Showing papers on "Secret sharing published in 2013"
TL;DR: This paper introduces an algorithm for a perfectly secure key distribution scheme for dynamic conferences by using Pell's equation, and shows that even if k users pool together their pieces they cannot compute anything about a key of any t-size conference comprised of other users.
Abstract: A key distribution scheme for dynamic conferences is a method by which initially an trusted server distributes private individual pieces of in- formation to a set of users. Later each member of any group of users of given size can compute a common secure group key. In this setting any group of t users can compute a common key by each user computing using only his pri- vate initial piece of information and the identities of the other t − 1 users in the group. Keys are secure against coalition of to k users, that is, even if k users pool together their pieces they cannot compute anything about a key of any t-size conference comprised of other users. In this paper, we introduce an algorithm for such perfectly secure scheme by using Pell's equation.
426 citations
01 Jun 2013
TL;DR: In this paper, the concept of witness encryption is introduced and several cryptographic primitives from witness encryption are presented. But the authors emphasize that the encrypter himself may have no idea whether $x$ is actually in the language, and they give a candidate construction based on the NP-complete Exact Cover problem and Garg, Gentry and Halevi's recent construction of approximate multilinear maps.
Abstract: We put forth the concept of witness encryption. A witness encryption scheme is defined for an NP language L (with corresponding witness relation R). In such a scheme, a user can encrypt a message M to a particular problem instance x to produce a ciphertext. A recipient of a ciphertext is able to decrypt the message if x is in the language and the recipient knows a witness w where R(x,w) holds. However, if x is not in the language, then no polynomial-time attacker can distinguish between encryptions of any two equal length messages. We emphasize that the encrypter himself may have no idea whether $x$ is actually in the language. Our contributions in this paper are threefold. First, we introduce and formally define witness encryption. Second, we show how to build several cryptographic primitives from witness encryption. Finally, we give a candidate construction based on the NP-complete Exact Cover problem and Garg, Gentry, and Halevi's recent construction of "approximate" multilinear maps.Our method for witness encryption also yields the first candidate construction for an open problem posed by Rudich in 1989: constructing computational secret sharing schemes for an NP-complete access structure.
297 citations
Posted Content•
TL;DR: In this article, the concept of witness encryption is introduced and several cryptographic primitives from witness encryption are presented. But the main difference is that the encrypter himself may have no idea whether a ciphertext is actually in the language.
Abstract: We put forth the concept of witness encryption. A witness encryption scheme is defined for an NP language L (with corresponding witness relation R). In such a scheme, a user can encrypt a message M to a particular problem instance x to produce a ciphertext. A recipient of a ciphertext is able to decrypt the message if x is in the language and the recipient knows a witness w where R(x,w) holds. However, if x is not in the language, then no polynomial-time attacker can distinguish between encryptions of any two equal length messages. We emphasize that the encrypter himself may have no idea whether x is actually in the language. Our contributions in this paper are threefold. First, we introduce and formally define witness encryption. Second, we show how to build several cryptographic primitives from witness encryption. Finally, we give a candidate construction based on the NP-complete Exact Cover problem and Garg, Gentry, and Halevi’s recent construction of “approximate” multilinear maps. Our method for witness encryption also yields the first candidate construction for an open problem posed by Rudich in 1989: constructing computational secret sharing schemes for an NP-complete access structure.
179 citations
[...]
TL;DR: This paper proposes a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks and cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices.
152 citations
[...]
TL;DR: A new type of authentication, call group authentication, which authenticates all users belonging to the same group is proposed in this paper, which is based on Shamir's (t, n) secret sharing (SS) scheme.
Abstract: A new type of authentication, call group authentication, which authenticates all users belonging to the same group is proposed in this paper. The group authentication is specially designed for group-oriented applications. The group authentication is no longer a one-to-one type of authentication as most conventional user authentication schemes which have one prover and one verifier; but, it is a many-to-many type of authentication which has multiple provers and multiple verifiers. We propose a basic t-secure m-user n-group authentication scheme ((t, m, n) GAS), where t is the threshold of the proposed scheme, m is the number of users participated in the group authentication, and n is the number of members of the group, which is based on Shamir's (t, n) secret sharing (SS) scheme. The basic scheme can only work properly in synchronous communications. We also propose asynchronous (t, m, n) GASs, one is a GAS with one-time authentication and the other is a GAS with multiple authentications. The (t, m, n) GAS is very efficient since it is sufficient to authenticate all users at once if all users are group members; however, if there are nonmembers, it can be used as a preprocess before applying conventional user authentication to identify nonmembers.
