, where a cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares.
Abstract: A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values.
TL;DR: The results of the experiment and security analysis show that the proposed scheme is more secure in comparison with the two previous cheating prevention schemes in the literature, but extra burdens are also eliminated.
28 Oct 2007
TL;DR: In this article, the authors give a unified account of classical secret sharing goals from a modern cryptographic vantage, including perfect, statistical, and computational secret sharing; static and dynamic adversaries; schemes with or without robustness; schemes where a participant recovers the secret and those where an external party does so.
Abstract: We give a unified account of classical secret-sharing goals from a modern cryptographic vantage. Our treatment encompasses perfect, statistical, and computational secret sharing; static and dynamic adversaries; schemes with or without robustness; schemes where a participant recovers the secret and those where an external party does so. We then show that Krawczyk's 1993 protocol for robust computational secret sharing (RCSS) need not be secure, even in the random-oracle model and for threshold schemes, if the encryption primitive it uses satisfies only one-query indistinguishability (ind1), the only notion Krawczyk defines. Nonetheless, we show that the protocol is secure (in the random-oracle model, for threshold schemes) if the encryption scheme also satisfies one-query key-unrecoverability (key1). Since practical encryption schemes are ind1+key1 secure, our result effectively shows that Krawczyk's RCSS protocol is sound (in the random-oracle model, for threshold schemes). Finally, we prove the security for a variant of Krawczyk's protocol, in the standard model and for arbitrary access structures, assuming ind1 encryption and a statistically-hiding, weakly-binding commitment scheme.
Posted Content•
TL;DR: There is an obvious connection between IRSS schemes and the fact that there exist functions with an exponential gap in their communication complexity for k and k-1 rounds, and the scheme implies such a separation which is in several aspects stronger than the previously known ones.
Abstract: We introduce a new primitive called Intrusion-Resilient Secret Sharing (IRSS), whose security proof exploits the fact that there exist functions which can be efficiently computed interactively using low communication complexity in k, but not in k − 1 rounds. IRSS is a means of sharing a secret message amongst a set of players which comes with a very strong security guarantee. The shares in an IRSS are made artificially large so that it is hard to retrieve them completely, and the reconstruction procedure is interactive requiring the players to exchange k short messages. The adversaries considered can attack the scheme in rounds, where in each round the adversary chooses some player to corrupt and some function, and retrieves the output of that function applied to the share of the corrupted player. This model captures for example computers connected to a network which can occasionally be infected by malicious software like viruses, which can compute any function on the infected machine, but cannot sent out a huge amount of data. Using methods from the Bounded-Retrieval Model, we construct an IRSS scheme which is secure against any computationally unbounded adversary as long as the total amount of information retrieved by the adversary is somewhat less than the length of the shares, and the adversary makes at most k−1 corruption rounds (as described above, where k rounds are necessary for reconstruction). We extend our basic scheme in several ways in order to allow the shares sent by the dealer to be short (the players then blow them up locally) and to handle even stronger adversaries who can learn some of the shares completely. As mentioned, there is an obvious connection between IRSS schemes and the fact that there exist functions with an exponential gap in their communication complexity for k and k − 1 rounds. Our scheme implies such a separation which is in several aspects stronger than the previously known ones.
Proceedings Article•
17 Jun 2007TL;DR: POTSHARDS is an archival storage system that provides long-term security for data with very long lifetimes without using encryption, and uses a new technique, approximate pointers, in conjunction with secure distributed RAID techniques to provide availability and reliability across independent archives.
Abstract: Users are storing ever-increasing amounts of information digitally, driven by many factors including government regulations and the public's desire to digitally record their personal histories. Unfortunately, many of the security mechanisms that modern systems rely upon, such as encryption, are poorly suited for storing data for indefinitely long periods of time--it is very difficult to manage keys and update cryptosystems to provide secrecy through encryption over periods of decades. Worse, an adversary who can compromise an archive need only wait for cryptanalysis techniques to catch up to the encryption algorithm used at the time of the compromise in order to obtain "secure" data.
To address these concerns, we have developed POTSHARDS, an archival storage system that provides long-term security for data with very long lifetimes without using encryption. Secrecy is achieved by using provably secure secret splitting and spreading the resulting shares across separately-managed archives. Providing availability and data recovery in such a system can be difficult; thus, we use a new technique, approximate pointers, in conjunction with secure distributed RAID techniques to provide availability and reliability across independent archives. To validate our design, we developed a prototype POTSHARDS implementation, which has demonstrated "normal" storage and retrieval of user data using indexes, the recovery of user data using only the pieces a user has stored across the archives and the reconstruction of an entire failed archive.
24 Jun 2007
TL;DR: A method for secret key agreement in a pair-wise independent network that is based on well-established point-to- point techniques and repeated application of the one-time pad over a graphical representation of the network is proposed.
Abstract: We consider a pair-wise independent network in which every pair of terminals observes a common pair-wise source that is independent of all the sources accessible to the other pairs. We propose a method for secret key agreement in such a network that is based on well-established point-to- point techniques and repeated application of the one-time pad over a graphical representation of the network. Three specific problems are investigated. (1) Each terminal's observations are correlated only with the observations of a central terminal. All these terminals wish to generate a common secret key. (2) Two designated terminals wish to generate a secret key with the help of other terminals. (3) All terminals wish to generate a common secret key. In each of these cases, we show that our two-step approach can yield an optimal protocol, in terms of the resulting secret key rates. Furthermore, such a protocol is provided for the first two problems, while an efficient protocol is given for the third problem.
