scispace - formally typeset
Search or ask a question

Showing papers on "Secure multi-party computation published in 1989"


Proceedings ArticleDOI
01 Feb 1989
TL;DR: In this paper, the authors present a verifiable secret sharing protocol for games with incomplete information and show that the secrecy achieved is unconditional and does not rely on any assumption about computational intractability.
Abstract: Under the assumption that each participant can broadcast a message to all other participants and that each pair of participants can communicate secretly, we present a verifiable secret sharing protocol, and show that any multiparty protocol, or game with incomplete information, can be achieved if a majority of the players are honest. The secrecy achieved is unconditional and does not rely on any assumption about computational intractability. Applications of these results to Byzantine Agreement are also presented.Underlying our results is a new tool of Information Checking which provides authentication without cryptographic assumptions and may have wide applications elsewhere.

1,061 citations


Journal ArticleDOI
TL;DR: This paper shows that by providing the trustees with several information data concerning the distributed information of the (k, n) threshold method, any access structure can be realized.
Abstract: As a method of sharing a secret, e.g., a secret key, Shamir's (k, n) threshold method is well known. However, Shamir's method has a problem in that general access structures cannot be realized. This paper shows that by providing the trustees with several information data concerning the distributed information of the (k, n) threshold method, any access structure can be realized. the update with the change of the secret trustees and the relation to the threshold graph are also discussed.

786 citations


Proceedings Article
01 Jan 1989
TL;DR: A verifiable secret sharing protocol is presented, and it is shown that any multiparty protocol, or game with incomplete information, can be achieved if a majority of the players are honest.
Abstract: Under the assumption that each participant can broadcast a message to all other participants and that each pair of participants can communicate secretly, we present a verifiable secret sharing protocol, and show that any multiparty protocol, or game with incomplete information, can be achieved if a majority of the players are honest. The secrecy achieved is unconditional and does not rely on any assumption about computational intractability. Applications of these results to Byzantine Agreement are also presented. Underlying our results is a new tool of Information Checking which provides authentication without cryptographic assumptions and may have wide applications elsewhere.

275 citations


Proceedings Article
01 Jul 1989
TL;DR: This paper shows a relationship between ideal secret sharing schemes and matroids and shows that any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key.
Abstract: In a secret sharing scheme, a dealer has a secret key. There is a finite set P of participants and a set ? of subsets of P. A secret sharing scheme with ? as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in ?. The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper, we show a relationship between ideal secret sharing schemes and matroids.

193 citations


Book ChapterDOI
01 Jul 1989
TL;DR: This work addresses the problem of performing a multiparty computation when more than half of the processors are cooperating Byzantine faults by showing how to compute any boolean function of n inputs distributively, preserving the privacy of inputs held by nonfaulty processors, and ensuring that faulty processors obtain the function value "if and only if" the nonf faulty processors do.
Abstract: We address the problem of performing a multiparty computation when more than half of the processors are cooperating Byzantine faults. We show how to compute any boolean function of n inputs distributively, preserving the privacy of inputs held by nonfaulty processors, and ensuring that faulty processors obtain the function value "if and only if" the nonfaulty processors do. If the nonfaulty processors do not obtain the correct function value, they detect cheating with high probabihty. Our solution is based on a new type of verifiable secret sharing in which the secret is revealed not all at once but in small increments. This slow-revealing process ensures that all processors discover the secret at roughly the same time. Our solution assumes the existence of an oblivious transfer protocol and uses broadcast channels. We do not require that the processors have equal computing power.

103 citations


Book ChapterDOI
20 Aug 1989
TL;DR: In this paper, the authors show a relationship between ideal secret sharing schemes and matroids, and show that the set of possible shares in a secret sharing scheme is matroid-like.
Abstract: In a secret sharing scheme, a dealer has a secret key. There is a finite set P of participants and a set Γ of subsets of P. A secret sharing scheme with Γ as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in Γ. The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper, we show a relationship between ideal secret sharing schemes and matroids.

18 citations



Proceedings Article
20 Aug 1989
TL;DR: It is shown that no (k, n) secret sharing scheme over any countable domain exists (for any 2 < k < n), which means that no perfect private-key encryption schemes, over the set of all strings, exist.
Abstract: A (k, n) secret sharing scheme is a probabilistic mapping of a secret to n shares, such that ? The secret can be reconstructed from any k shares. ? No subset of k - 1 shares reveals any partial information about the secret.Various secret sharing schemes have been proposed, and applications in diverse contexts were found. In all these cases, the set of secrets and the set of shares are finite.In this paper we study the possibility of secret sharing schemes over infinite domains. The major case of interest is when the secrets and the shares are taken from a countable set, for example all binary strings. We show that no (k, n) secret sharing scheme over any countable domain exists (for any 2 < k < n).One consequence of this impossibility result is that no perfect private-key encryption schemes, over the set of all strings, exist. Stated informally, this means that there is no way to perfectly encrypt all strings without revealing information about their length.We contrast these results with the case where both the secrets and the shares are real numbers. Simple secret sharing schemes (and perfect private-key encryption schemes) are presented. Thus, infinity alone does not rule out the possibility of secret sharing.

7 citations


Proceedings Article
20 Aug 1989
TL;DR: This paper shows a relationship between ideal secret sharing schemes and matroids and shows that any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key.
Abstract: In a secret sharing scheme, a dealer has a secret key. There is a finite set P of participants and a set Γ of subsets of P. A secret sharing scheme with Γ as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in Γ. The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper, we show a relationship between ideal secret sharing schemes and matroids.

4 citations