127 citations
04 Nov 2013
TL;DR: PICCO is described, for converting a program written in an extension of C into its distributed secure implementation and running it in a distributed environment and indicates that many programs can be evaluated very efficiently on private data using PICCO.
Abstract: Secure computation on private data has been an active area of research for many years and has received a renewed interest with the emergence of cloud computing. In recent years, substantial progress has been made with respect to the efficiency of the available techniques and several implementations have appeared. The available tools, however, lacked a convenient mechanism for implementing a general-purpose}program in a secure computation framework suitable for execution in not fully trusted environments. This work fulfills this gap and describes a system, called PICCO, for converting a program written in an extension of C into its distributed secure implementation and running it in a distributed environment. The C extension preserves all current features of the programming language and allows variables to be marked as private and be used in general-purpose computation. Secure distributed implementation of compiled programs is based on linear secret sharing, achieving efficiency and information-theoretical security. Our experiments also indicate that many programs can be evaluated very efficiently on private data using PICCO.
115 citations
TL;DR: This paper proposes a new protocol of semi-quantum secret sharing, which utilizes product states instead of entangled states and proves that any attempt of an adversary to obtain information necessarily induces some errors that the legitimate users could notice.
Abstract: Boyer et al (2007 Phys. Rev. Lett. 99 140501) proposed a novel idea of semi-quantum key distribution, where a key can be securely distributed between Alice, who can perform any quantum operation, and Bob, who is classical. Extending the ?semi-quantum? idea to other tasks of quantum information processing is of interest and worth considering. In this paper, we consider the issue of semi-quantum secret sharing, where a quantum participant Alice can share a secret key with two classical participants, Bobs. After analyzing the existing protocol, we propose a new protocol of semi-quantum secret sharing. Our protocol is more realistic, since it utilizes product states instead of entangled states. We prove that any attempt of an adversary to obtain information necessarily induces some errors that the legitimate users could notice.
109 citations
TL;DR: It is proved that minimizing the number of PPNs is a NP-hard problem and proposed a fast greedy algorithm for scalability and the anonymity of external attackers is evaluated.
96 citations
TL;DR: Two algorithms, including a contrast-enhanced RG-based VSS and a void-and-cluster-based (VAC-based) post-processing, are introduced to improve the reconstructed image quality, illustrating that competitive visual quality is obtained by combined use of these two methods.
94 citations
TL;DR: A non-expanded block-based progressive visual secret sharing scheme with noise-like and meaningful shares with several advantages over other related methods, including one that is more suitable for grayscale and color secret images.
93 citations
TL;DR: The experimental results show that the proposed scheme outperforms Chen and Tsao (2011)'s scheme significantly in visual quality, and improves the contrast of Chen andTsao ( 2011)'s threshold scheme.
TL;DR: This paper considers the (t, s, k, n) essential SIS (ESIS) scheme, which encrypts a secret image into n shadow images and needs k shadows, which should include at least t essential shadows.
08 Nov 2013
TL;DR: In this paper, the authors propose a protocol for processing smart meter readings while preserving user privacy, implemented by adapting to the setting of efficient secret-sharing-based secure multi-party computation techniques.
Abstract: We design and prototype protocols for processing smart-meter readings while preserving user privacy We provide support for computing non-linear functions on encrypted readings, implemented by adapting to our setting efficient secret-sharing-based secure multi-party computation techniques Meter readings are jointly processed by a (public) storage service and a few independent authorities, each owning an additive share of the readings For non-linear processing, these parties consume pre-shared materials, produced by an off-line trusted third party This party never processes private readings; it may be implemented using trusted hardware or somewhat homomorphic encryption The protocol involves minimal, off-line support from the meters---a few keyed hash computations and no communication overhead
TL;DR: A novel RG-based VSS is developed, where the secret image can be recovered in two situations: (1) when computational devices are not available, the secret images can be reconstructed by stacking the shares directly, and (2) when some light-weight computational Devices are available,The secret imageCan be decrypted by XOR operation, and the decrypted secret image quality is approximately the same as that of conventional RG- based VSS.
18 Mar 2013
TL;DR: This paper considers the problem of secure data aggregation in a distributed setting while preserving differential privacy for the aggregated data, and implements all protocols with different privacy mechanisms and security schemes in terms of their complexity and security characteristics.
