Showing papers on "Secret sharing published in 2012"

Efficient Fair Conditional Payments for Outsourcing Computations

Abstract: The outsourcing computations in distributed environments suffer from the trust problems between the outsourcer and the workers All existing solutions only assume the rational lazy-but-honest workers In this paper, we first introduce the rational lazy-and-partially-dishonest workers in the outsourcing computation model In addition, we propose a new fair conditional payment scheme for outsourcing computation that is only based on traditional electronic cash systems The proposed construction uses a semitrusted third party T to achieve the fairness and efficiency However, T is only involved in the protocol in the exceptional case, namely in the case of disputes Moreover, since neither the secret sharing/splitting scheme nor the cut-and-choose protocol is used for the generation or verification of the payment token, our solution clearly outperforms the existing schemes in terms of efficiency

Secure and Energy-Efficient Disjoint Multipath Routing for WSNs

Abstract: Recent advances in microelectromechanical system (MEMS) technology have boosted the deployment of wireless sensor networks (WSNs). Limited by the energy storage capability of sensor nodes, it is crucial to jointly consider security and energy efficiency in data collection of WSNs. The disjoint multipath routing scheme with secret sharing is widely recognized as one of the effective routing strategies to ensure the safety of information. This kind of scheme transforms each packet into several shares to enhance the security of transmission. However, in many-to-one WSNs, shares have high probability to traverse through the same link and to be intercepted by adversaries. In this paper, we formulate the secret-sharing-based multipath routing problem as an optimization problem. Our objective aims at maximizing both network security and lifetime, subject to the energy constraints. To this end, a three-phase disjoint routing scheme called the Security and Energy-efficient Disjoint Route (SEDR) is proposed. Based on the secret-sharing algorithm, the SEDR scheme dispersively and randomly delivers shares all over the network in the first two phases and then transmits these shares to the sink node. Both theoretical and simulation results demonstrate that our proposed scheme has significant improvement in network security under both scenarios of single and multiple black holes without reducing the network lifetime.

Functional encryption for threshold functions (or fuzzy IBE) from lattices

Abstract: Cryptosystems based on the hardness of lattice problems have recently acquired much importance due to their average-case to worst-case equivalence, their conjectured resistance to quantum cryptanalysis, their ease of implementation and increasing practicality, and, lately, their promising potential as a platform for constructing advanced functionalities. In this work, we construct "Fuzzy" Identity Based Encryption from the hardness of the Learning With Errors (LWE) problem. We note that for our parameters, the underlying lattice problems (such as gapSVP or SIVP) are assumed to be hard to approximate within supexponential factors for adversaries running in subexponential time. We give CPA and CCA secure variants of our construction, for small and large universes of attributes. All our constructions are secure against selective-identity attacks in the standard model. Our construction is made possible by observing certain special properties that secret sharing schemes need to satisfy in order to be useful for Fuzzy IBE. We also discuss some obstacles towards realizing lattice-based attribute-based encryption (ABE).

Deploying Secure Multi-Party Computation for Financial Data Analysis

Abstract: We show how to collect and analyze financial data for a consortium of ICT companies using secret sharing and secure multi-party computation (MPC). This is the first time where the actual MPC computation on real data was done over the internet with computing nodes spread geographically apart. We describe the technical solution and present user feedback revealing that MPC techniques give sufficient assurance for data donors to submit their sensitive information.

Threshold implementations of all 3×3 and 4×4 s-boxes

Abstract: Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn't describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible 3 ×3, 4 ×4 S-boxes and the 6 ×4 DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 ×8) S-boxes. Finally, we investigate the cost of such protection.

An Extended Visual Cryptography Algorithm for General Access Structures

Abstract: Conventional visual secret sharing schemes generate noise-like random pixels on shares to hide secret images. It suffers a management problem, because of which dealers cannot visually identify each share. This problem is solved by the extended visual cryptography scheme (EVCS), which adds a meaningful cover image in each share. However, the previous approaches involving the EVCS for general access structures suffer from a pixel expansion problem. In addition, the visual cryptography (VC)-based approach needs a sophisticated codebook design for various schemes. In this paper, we propose a general approach to solve the above- mentioned problems; the approach can be used for binary secret images in noncomputer-aided decryption environments. The pro- posed approach consists of two phases. In the first phase, based on a given access structure, we construct meaningless shares using an optimization technique and the construction for conventional VC schemes. In the second phase, cover images are added in each share directly by a stamping algorithm. The experimental results indicate that a solution to the pixel expansion problem of the EVCS for GASs is achieved. Moreover, the display quality of the recovered image is very close to that obtained using conventional VC schemes.

