Showing papers on "Secret sharing published in 2015"

Secure Multiparty Computation and Secret Sharing

Abstract: In a data-driven society, individuals and companies encounter numerous situations where private information is an important resource. How can parties handle confidential data if they do not trust everyone involved? This text is the first to present a comprehensive treatment of unconditionally secure techniques for multiparty computation (MPC) and secret sharing. In a secure MPC, each party possesses some private data, while secret sharing provides a way for one party to spread information on a secret such that all parties together hold full information, yet no single party has all the information. The authors present basic feasibility results from the last 30 years, generalizations to arbitrary access structures using linear secret sharing, some recent techniques for efficiency improvements, and a general treatment of the theory of secret sharing, focusing on asymptotic results with interesting applications related to MPC.

A Class of Two-Weight and Three-Weight Codes and Their Applications in Secret Sharing

Abstract: In this paper, a class of two-weight and three-weight linear codes over $ {\mathrm {GF}}(p)$ is constructed, and their application in secret sharing is investigated. Some of the linear codes obtained are optimal in the sense that they meet certain bounds on linear codes. These codes have applications also in authentication codes, association schemes, and strongly regular graphs, in addition to their applications in consumer electronics, communication and data storage systems.

Linear Codes from Some 2-Designs

Abstract: A classical method of constructing a linear code over $\gf(q)$ with a $t$-design is to use the incidence matrix of the $t$-design as a generator matrix over $\gf(q)$ of the code. This approach has been extensively investigated in the literature. In this paper, a different method of constructing linear codes using specific classes of $2$-designs is studied, and linear codes with a few weights are obtained from almost difference sets, difference sets, and a type of $2$-designs associated to semibent functions. Two families of the codes obtained in this paper are optimal. The linear codes presented in this paper have applications in secret sharing and authentication schemes, in addition to their applications in consumer electronics, communication and data storage systems. A coding-theory approach to the characterisation of highly nonlinear Boolean functions is presented.

Secure Distributed Deduplication Systems with Improved Reliability

Abstract: Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. However, there is only one copy for each file stored in cloud even if such a file is owned by a huge number of users. As a result, deduplication system improves storage utilization while reducing reliability. Furthermore, the challenge of privacy for sensitive data also arises when they are outsourced by users to cloud. Aiming to address the above security challenges, this paper makes the first attempt to formalize the notion of distributed reliable deduplication system. We propose new distributed deduplication systems with higher reliability in which the data chunks are distributed across multiple cloud servers. The security requirements of data confidentiality and tag consistency are also achieved by introducing a deterministic secret sharing scheme in distributed storage systems, instead of using convergent encryption as in previous deduplication systems. Security analysis demonstrates that our deduplication systems are secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement the proposed systems and demonstrate that the incurred overhead is very limited in realistic environments.

Quantum scheme for secret sharing based on local distinguishability

Abstract: In this paper, we analyze the (im)possibility of the exact distinguishability of orthogonal multipartite entangled states under restricted local operation and classical communication. Based on this local distinguishability analysis, we propose a quantum secret sharing scheme (which we call LOCC-QSS). Our LOCC-QSS scheme is quite general and cost efficient compared to other schemes. In our scheme, no joint quantum operation is needed to reconstruct the secret. We also present an interesting $(2,n)$-threshold LOCC-QSS scheme, where any two cooperating players, one from each of two disjoint groups of players, can always reconstruct the secret. This LOCC-QSS scheme is quite uncommon, as most $(k,n)$-threshold quantum secret sharing schemes have the restriction $k\ensuremath{\ge}\ensuremath{\lceil}\frac{n}{2}\ensuremath{\rceil}$.

Secret sharing with a single d -level quantum system

Abstract: We give an example of a wide class of problems for which quantum-information protocols based on multisystem entanglement can be mapped into much simpler ones involving one system. Secret sharing is a cryptographic primitive which plays a central role in various secure multiparty computation tasks and management of keys in cryptography. In secret sharing protocols, a classical message is divided into shares given to recipient parties in such a way that some number of parties need to collaborate in order to reconstruct the message. Quantum protocols for the task commonly rely on multipartite GHZ entanglement. We present a multiparty secret sharing protocol which requires only sequential communication of a single quantum $d$-level system (for any prime $d$). It has huge advantages in scalability and can be realized with state-of-the-art technology.

CDStore: toward reliable, secure, and cost-efficient cloud storage via convergent dispersal

Abstract: We present CDStore, which disperses users' backup data across multiple clouds and provides a unified multicloud storage solution with reliability, security, and cost-efficiency guarantees. CDStore builds on an augmented secret sharing scheme called convergent dispersal, which supports deduplication by using deterministic content-derived hashes as inputs to secret sharing. We present the design of CDStore, and in particular, describe how it combines convergent dispersal with two-stage deduplication to achieve both bandwidth and storage savings and be robust against side-channel attacks. We evaluate the performance of our CDStore prototype using real-world workloads on LAN and commercial cloud testbeds. Our cost analysis also demonstrates that CDStore achieves a monetary cost saving of 70% over a baseline cloud storage solution using state-of-the-art secret sharing.