Abstract: This paper considers the problem of secure data aggregation in a distributed setting while preserving differential privacy for the aggregated data. In particular, we focus on the secure sum aggregation. Security is guaranteed by secure multiparty computation protocols using well known security schemes: Shamir's secret sharing, perturbation-based, and various encryption schemes. Differential privacy of the final result is achieved by distributed Laplace perturbation mechanism (DLPA). Partial random noise is generated by all participants, which draw random variables from Gamma or Gaussian distributions, such that the aggregated noise follows Laplace distribution to satisfy differential privacy. We also introduce a new efficient distributed noise generation scheme with partial noise drawn from Laplace distributions.We compare the protocols with different privacy mechanisms and security schemes in terms of their complexity and security characteristics. More importantly, we implemented all protocols, and present an experimental comparison on their performance and scalability in a real distributed environment.
TL;DR: It is shown that even a dishonest agent, who may avoid the security checking, cannot obtain any useful information in the proposed three-party QSS scheme via the entangled Greenberger–Horne–Zeilinger state.
Abstract: We present a three-party quantum secret sharing (QSS) scheme via the entangled Greenberger---Horne---Zeilinger state. In this scheme, the sender Alice encodes her arbitrary secret information by means of preparing a single-particle quantum state. The agent Bob obtains his shared information according to his hobby, while Charlie can easily calculate his shared information. The proposed scheme is secure. It is shown that even a dishonest agent, who may avoid the security checking, cannot obtain any useful information. Moreover, we further investigate the multi-party QSS scheme which allows most agents to predetermine their information.
13 Nov 2013
TL;DR: This paper proves that SKI and its variants is provably secure, even under the real-life setting of noisy communications, against the main types of relay attacks: distance-fraud and generalised versions of mafia- and terrorist-f fraud.
Abstract: From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. At FSEi¾ź2013, we presented SKI as the first family of provably secure distance bounding protocols. At LIGHTSECi¾ź2013, we presented the best attacks against SKI. In this paper, we present the security proofs. More precisely, we explicate a general formalism for distance-bounding protocols. Then, we prove that SKI and its variants is provably secure, even under the real-life setting of noisy communications, against the main types of relay attacks: distance-fraud and generalised versions of mafia- and terrorist-fraud. For this, we reinforce the idea of using secret sharing, combined with the new notion of a leakage scheme. In view of resistance to mafia-frauds and terrorist-frauds, we present the notion of circular-keying for pseudorandom functions PRFs; this notion models the employment of a PRF, with possible linear reuse of the key. We also use PRF masking to fix common mistakes in existing security proofs/claims.
TL;DR: This work defines and develops general constructions for threshold multiple-secret visual cryptographic schemes (MVCSs) as integer linear programs which minimize the pixel expansions under all necessary constraints.
Abstract: A conventional threshold (k out of n) visual secret sharing scheme encodes one secret image P into n transparencies (called shares) such that any group of k transparencies reveals P when they are superimposed, while that of less than k ones cannot. We define and develop general constructions for threshold multiple-secret visual cryptographic schemes (MVCSs) that are capable of encoding s secret images P1,P2,...,Ps into n shares such that any group of less than k shares obtains none of the secrets, while 1) each group of k, k+1,..., n shares reveals P1, P2, ..., Ps, respectively, when superimposed, referred to as (k, n, s)-MVCS where s=n-k+1; or 2) each group of u shares reveals P(ru) where ru ∈ {0,1,2,...,s} (ru=0 indicates no secret can be seen), k ≤ u ≤ n and 2 ≤ s ≤ n-k+1, referred to as (k, n, s, R)-MVCS in which R=(rk, rk+1, ..., rn) is called the revealing list. We adopt the skills of linear programming to model (k, n, s) - and (k, n, s, R) -MVCSs as integer linear programs which minimize the pixel expansions under all necessary constraints. The pixel expansions of different problem scales are explored, which have never been reported in the literature. Our constructions are novel and flexible. They can be easily customized to cope with various kinds of MVCSs.
15 Jul 2013
TL;DR: This architecture features secret sharing as an important measure to distribute health records as fragments to different cloud services, which can provide higher redundancy and additional security and privacy protection in the case of key compromise, broken encryption algorithms or their insecure implementation.