Practical yet universally composable two-server password-authenticated secret sharing

Abstract: Password-authenticated secret sharing (PASS) schemes, first introduced by Bagherzandi et al. at CCS 2011, allow users to distribute data among several servers so that the data can be recovered using a single human-memorizable password, but no single server (or even no collusion of servers up to a certain size) can mount an off-line dictionary attack on the password or learn anything about the data. We propose a new, universally composable (UC) security definition for the two-server case (2PASS) in the public-key setting that addresses a number of relevant limitations of the previous, non-UC definition. For example, our definition makes no prior assumptions on the distribution of passwords, preserves security when honest users mistype their passwords, and guarantees secure composition with other protocols in spite of the unavoidable non-negligible success rate of online dictionary attacks. We further present a concrete 2PASS protocol and prove that it meets our definition. Given the strong security guarantees, our protocol is surprisingly efficient: in its most efficient instantiation under the DDH assumption in the random-oracle model, it requires fewer than twenty elliptic-curve exponentiations on the user's device. We achieve our results by careful protocol design and by exclusively focusing on the two-server public-key setting.

A Secret-Sharing-Based Method for Authentication of Grayscale Document Images via the Use of the PNG Image With a Data Repair Capability

Abstract: A new blind authentication method based on the secret sharing technique with a data repair capability for grayscale document images via the use of the Portable Network Graphics (PNG) image is proposed. An authentication signal is generated for each block of a grayscale document image, which, together with the binarized block content, is transformed into several shares using the Shamir secret sharing scheme. The involved parameters are carefully chosen so that as many shares as possible are generated and embedded into an alpha channel plane. The alpha channel plane is then combined with the original grayscale image to form a PNG image. During the embedding process, the computed share values are mapped into a range of alpha channel values near their maximum value of 255 to yield a transparent stego-image with a disguise effect. In the process of image authentication, an image block is marked as tampered if the authentication signal computed from the current block content does not match that extracted from the shares embedded in the alpha channel plane. Data repairing is then applied to each tampered block by a reverse Shamir scheme after collecting two shares from unmarked blocks. Measures for protecting the security of the data hidden in the alpha channel are also proposed. Good experimental results prove the effectiveness of the proposed method for real applications.

Semiquantum secret sharing using two-particle entangled state

Abstract: We present a semiquantum secret sharing protocol by using two-particle entangled states in which quantum Alice shares a secret key with two classical parties, Bob and Charlie. Classical Bob and Charlie are restricted to measuring, preparing a particle in the computational basis, or reflecting the particles. None of them can acquire the secret unless they collaborate. We also show the protocol is secure against eavesdropping.

Secret Sharing Schemes Based on Linear Codes Can Be Precisely Characterized by the Relative Generalized Hamming Weight

Abstract: SUMMARY This paper precisely characterizes secret sharing schemes based on arbitrary linear codes by using the relative dimension/length pro- file (RDLP) and the relative generalized Hamming weight (RGHW). We first describe the equivocation Δm of the secret vectors =( s1 ,..., sl) given m shares in terms of the RDLP of linear codes. We also characterize two thresholds t1 and t2 in the secret sharing schemes by the RGHW of linear codes. One shows that any set of at most t1 shares leaks no information abouts, and the other shows that any set of at least t2 shares uniquely de- terminess. It is clarified that both characterizations for t1 and t2 are better than Chen et al.'s ones derived by the regular minimum Hamming weight. Moreover, this paper characterizes the strong security in secret sharing schemes based on linear codes, by generalizing the definition of strongly- secure threshold ramp schemes. We define a secret sharing scheme achiev- ing the α-strong security as the one such that the mutual information be- tween any r elements of (s1 ,..., sl) and any α −r+ 1s hares is always zero. Then, it is clarified that secret sharing schemes based on linear codes can always achieve the α-strong security where the value α is precisely char- acterized by the RGHW.