Combining Differential Privacy and Secure Multiparty Computation

Abstract: We consider how to perform privacy-preserving analyses on private data from different data providers and containing personal information of many different individuals. We combine differential privacy and secret sharing based secure multiparty computation in the same system to protect the privacy of both the data providers and the individuals. We have implemented a prototype of this combination and have found that the overhead of adding differential privacy to secure multiparty computation is small enough to be usable in practice.

Threshold implementations of small S-boxes

Abstract: Threshold implementation (TI) is a masking method that provides security against first-order DPA with minimal assumptions on the hardware. It is based on multi-party computation and secret sharing. In this paper, we provide an efficient technique to find TIs for all 3 and 4-bit permutations which also covers the set of 3×3 and 4×4 invertible S-boxes. We also discuss alternative methods to construct shared functions by changing the number of variables or shares. Moreover, we further consider the TI of 5-bit almost bent and 6-bit almost perfect nonlinear permutations. Finally, we compare the areas of these various TIs.

Methods and systems for controller-based secure session key exchange over unsecured network paths

Abstract: A method includes generating at a multi-tenant controller on a network a common shared secret for establishing a link between a first site and a second site, transmitting the shared secret to each of the first site and the second site over a secured channel, assigning a wall clock based start and end validity period for the shared secret, sending the shared secret with a future validity to allow secure link communication to continue if one or more elements in both sites cannot communicate with the multi-tenant controller and using a separate shared secret per link per VXWAN.

Visual secret sharing based on random grids with abilities of AND and XOR lossless recovery

Abstract: In this paper, a visual secret image sharing threshold scheme based on random grids and Boolean operations with the abilities of AND and XOR decryptions is proposed. When no light-weight computation device the secret could be revealed by human visual system with no cryptographic computation based on Boolean AND operation (stacking). On the other hand, if the light-weight computation device is available the secret could be revealed with better visual quality based on Boolean AND or XOR operation and could be losslessly revealed when sufficient shadow images are collected for a general k out of n scheme. Furthermore, the proposed scheme has several superior performances such as (k, n) threshold, no codebook design, avoiding the pixel expansion problem and the same color representation as digital images (digital color). Experiments are conducted to show the security and efficiency of the proposed scheme. Comparisons with previous approaches show the advantages of the proposed scheme.

Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions

Abstract: We present a novel method for constructing linear secret sharing schemes (LSSS) from linear error correcting codes and linear universal hash functions in a blackbox way. The main advantage of this new construction is that the privacy property of the resulting secret sharing scheme essentially becomes independent of the code we use, only depending on its rate. This allows us to fully harness the algorithmic properties of recent code constructions such as efficient encoding and decoding or efficient list-decoding. Choosing the error correcting codes and universal hash functions involved carefully, we obtain solutions to the following open problems:

Secure Comparison Protocols in the Semi-Honest Model

Abstract: Due to high complexity, comparison protocols with secret inputs have been a bottleneck in the design of privacy-preserving cryptographic protocols. Different solutions based on homomorphic encryption, garbled circuits and secret sharing techniques have been proposed over the last few years, each claiming high efficiency. Unfortunately, a fair comparison of existing protocols in terms of run-time, bandwidth requirement and round complexity has been lacking so far. In this paper, we analyze the state-of-the-art comparison protocols for a two-party setting in the semi-honest security protocol. We analyze their performances in three stages, namely initialization, pre-processing and online computation, by implementing them on a single platform. The results of our experiments provide a clear insight for the research community into the advantages and disadvantages of the various techniques .

Secret sharing of a known arbitrary quantum state with noisy environment

Abstract: We study quantum state sharing (QSTS) with noisy environment in this paper. As an example, we present a QSTS scheme of a known state whose information is hold by the dealer and then investigate the noisy influence process of the scheme. Taking the amplitude-damping noise and the phase-damping noise as typical noisy channels, we show that the secret state can be shared among agents with some information lost. Our research connects the areas of quantum state sharing and remote state preparation.

Image Enhancement in Encrypted Domain over Cloud

Abstract: Cloud-based multimedia systems are becoming increasingly common. These systems offer not only storage facility, but also high-end computing infrastructure which can be used to process data for various analysis tasks ranging from low-level data quality enhancement to high-level activity and behavior identification operations. However, cloud data centers, being third party servers, are often prone to information leakage, raising security and privacy concerns. In this article, we present a Shamir's secret sharing based method to enhance the quality of encrypted image data over cloud. Using the proposed method we show that several image enhancement operations such as noise removal, antialiasing, edge and contrast enhancement, and dehazing can be performed in encrypted domain with near-zero loss in accuracy and minimal computation and data overhead. Moreover, the proposed method is proven to be information theoretically secure.