Abstract: The accelerated adoption of cloud computing among enterprises is due to the multiple benefits the technology provides, one of them the simplification of inter-organizational information sharing, which is of utmost importance in healthcare. Nevertheless, moving sensitive health records to the cloud still implies severe security and privacy risks. With this background, we present a novel secure architecture for sharing electronic health records in a cloud environment. We first conducted a systematic literature review and interviews with different experts from the German healthcare industry that allowed us to derive real-world processes and corresponding security and privacy requirements. Based on these results, we designed our multi-provider cloud architecture that satisfies many of the requirements by providing increased availability, confidentiality and integrity of the medical records stored in the cloud. This architecture features secret sharing as an important measure to distribute health records as fragments to different cloud services, which can provide higher redundancy and additional security and privacy protection in the case of key compromise, broken encryption algorithms or their insecure implementation. Finally, we evaluate and select a secret-sharing algorithm for our multi-cloud architecture. We implemented both Shamir's secret-sharing scheme and Rabin's information dispersal algorithm and performed several experiments measuring the execution time. Our results indicate that an adoption of Rabin's algorithm would create a low overhead, giving strong indicators to the feasibility of our approach.
20 Aug 2013
TL;DR: This paper provides a guideline on how to implement Shamir's secret sharing scheme, and provides practical side-channel evaluations based on a Virtex-5 FPGA, demonstrating that the implemented scheme is indeed secure against univariate power analysis attacks given a basic measurement setup.
Abstract: Several masking schemes to protect cryptographic implementations against side-channel attacks have been proposed. A few considered the glitches, and provided security proofs in presence of such inherent phenomena happening in logic circuits. One which is based on multi-party computation protocols and utilizes Shamir's secret sharing scheme was presented at CHES 2011. It aims at providing security for hardware implementations --- mainly of AES --- against those sophisticated side-channel attacks that also take glitches into account. One part of this article deals with the practical issues and relevance of the aforementioned masking scheme. Following the recommendations given in the extended version of the mentioned article, we first provide a guideline on how to implement the scheme for the simplest settings. Constructing an exemplary design of the scheme, we provide practical side-channel evaluations based on a Virtex-5 FPGA. Our results demonstrate that the implemented scheme is indeed secure against univariate power analysis attacks given a basic measurement setup. In the second part of this paper we show how using very simple changes in the measurement setup opens the possibility to exploit multivariate leakages while still performing a univariate attack. Using these techniques the scheme under evaluation can be defeated using only a moderate number of measurements. This is applicable not only to the scheme showcased here, but also to most other known masking schemes where the shares of sensitive values are processed in adjacent clock cycles.
TL;DR: A novel secret image sharing scheme that combines random grids, error diffusion and chaotic permutation to encode a secret binary image into meaningful shadow images and shows the effectiveness of the proposed scheme.
Abstract: In this paper, a novel secret image sharing scheme is proposed to encode a secret binary image into meaningful shadow images. It combines random grids (RG), error diffusion (ED) and chaotic permutation. The secret image is first encrypted based on chaotic permutation and then shared among n halftone shadow images RGs generated by error diffusion, while the recovered secret image is recovered from k or more shadow images. The proposed scheme has the advantages of simple computation, alternative order of shadow images in recovery, avoids the design of complex codebook, and avoids the pixel expansion problem. Experimental results and analysis show the effectiveness of the proposed scheme.
05 May 2013
TL;DR: This paper proposes a method for processing halftone images that improves the quality of the share images and the recovered secret image in an extended visual cryptography scheme for which the size of the shares and the recoverable image is the same as for the original halftones secret image.
Abstract: Visual cryptography is a secret sharing scheme which uses images distributed as shares such that, when the shares are superimposed, a hidden secret image is revealed. In extended visual cryptography, the share images are constructed to contain meaningful cover images, thereby providing opportunities for integrating visual cryptography and biometric security techniques. In this paper, we propose a method for processing halftone images that improves the quality of the share images and the recovered secret image in an extended visual cryptography scheme for which the size of the share images and the recovered image is the same as for the original halftone secret image. The resulting scheme maintains the perfect security of the original extended visual cryptography approach.
TL;DR: The proposed protocol achieves key confidentiality due to security of Shamir's secret sharing and provides key authentication by broadcasting a single authentication message to all members.
Abstract: To achieve secure group communication, one-time session keys need to be shared among group members in a secure and authenticated manner. In this paper, we propose an improved authenticated key transfer protocol based on Shamir's secret sharing. The proposed protocol achieves key confidentiality due to security of Shamir's secret sharing and provides key authentication by broadcasting a single authentication message to all members. Furthermore, the proposed scheme resists against both insider and outsider attacks.