Unconditionally-Secure robust secret sharing with compact shares

Abstract: We consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3≤t

Identifying cheaters without an honest majority

Abstract: Motivated by problems in secure multiparty computation (MPC), we study a natural extension of identifiable secret sharing to the case where an arbitrary number of players may be corrupted. An identifiable secret sharing scheme is a secret sharing scheme in which the reconstruction algorithm, after receiving shares from all players, either outputs the correct secret or publicly identifies the set of all cheaters (players who modified their original shares) with overwhelming success probability. This property is impossible to achieve without an honest majority. Instead, we settle for having the reconstruction algorithm inform each honest player of the correct set of cheaters. We show that this new notion of secret sharing can be unconditionally realized in the presence of arbitrarily many corrupted players. We demonstrate the usefulness of this primitive by presenting several applications to MPC without an honest majority. Complete primitives for MPC. We present the first unconditional construction of a complete primitive for fully secure function evaluation whose complexity does not grow with the complexity of the function being evaluated. This can be used for realizing fully secure MPC using small and stateless tamper-proof hardware. A previous completeness result of Gordon et al. (TCC 2010) required the use of cryptographic signatures. Applications to partial fairness. We eliminate the use of cryptography from the online phase of recent protocols for multiparty coin-flipping and MPC with partial fairness (Beimel et al., Crypto 2010 and Crypto 2011). This is a corollary of a more general technique for unconditionally upgrading security against fail-stop adversaries with preprocessing to security against malicious adversaries. Finally, we complement our positive results by a negative result on identifying cheaters in unconditionally secure MPC. It is known that MPC without an honest majority can be realized unconditionally in the OT-hybrid model, provided that one settles for "security with abort" (Kilian, 1988). That is, the adversary can decide whether to abort the protocol after learning the outputs of corrupted players. We show that such protocols cannot be strengthened so that all honest players agree on the identity of a corrupted player in the event that the protocol aborts, even if a broadcast primitive can be used. This is contrasted with the computational setting, in which this stronger notion of security can be realized under standard cryptographic assumptions (Goldreich et al., 1987).

Ideal Hierarchical Secret Sharing Schemes

Abstract: Hierarchical secret sharing is among the most natural generalizations of threshold secret sharing, and it has attracted a lot of attention since the invention of secret sharing until nowadays. Several constructions of ideal hierarchical secret sharing schemes have been proposed, but it was not known what access structures admit such a scheme. We solve this problem by providing a natural definition for the family of the hierarchical access structures and, more importantly, by presenting a complete characterization of the ideal hierarchical access structures, that is, the ones admitting an ideal secret sharing scheme. Our characterization is based on the well-known connection between ideal secret sharing schemes and matroids and, more specifically, on the connection between ideal multipartite secret sharing schemes and integer polymatroids. In particular, we prove that every hierarchical matroid port admits an ideal linear secret sharing scheme over every large enough finite field. Finally, we use our results to present a new proof for the existing characterization of the ideal weighted threshold access structures.

Linguistic protocols for secure information management and sharing

Abstract: One issue which is essential for the security of calculations and communication as well as the ability to guarantee data confidentiality is intelligent threshold division of strategic information that may later be passed on to a group of authorized users for reconstruction and shared use. Enabling such division of information acquires particular significance with regard to the management of important and confidential data by various national institutions, corporations or strategic (military) units. It seems that these techniques will become increasingly more important along with the growing number of their applications. The division of confidential information is inevitably related to the cryptographic algorithms of the division of secrets. Relying on these techniques, this paper will focus on two issues. The first is the expansion of the traditional techniques for the division of secrets and the development of the so-called linguistic threshold schemes, a new concept based on the traditional algorithms of the division of information which additionally introduces the stage of linguistic conversion of shared data using specially defined formal grammar. The other is the demonstration of how linguistic threshold schemes thus developed may be used to manage secret data in a variety of selected organizational structures.

Ideal Multipartite Secret Sharing Schemes

Abstract: Multipartite secret sharing schemes are those having a multipartite access structure, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. In this work, the characterization of ideal multipartite access structures is studied with all generality. Our results are based on the well-known connections between ideal secret sharing schemes and matroids and on the introduction of a new combinatorial tool in secret sharing, integer polymatroids . Our results can be summarized as follows. First, we present a characterization of multipartite matroid ports in terms of integer polymatroids. As a consequence of this characterization, a necessary condition for a multipartite access structure to be ideal is obtained. Second, we use representations of integer polymatroids by collections of vector subspaces to characterize the representable multipartite matroids. In this way we obtain a sufficient condition for a multipartite access structure to be ideal, and also a unified framework to study the open problems about the efficiency of the constructions of ideal multipartite secret sharing schemes. Finally, we apply our general results to obtain a complete characterization of ideal tripartite access structures, which was until now an open problem.

