Showing papers on "Secure multi-party computation published in 1992"

An explication of secret sharing schemes

Abstract: This paper is an explication of secret sharing schemes, emphasizing combinatorial construction methods. The main problem we consider is the construction of perfect secret sharing schemes, for specified access structures, with the maximum possible information rate. In this paper, we present numerous direct constructions for secret sharing schemes, such as the Shamir threshold scheme, the Boolean circuit construction of Benaloh and Leichter (for general access structures), the vector space construction of Brickell, and the Simmons geometric construction. We discuss the connections between ideal schemes (i.e., those with information rate equal to one) and matroids. We also mention the entropy bounds of Capocelli et al. Then we give a very general construciton, called the decomposition construction, and numerous applications of it. In particular, we study schemes for access structures based on graphs and the many interesting bounds that can be proved; and we determine the exact value of the optimal information rate for all access structures on at most four participants.

Communication complexity of secure computation (extended abstract)

Abstract: A secret-ballot vote for a single proposition is an example of a secure distributed computation. The goal is for m participants to jointly compute the output of some n-ary function (in this case, the sum of the votes), while protecting their individual inputs against some form of misbehavior.In this paper, we initiate the investigation of the communication complexity of unconditionally secure multi-party computation, and its relation with various fault-tolerance models. We present upper and lower bounds on communication, as well as tradeoffs among resources.First, we consider the “direct sum problem” for communications complexity of perfectly secure protocols: Can the communication complexity of securely computing a single function f : Fn → F at k sets of inputs be smaller if all are computed simultaneously than if each is computed individually? We show that the answer depends on the failure model. A factor of O(n/log n) can be gained in the privacy model (where processors are curious but correct); specifically, when f is n-ary addition (mod 2), we show a lower bound of O(n2 log n) for computing f O(n) times simultaneously. No gain is possible in a slightly stronger fault model (fail-stop mode); specifically, when f is n-ary addition over GF(q), we show an exact bound of T(kn2 log q) for computing f at k sets of inputs simultaneously (for any k ≥ 1).However, if one is willing to pay an additive cost in fault tolerance (from t to t-k+1), then a variety of known non-cryptographic protocols (including “provably unparallelizable” protocols from above!) can be systematically compiled to compute one function at k sets of inputs with no increase in communication complexity. Our compilation technique is based on a new compression idea of polynomial-based multi-secret sharing.Lastly, we show how to compile private protocols into error-detecting protocols at a big savings of a factor of O(n3) (up to a log factor) over the best known error-correcting protocols. This is a new notion of fault-tolerant protocols, and is especially useful when malicious behavior is infrequent, since error-detection implies error-correction in this case.

Some improved bounds on the information rate of perfect secret sharing schemes

Abstract: In this paper we study secret sharing schemes for access structures based on graphs. A secret sharing scheme enables a secret key to be shared among a set of participants by distributing partial information called shares. Suppose we desire that some specified pairs of participants be able to compute the key. This gives rise in a natural way to a graphG which contains these specified pairs as its edges. The secret sharing scheme is calledperfect if a pair of participants corresponding to a nonedge ofG can obtain no information regarding the key. Such a perfect secret sharing scheme can be constructed for any graph. In this paper we study the information rate of these schemes, which measures how much information is being distributed as shares compared with the size of the secret key. We give several constructions for secret sharing schemes that have a higher information rate than previously known schemes. We prove the general result that, for any graphG having maximum degreed, there is a perfect secret sharing scheme realizingG in which the information rate is at least 2/(d+3). This improves the best previous general bound by a factor of almost two.

A Construction of Practical Secret Sharing Schemes using Linear Block Codes

Abstract: In this paper we address the problem of constructing secret sharing schemes for general access structures. The construction is inspired by linear block codes. Already in the beginning of the eighties constructions of threshold schemes using linear block codes were presented in [6] and [7]. In this paper we generalize those results to construct secret sharing schemes for arbitrary access structure. We also present a solution to the problem of retrieving the secret.

On the information rate of secret sharing schemes

Abstract: We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1/2 + e, where e is an arbitrary positive constant. We also provide several general lower bounds on information rate and average information rate of graphs. In particular, we show that any graph with n vertices admits a secret sharing scheme with information rate Ω((log n)/n).

