Showing papers on "Secure multi-party computation published in 1993"
TL;DR: This work shows that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size, the first proof that there exist access structures for which the best achievable information rate is bounded away from 1.
Abstract: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multiparty secure protocols.
We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures that meets the bound with equality.
282 citations
01 Jun 1993
TL;DR: A study of security in asynchronous networks considers a completely asynchronous network where every two parties are connected via a private channel, and some of the parties may be faulty, and defines secure computation in this model, which adapts the underlying principles of defining security to the asynchronous model.
Abstract: We initiate a study of security in asynchronous networks. We consider a completely asynchronous network where every two parties are connected via a private channel, and some of the parties may be faulty. We start by defining secure computation in this model. Our definition adapts the underlying principles of defining security (i.e., comparing the computation to a computation in the presence of a trusted party) to the asynchronous model. In particular, our definition takes into account the fact that the computation must be completed even if we never hear from the faulty parties. Next, we show that whatever can be securely computed in an asynchronous network in the presence of a trusted party, can be securely computed in a network in which no such trusted party exists. We distinguish two types of faults. In case of Fail-Stop faults, our construction is valid as long as the faulty parties constitute less than a thzr-d of the parties in the network. In case of general (i.e., Byzantine) faults, our construction requires that the faulty parties are less than a fourth fraction. In both cases, the resilience of our construction is optimal. Our construction generalizes known synchronous constructions by Ben-Or, Goldwasser and Wigderson. In addition, we introduce and implement several new asynchronous primitives. Among these, we note an errorless asynchronous verifiable secret sharing scheme, an asynchronous agreement on a large set that is contained in the dynamical y growing inputs of all non-faulty parties, and an on-line error-correcting procedure. * email: benor@cs.huji.ac.il t ~~ail.. canetti@tx .technion.ac.il %email: odedrfiks.technion. ac.il. Supported by grant no. 8900312 from the United States — Israel Binational Science Foundation, Jerusalem, Israel Permission to copy without fee all or part of this material ia granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appaar, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwiee, or to republish, requiree a fee and/or specific permission. 25th ACM STOC ‘93-5 /93/CA, USA G 1993 ACM 0-89791 -591 -7/93 /0005 [0052 . ..$1 .50 Computer Science Dept. of Computer Science
230 citations
TL;DR: By observing a simple set-theoretic property of an access structure, this paper proposes its mathematical definition and proves that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.
Abstract: In a secret sharing scheme, a datumd is broken into shadows which are shared by a set of trustees. The family {P?⊆P:P? can reconstructd} is called the access structure of the scheme. A (k, n)-threshold scheme is a secret sharing scheme having the access structure {P?⊆P: |P?|?k}. In this paper, by observing a simple set-theoretic property of an access structure, we propose its mathematical definition. Then we verify the definition by proving that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.
146 citations
22 Aug 1993
TL;DR: This paper establishes a formal setting to study secret sharing schemes in which the dealer has the feature of being able to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets by sending to all participants the same broadcast message.
Abstract: We consider secret sharing schemes in which the dealer has the feature of being able (after a preprocessing stage) to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets (in different time instants) by sending to all participants the same broadcast message. In this paper we establish a formal setting to study such secret sharing schemes. The security of the schemes presented is unconditional, since they are not based on any computational assumption. We give bounds on the size of the shares held by participants and on the site of the broadcast message in such schemes.
81 citations
06 Dec 1993
TL;DR: The problem of secret sharing schemes (555) in the case where all sharing functions are linear maps over a finite field is investigated and the nonexistence of an ideal threshold linear 555 for the cases where the number of participants is twice as large as thenumber of possible values of a secret is shown.
Abstract: The problem of secret sharing schemes (555) in the case where all sharing functions are linear maps over a finite field is investigated. We evaluate the performance of linear secret sharing schemes using the tools of linear algebra and coding theory. In particular, the nonexistence of an ideal threshold linear 555 for the case where the number of participants is twice as large as the number of possible values of a secret is shown.
43 citations
TL;DR: Upper bounds on both the number of participants in total and in the lower level are presented, which constitute the only nontrivial cases, and examples for the extremal cases are constructed.
Abstract: In this paper, using recent results in finite geometry, we study a certain class of 2-level shared secret schemes. We shall present upper bounds on both the number of participants in total and on the number of participants in the lower level, which constitute the only nontrivial cases, and construct examples for the extremal cases.
35 citations
19 Jul 1993
TL;DR: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any non-qualified subset has absolutely no information on the secret.
Abstract: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any non-qualified subset has absolutely no information on the secret
23 citations
01 Dec 1993
TL;DR: A verifiable secret sharing scheme for a class of geometry-based secret sharing schemes based on finite geometries that provides verifiable sharing of secrets according to general monotone access structures and relies on the homomorphic properties of the discrete exponentiation and therefore on the cryptographic security ofThe discrete logarithm.
Abstract: Several verifiable secret sharing schemes for threshold schemes based on polynomial interpolation have been presented in the literature. Simmons and others introduced secret sharing (also called shared control) schemes based on finite geometries, which allow istributing a secret according to any monotone access structure.In this paper we present a verifiable secret sharing scheme for a class of these geometry-based secret sharing schemes, which thus provides verifiable sharing of secrets according to general monotone access structures.Our scheme relies on the homomorphic properties of the discrete exponentiation and therefore on the cryptographic security of the discrete logarithm. The version based on Simmons' scheme is non-interactive.
13 citations
01 Jan 1993
TL;DR: A secret sharing scheme is a method for dividing a secret key k among a set P of participants in such a way that any set A ⊆ P, which is not qualified to know the secret, has absolutely no information on k.
Abstract: A secret sharing scheme is a method for dividing a secret key k among a set P of participants in such a way that: if the participants in A ⊆ P are qualified to know the secret they can reconstruct the secret key k; but any set A ⊆ P, which is not qualified to know the secret, has absolutely no information on k.
10 citations