TL;DR: This study proposes a new idea on the construction of the secret key for the existing SQSS such that only 2nm qubits are required to produce an n-bit secret key in the (m + 1)-party SQSS.
Abstract: Semi-quantum secret sharings (SQSSs), as they are of now, require all the agents choose to measure the received qubits to produce the shared secret key. As a result, to share an n-bit secret key in an (m + 1)-party SQSS, the number of quanta required to transmit is n × 2m, which increases exponentially with the number of agents (i.e. m). This study proposes a new idea on the construction of the secret key for the existing SQSS such that only 2nm qubits are required to produce an n-bit secret key in the (m + 1)-party SQSS.
TL;DR: This paper proposes a new secret image sharing method by selecting the number of authentication bits proportional to block size, contrary to Eslami and Ahmadabadi (2011) method which uses four bits to authenticate blocks regardless of block size.
TL;DR: This work designs a set of column vectors to encrypt secret pixels rather than using the conventional VC-based approach, and develops a simulated-annealing-based algorithm to solve the problem.
Abstract: Conventional visual cryptography (VC) suffers from a pixel-expansion problem, or an uncontrollable display quality problem for recovered images, and lacks a general approach to construct visual secret sharing schemes for general access structures. We propose a general and systematic approach to address these issues without sophisticated codebook design. This approach can be used for binary secret images in non-computer-aided decryption environments. To avoid pixel expansion, we design a set of column vectors to encrypt secret pixels rather than using the conventional VC-based approach. We begin by formulating a mathematic model for the VC construction problem to find the column vectors for the optimal VC construction, after which we develop a simulated-annealing-based algorithm to solve the problem. The experimental results show that the display quality of the recovered image is superior to that of previous papers.
TL;DR: This paper contains a detailed exposition of the known results about algebraic manipulation detection codes as well as some new results.
Abstract: Algebraic manipulation detection codes are a cryptographic primitive that was introduced by Cramer et al. (Eurocrypt 2008). It encompasses several methods that were previously used in cheater detection in secret sharing. Since its introduction, a number of additional applications have been found. This paper contains a detailed exposition of the known results about algebraic manipulation detection codes as well as some new results.
TL;DR: The present study demonstrates the existence of a security pitfall in the eavesdropping check phase of both the schemes, which can lead to an intercept-resend attack and a Trojan horse attack on the two schemes by a dishonest agent, to derive the master key of the SQSS.
Abstract: Recently, Li et al. [Phys. Rev. A 82(2):022303, 2010] presented two semi-quantum secret sharing (SQSS) protocols using Greenberger-Horne-Zeilinger-like states. The proposed schemes are quite practical because only the secret dealer needs to be equipped with advanced quantum devices such as quantum memory, whereas the other agents can merely perform classical operations to complete the secret sharing. However, the present study demonstrates the existence of a security pitfall in the eavesdropping check phase of both the schemes, which can lead to an intercept-resend attack and a Trojan horse attack on the two schemes by a dishonest agent, to determine the other agent’s shadow and consequently derive the master key of the SQSS. This contradicts the security requirement of QSS. Fortunately, two possible solutions are proposed herein to eliminate this security pitfall.
TL;DR: A new (r, n)-threshold secret image sharing scheme with low information overhead for images is provided, which has a low distortion rate, and is more applicable for light images.
Abstract: In this study, a new (r, n)-threshold secret image sharing scheme with low information overhead for images is provided, which has a low distortion rate, and is more applicable for light images. A secret image is encoded into n noise-like shadow images to satisfy the condition that any r of the n shares can be used to reveal the secret image, and no information on the secret can be revealed from any r – 1 or fewer shares. The size of the shadow images is relatively small. The experimental results show the effectiveness of the proposed scheme.
TL;DR: A secure multiparty quantum secret sharing protocol with the collective eavesdropping-check character is proposed, where only the boss needs to prepare Bell states and perform Bell state measurements, and all agents only perform local operations, which makes this protocol more feasible with the current technique.
Abstract: Combining the block transmission in Long and Liu (Phys Rev A 65:032302, 2002) and the double operations in Lin et al. (Opt Commun 282:4455, 2009), we propose a secure multiparty quantum secret sharing protocol with the collective eavesdropping-check character. In this protocol, only the boss needs to prepare Bell states and perform Bell state measurements, and all agents only perform local operations, which makes this protocol more feasible with the current technique. Incidentally, we show that the other half of secret messages in Lin et al. protocol (Opt Commun 282:4455, 2009) may also be eavesdropped.