Proposal for quantum rational secret sharing

Abstract: A rational secret sharing scheme is a game in which each party responsible for reconstructing a secret tries to maximize his or her utility by obtaining the secret alone. Quantum secret sharing schemes, derived either from quantum teleportation or from quantum error correcting code, do not succeed when we assume rational participants. This is because all existing quantum secret sharing schemes consider that the secret is reconstructed by a party chosen by the dealer. In this paper, for the first time, we propose a quantum secret sharing scheme which is resistant to rational parties. The proposed scheme is fair (everyone gets the secret), is correct, and achieves strict Nash equilibrium.

Software Implementation of an Attribute-Based Encryption Scheme

Abstract: A ciphertext-policy attribute-based encryption protocol uses bilinear pairings to provide control access mechanisms, where the set of user’s attributes is specified by means of a linear secret sharing scheme. In this paper we present the design of a software cryptographic library that achieves record timings for the computation of a 126-bit security level attribute-based encryption scheme. We developed all the required auxiliary building blocks and compared the computational weight that each of them adds to the overall performance of this protocol. In particular, our single pairing and multi-pairing implementations achieve state-of-the-art time performance at the 126-bit security level.

An Information Theoretic Approach to Secret Sharing

Abstract: A novel information theoretic approach is proposed to solve the secret sharing problem, in which a dealer distributes one or multiple secrets among a set of participants in such a manner that for each secret only qualified sets of users can recover this secret by pooling their shares together while nonqualified sets of users obtain no information about the secret even if they pool their shares together. While existing secret sharing systems (implicitly) assume that communications between the dealer and participants are noiseless, this paper takes a more practical assumption that the dealer delivers shares to the participants via a noisy broadcast channel. Thus, in contrast to the existing solutions that are mainly based on number theoretic tools, an information theoretic approach is proposed, which exploits the channel randomness during delivery of shares as additional resources to achieve secret sharing requirements. In this way, secret sharing problems can be reformulated as equivalent secure communication problems via wiretap channel models, and can hence be solved by employing the powerful information theoretic security techniques. This approach is first developed for the classic secret sharing problem, in which only one secret is to be shared. This classic problem is shown to be equivalent to a communication problem over a compound wiretap channel. Thus, the lower and upper bounds on the secrecy capacity of the compound channel provide the corresponding bounds on the secret sharing rate, and the secrecy scheme designed for the compound channel provides the secret sharing schemes. The power of the approach is further demonstrated by a more general layered multisecret sharing problem, which is shown to be equivalent to the degraded broadcast multiple-input multiple-output (MIMO) channel with layered decoding and secrecy constraints. The secrecy capacity region for the degraded MIMO broadcast channel is characterized, which provides the secret sharing capacity region. Furthermore, the secure encoding scheme that achieves the secrecy capacity region provides an information theoretic scheme for sharing the secrets.

Threshold implementations : as countermeasure against higher-order differential power analysis

Abstract: Embedded devices are used pervasively in a wide range of applications some of which require cryptographic algorithms in order to provide security. Sensitive information, such as the secret key used in the algorithm, can be derived from the physical leakage of these devices. The most common attack based on the physical leakages is differential power analysis (DPA) which exploits the correlation between the instantaneous power consumption of a device and the intermediate results of a cryptographic algorithm. Different countermeasures have been proposed to prevent DPA. Here, we focus on a powerful approach called threshold implementation (TI) which is based on secret sharing and multi-party computation and is proven secure even in the presence of glitches by Nikova et al. in ICICS’06. TI relies on four properties, namely correctness, non- completeness, uniformity of the shared variables and uniformity of the shared functions. Achieving all four properties for linear functions is straight-forward. However, it can be challenging when nonlinear functions, such as the S-boxes of symmetric-key algorithms, are considered. Satisfying all the properties can impose using extra randomness or increasing the number of shares both of which imply an increase of resources. The contribution of this thesis is two-fold. In the first part of the thesis, we introduce the theory for generating higher-order TI which can counteract higher-order DPA. The early works of TI provide security against first-order DPA attacks. However, it has been shown that second-order attacks are also feasible even though the amount of traces required for a successful attack increases exponentially in the noise standard deviation. Therefore, increasing the security using higher-order TI is valuable. In the second part of the thesis, we examine area- randomness-security trade-offs during a TI. In order to do that, we first investigate all 3 × 3 and 4 × 4, and some cryptographically significant classes of 5 × 5 and 6 × 6 invertible S-boxes. Then, we extend our research to the TIs of standardized symmetric-key algorithms AES and SHA-3 with detailed investigation on the trade-offs.