TL;DR: This paper investigates how threshold cryptography can be conducted with the Asmuth-Bloom secret sharing scheme and presents three novel function sharing schemes for RSA, ElGamal and Paillier cryptosystems, believed to be the first provably secure threshold cryptosSystems realized using the AsMuth- Bloom secret sharing.
Patent•
16 Oct 2007TL;DR: In this paper, a secret information management system is defined, which consists of a secret distribution unit which secretly distributes a data key k using a (k, n) threshold secret sharing scheme and creates n distributed keys B1, B2,..., Bn in the decryption of data D input from a user terminal.
Abstract: In a secret information management system, a secret information management apparatus comprises a secret distribution unit which secretly distributes a data key k using a (k, n) threshold secret sharing scheme and creates n distributed keys B1, B2, . . . , Bn in the decryption of data D input from a user terminal, an encryption unit which creates n encrypted distributed keys EP1(B1), EP2(B2) . . . , EPn(Bn) using n distributed manager public keys P1, P2, . . . Pn, and an encrypted data storage unit which stores encrypted data EK(D), an encrypted data key EPx(K) and the n encrypted distributed keys in association with each other.
TL;DR: A scheme of multiparty quantum secret sharing of classical messages (QSSCM), in which no subset of all the classical message receivers is sufficient to extract the sender’s secret classical messages but all the parties cooperate together, is proposed.
14 May 2007
TL;DR: A new algorithm is presented, SSDPOP, which augments a prominent DCOP algorithm (DPOP) with secret sharing techniques, which significantly reduces privacy loss, while preserving the structure of the DPOP algorithm and introducing only minimal computational overhead.
Abstract: multiagent systems designed to work collaboratively with groups of people typically require private information that people will entrust to them only if they have assurance that this information will be protected. Although Distributed Constraint Optimization (DCOP) has emerged as a prominent technique for multiagent coordination, existing algorithms for solving DCOP problems do not adeqately protect agents' privacy. This paper analyzes privacy protection and loss in existing DCOP algorithms. It presents a new algorithm, SSDPOP, which augments a prominent DCOP algorithm (DPOP) with secret sharing techniques. This approach significantly reduces privacy loss, while preserving the structure of the DPOP algorithm and introducing only minimal computational overhead. Results show that SSDPOP reduces privacy loss by 29--88% on average over DPOP.
TL;DR: This paper presents a new EVSS scheme by using gray and white subpixels to represent the secret pixel, which has the capability of visually revealing the secret image by stacking shadow images without the help of hardware and complex computation.
Abstract: Visual secret sharing (VSS) scheme is a perfectly secure method to divide a secret image into several noise-like shadow images by splitting a secret pixel into black and white subpixels. Unlike other secret sharing schemes, the VSS scheme can be easily decoded by the human visual sight when staking shadow images. However, noise-like shadows are unusual and suspected by censors when delivered by e-mail or fax. Also, noise-like shadows are difficult to identify and manage when distributed. The problem was solved by adding the extended capability, a meaningful shadow image, in the so-called extended visual secret sharing (EVSS) scheme. In this paper, we present a new EVSS scheme by using gray and white subpixels to represent the secret pixel. Our proposed scheme still has the capability of visually revealing the secret image by stacking shadow images without the help of hardware and complex computation. When compared to the previous EVSS scheme, our new scheme has less number of subpixels to represent a secret pixel and the clearer shadow images.
TL;DR: In this paper, the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders, was considered.
Abstract: We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a nonstandard scheme designed specifically for this purpose, or to have communication between shareholders. In contrast, we show how to increase the threshold parameter of the standard Shamir secret-sharing scheme without communication between the shareholders. Our technique can thus be applied to existing Shamir schemes even if they were set up without consideration to future threshold increases. Our method is a new positive cryptographic application for lattice reduction algorithms, inspired by recent work on lattice-based list decoding of Reed-Solomon codes with noise bounded in the Lee norm. We use fundamental results from the theory of lattices (geometry of numbers) to prove quantitative statements about the information-theoretic security of our construction. These lattice-based security proof techniques may be of independent interest.
TL;DR: The proposed method detects spatial cropping and temporal jittering in a video, yet is robust against frame dropping in the streaming video scenario and provides extensive experimental results to show the utility of the technique in three different scenarios—streaming video, video identification and face tampering.
Abstract: This paper addresses the problem of ensuring the integrity of a digital video and presents a scalable signature scheme for video authentication based on cryptographic secret sharing. The proposed method detects spatial cropping and temporal jittering in a video, yet is robust against frame dropping in the streaming video scenario. In our scheme, the authentication signature is compact and independent of the size of the video. Given a video, we identify the key frames based on differential energy between the frames. Considering video frames as shares, we compute the corresponding secret at three hierarchical levels. The master secret is used as digital signature to authenticate the video. The proposed signature scheme is scalable to three hierarchical levels of signature computation based on the needs of different scenarios. We provide extensive experimental results to show the utility of our technique in three different scenarios--streaming video, video identification and face tampering.