Advances in cryptology--CRYPTO '91 : proceedings

Abstract: Protocol Design and Analysis.- A Calculus for Access Control in Distributed Systems.- Deriving the Complete Knowledge of Participants in Cryptographic Protocols.- Systematic Design of Two-Party Authentication Protocols.- Combinatorics and Authentication.- Combinatorial characterizations of authentication codes.- Universal hashing and authentication codes.- On Correlation-immune functions.- Secret Sharing and Information Theory.- On the Size of Shares for Secret Sharing Schemes.- On Verification in Secret Sharing.- Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing.- Multiparty Secret Key Exchange Using a Random Deal of Cards.- Cryptanalysis.- Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer.- A Known Plaintext Attack of FEAL-4 and FEAL-6.- A switching closure test to analyze cryptosystems.- An Attack on the Last Two Rounds of MD4.- The Cryptanalysis of a New Public-Key Cryptosystem based on Modular Knapsacks.- Complexity Theory.- A One-Round, Two-Prover, Zero-Knowledge Protocol for NP.- Interactive Proofs with Space Bounded Provers.- Functional Inversion and Communication Complexity.- The Use of Interaction in Public Cryptosystems..- Cryptographic Schemes Based on Number Theory.- New Public-Key Schemes Based on Elliptic Curves over the Ring Zn.- Efficient Algorithms for the Construction of Hyperelliptic Cryptosystems.- CM-Curves with Good Cryptographic Properties.- A New ID-Based Key Sharing System.- Pseudorandomness.- Pseudo-random Generators from One-way Functions.- New Results on Pseudorandom Permutation Generators Based on the Des Scheme.- Applications and Implementations.- Faster Modular Multiplication by Operand Scaling.- Universal Electronic Cash.- How to Break and Repair a "Provably Secure" Untraceable Payment System.- Practical Quantum Oblivious Transfer.- Exploiting Parallelism in Hardware Implementation of the DES.- Secure Computation Protocols.- Foundations of Secure Interactive Computing.- Secure Computation.- A Cryptographic Scheme for Computerized General Elections.- Efficient Multiparty Protocols Using Circuit Randomization.- Public-Key Cryptosystems and Signatures.- Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack.- Towards Practical Public Key Systems Secure Against Chosen Ciphertext attacks.- Shared generation of authenticators and signatures.- Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer.

Nonperfect Secret Sharing Schemes

Abstract: A nonperfect secret sharing scheme (NSS) consists of a family of access subsets Γ1, a family of semi-access subsets Γ2 and a family of non-access subsets Γ3. In an NSS, it is possible that ¦Vi¦<¦S¦, where ¦Vi¦ is the size of the share and ¦S¦ is the size of the secret. This paper characterizes nonperfect secret sharing schemes. First, we show that (Γ1, Γ2, Γ3) is realizable if and only if Γ1 is monotone and Γ1 ∪ Γ2 is monotone. Then, we derive a lower bound of ¦Vi¦ in terms of a distance between Γ1 and Γ3. Finally, we show a condition for (Γ1, Γ2, Γ3) to achieve ¦V i ¦=¦S¦/2 for all i.

Cumulative Arrays and Geometric Secret Sharing Schemes

Abstract: Cumulative secret sharing schemes were introduced by Simmons et al (1991) based on the generalised secret sharing scheme of Ito et al (1987). A given monotone access structure together with a security level is associated with a unique cumulative scheme. Geometric secret sharing schemes form a wide class of secret sharing schemes which have many desirable properties including good information rates. We show that every non-degenerate geometric secret sharing scheme is ‘contained’ in the corresponding cumulative scheme. As there is no known practical algorithm for constructing efficient secret sharing schemes, the significance of this result is that, at least theoretically, a geometric scheme can be constructed from the corresponding cumulative scheme.

Strongly ideal secret sharing schemes

Abstract: We define strongly ideal secret sharing schemes to be ideal secret sharing schemes in which certain natural requirements are placed on the decoder. We prove an information-theoretic characterization of perfect schemes, and use it to determine which access structures can be encoded by strongly ideal schemes. We also discuss a hierarchy of secret sharing schemes that are more powerful than strongly ideal schemes.

Universally Ideal Secret Sharing Schemes (Preliminary Version)

Abstract: Given a set of parties {1,, n}, an access structure is a monotone collection of subsets of the parties For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties, such that only subsets in the access structure can reconstruct the secretA secret sharing scheme is ideal if the domains of the shares are the same as the domain of the secrets An access structure is universally ideal if there is an ideal secret sharing scheme for it over every finite domain of secrets An obvious necessary condition for an access structure to be universally ideal is to be ideal over the binary and ternary domains of secrets In this work, we prove that this condition is also sufficient In addition, we give an exact characterization for each of these two conditions, and show that each condition by itself is not sufficient for universally ideal access structures

Universally Ideal Secret Sharing Schemes

Abstract: Given a set of parties {1, ..., n}, an access structure is a monotone collection of subsets of the parties. For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties, such that only subsets in the access structure can reconstruct the secret.

Secure Addition Sequence and Its Applications on the Server-Aided Secret Computation Protocols

Abstract: Recently, researchers consider an approach called the Server Aided Secret Computation (SASC) protocol by using a powerful untrusted auxiliary device to help a smart card for computing a secret function efficiently. However, the computation of their protocol possesses some redundancy. In this paper, we give a new concept called the Secure Addition Sequence and develop an efficient algorithm to construct the Secure Addition Sequence. Based upon the concept of Secure Addition Sequence, performance of the SASC protocol can be enhanced.

An l-Span Generalized Secret Sharing Scheme

Abstract: For some secret sharing applications, the secret reconstructed is not revealed to the participants, and therefore, the secret/shadows can be repeatedly used without having to be changed. But for other applications, in which the secret reconstructed is revealed to participants, a new secret must be chosen and its corresponding shadows must be regenerated and then secretly distributed to participants again, in order to enforce the same secret sharing policy. This is inefficient because of the overhead in the generation and distribution of shadows. In this paper, an l-span secret sharing scheme for the general sharing policy is proposed to solve the secret/shadows regeneration problem by extending the life span of the shadows from 1 to l, i. e., the shadows can be repeatedly used for l times to generate l different secrets.