An Improved E-Voting Scheme using Secret Sharing based Secure Multi-Party Computation

Abstract: E-voting systems (EVS)are having potential advantages over many existing voting schemes.Security, transparency, accuracy and reliability are the major concern in these systems.EVS continues to grow as the technology advances.It is inexpensive and efficient as the resources become reusable.Fast and accurate computation of results with voter privacy is the added advantage.In the proposed system we make use of secret sharing technique and secure multi party computation(SMC) to achieve security and reliability.Secret sharing is an important technique used for SMC. Multi-party computation is typically accomplished using secret sharing by making shares of the input and manipulating the shares to compute a typical function of the input.The proposed system make use of bitwise representation of votes and only the shares are used for transmission and computation of result.Secure sum evaluation can be done with shares distributed using Shamir's secret sharing scheme.The scheme is hence secure and reliable and does not make any number theoretic assumptions for security.We also propose a unique method which calculates the candidates individual votes keeping the anonymity.

Multi-Cloud Data Management using Shamir's Secret Sharing and Quantum Byzantine Agreement Schemes

Abstract: Cloud computing is a phenomenal distributed computing paradigm that provides flexible, low-cost on-demand data management to businesses. However, this so-called outsourcing of computing resources causes business data security and privacy concerns. Although various methods have been proposed to deal with these concerns, none of these relates to multi-clouds. This paper presents a practical data management model in a public and private multi-cloud environment. The proposed model BFT-MCDB incorporates Shamir's Secret Sharing approach and Quantum Byzantine Agreement protocol to improve trustworthiness and security of business data storage, without compromising performance. The performance evaluation is carried out using a cloud computing simulator called CloudSim. The experimental results show significantly better performance in terms of data storage and data retrieval compared to other common cloud cryptographic based models. The performance evaluation based on CloudSim experiments demonstrates the feasibility of the proposed multi-cloud data management model.

Combining Secret Sharing and Garbled Circuits for Efficient Private IEEE 754 Floating-Point Computations

Abstract: Two of the major branches in secure multi-party computation research are secret sharing and garbled circuits. This work succeeds in combining these to enable seamlessly switching to the technique more efficient for the required functionality. As an example, we add garbled circuits based IEEE 754 floating-point numbers to a secret sharing environment achieving very high efficiency and the first, to our knowledge, fully IEEE 754 compliant secure floating-point implementation.

Towards Continuous Authentication in Internet of Things Based on Secret Sharing Scheme

Abstract: In this paper, we propose a novel continuous authentication protocol for the Internet of Things based on secret sharing scheme. This protocol provides secure and efficient authentication for frequent message transmissions in short session time intervals. The protocol introduces a novel use of secret sharing scheme, that is, the secret is used as an authenticator and the shares are used as authenticator tokens. Each token is an outcome of a function of time that binds the secret share to a specific point in time during the session such that the share can only be revealed in that specific time. The share can be linked back to the secret and, hence, the message source can be authenticated. Security evaluation of the protocol shows that it fulfills the stated security requirements and addresses the listed attacks. Performance evaluation of the protocol shows that it is lightweight in terms of computation and communication costs, thus addressing the resource-constrained IoT endpoints.

Randomized Component and Its Application to ( $t$ , $m$ , $n$ )-Group Oriented Secret Sharing

Abstract: A basic ( $t$ , $n$ )-secret sharing (SS) scheme allows a secret $s$ to be divided into $n$ shares and shared among $n$ shareholders. In the scheme, any $t$ or more than $t$ shareholders can recover the secret while fewer than $t$ shareholders cannot obtain the secret $s$ . But an adversary without any valid share may obtain the secret if there are over $t$ participants in the secret reconstruction. To address this type of attack, we first introduce the notion of randomized component (RC), which binds a share with all participants and protects the share from being exposed to outside without any computational assumption; at the same time, RCs can be used to reconstruct the secret. As one of the applications of RCs, a ( $t$ , $m$ , $n$ )-group oriented SS scheme is proposed to cope with the attack in basic ( $t$ , $n$ )-SSs, in which once $m$ ( $m\ge t$ ) participants form a tightly couple group by generating RCs, the secret can be recovered only if all $m$ RCs are correct, which requires each participant to have a valid share in advance. Moreover, the scheme can secure the secret without any user authentication or share verification. Analyses show the proposed ( $t$ , $m$ , $n$ )-group oriented SS is asymptotically perfect and unconditionally secure. RCs can also be applied to build other schemes in a simple way, such as multi-SS, group authentication, and so on.