Exact In-Network Aggregation with Integrity and Confidentiality

Abstract: In-network aggregation reduces the energy cost of processing aggregate queries (such as SUM, MAX, etc.) in wireless sensor networks. Recently, research has focused on secure in-network aggregation, motivated by the following two scenarios: 1) the sensors are deployed in open and unsafe environments, and 2) the aggregation process is outsourced to an untrustworthy service. Despite the bulk of work on the topic, there is currently no solution providing both integrity and confidentiality in the above scenarios. Moreover, existing solutions either return approximate results, or have limited applicability to certain types of aggregate queries. Our paper is the first work that provides both integrity and confidentiality in the aforementioned scenarios, while covering a wide range of aggregates and returning exact results. We initially present SIES, a scheme that solves exact SUM queries through a combination of homomorphic encryption and secret sharing. Subsequently, we show how to adapt SIES in order to support many other exact aggregate queries (such as MAX, MEDIAN, etc.). Finally, we augment our schemes with a functionality that identifies malicious sensors, preventing denial-of-service (DoS) attacks and attributing robustness to the system. Our techniques are lightweight and induce very small bandwidth consumption. Therefore, they constitute ideal solutions for resource-constrained sensors.

$k$ Out of $n$ Region Incrementing Scheme in Visual Cryptography

Abstract: Recently, Wang introduced a novel (2, n ) region incrementing visual cryptographic scheme (RIVCS), which can gradually reconstruct secrets in a single image with multiple security levels. In RIVCS, the secret image is subdivided into multiple regions in such a way that any t shadow images, where 2 ≤ t ≤ n, can be used to reveal the (t-1) th region. However, Wang's scheme suffers from the incorrect-color problem, which the colors of reconstructed images may be reversed (i.e., the black and white are reversed). If the color of text is also the secret information, the incorrect-color problem will compromise the secret. Additionally, Wang's scheme is only suitable for the 2-out-of-n case, i.e., (k,n)-RIVCS where k=2. In this paper, we propose a general (k,n)-RIVCS, where k and n are any integers, that is able to reveal correct colors of all regions. This paper has made three main contributions: 1) our scheme is a general (k,n)-RIVCS, where k and n can be any integers; 2) the incorrect-color problem is solved; and 3) our (k,n)-RIVCS is theoretically proven to satisfy the security and contrast conditions.

Verifiable quantum (k, n)-threshold secret sharing

Abstract: In a conventional quantum (k, n) threshold scheme, a trusted party shares a quantum secret with n agents such that any k or more agents can cooperate to recover the original secret, while fewer than k agents obtain no information about the secret. Is the reconstructed quantum secret same with the original one? Or is the dishonest agent willing to provide a true share during the secret reconstruction? In this paper we reexamine the security of quantum (k, n) threshold schemes and show how to construct a verifiable quantum (k, n) threshold scheme by combining a qubit authentication process. The novelty of ours is that it can provide a mechanism for checking whether the reconstructed quantum secret is same with the original one. This mechanism can also attain the goal of checking whether the dishonest agent provides a false quantum share during the secret reconstruction such that the secret quantum state cannot be recovered correctly.

Multi-drive cooperation to generate an encryption key

Abstract: A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme. The data of each storage device is encrypted with a key, and the key is encrypted based on a shared secret and a device-specific value. Each storage device stores a share and its encrypted key, and if a number of storage devices above a threshold are available, then the shared secret can be reconstructed from the shares and used to decrypt the encrypted keys. Otherwise, the secret cannot be reconstructed if less than the threshold number of storage devices are accessible, and then data on the storage devices will be unreadable.

Practical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing.

Abstract: Password-authenticated secret sharing (PASS) schemes, first introduced by Bagherzandi et al. at CCS 2011, allow users to distribute data among several servers so that the data can be recovered using a single humanmemorizable password, but no single server (or collusion of servers up to a certain size) can mount an off-line dictionary attack on the password or learn anything about the data. We propose a new, universally composable (UC) security definition for the two-server case (2PASS) in the public-key setting that addresses a number of relevant limitations of the previous, non-UC definition. For example, our definition makes no prior assumptions on the distribution of passwords, preserves security when honest users mistype their passwords, and guarantees secure composition with other protocols in spite of the unavoidable non-negligible success rate of online dictionary attacks. We further present a concrete 2PASS protocol and prove that it meets our definition. Given the strong security guarantees, our protocol is surprisingly efficient: in its most efficient instantiation under the DDH assumption in the random-oracle model, it requires fewer than twenty elliptic-curve exponentiations on the user’s device. We achieve our results by careful protocol design and by exclusively focusing on the two-server public-key setting.

Security limitations of using secret sharing for data outsourcing

Abstract: Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k=8.