Showing papers on "Secure multi-party computation published in 1997"
TL;DR: This work shows that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure, and constructs a class of functions that cannot be computed securely in any two-sidedTwo-party computation.
Abstract: It had been widely claimed that quantum mechanics can protect private information during public decision in, for example, the so-called two-party secure computation. If this were the case, quantum smart-cards, storing confidential information accessible only to a proper reader, could prevent fake teller machines from learning the PIN (personal identification number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any two-sided two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.
448 citations
TL;DR: Two general k out of n constructions that are related to those of maximum size arcs or MDS codes and the notion of coloured visual secret sharing schemes is introduced and a general construction is given.
Abstract: The idea of visual k out of n secret sharing schemes was introduced in Naor. Explicit constructions for k = 2 and k = n can be found there. For general k out of n schemes bounds have been described.
Here, two general k out of n constructions are presented. Their parameters are related to those of maximum size arcs or MDS codes. Further, results on the structure of k out of n schemes, such as bounds on their parameters, are obtained. Finally, the notion of coloured visual secret sharing schemes is introduced and a general construction is given.
349 citations
TL;DR: It is proved that for each n there exists an access structure on n participants so that any perfect sharing scheme must give some participant a share which is at least about $n/\log n times the secret size.
Abstract: A secret sharing scheme permits a secret to be shared among participants of an n-element group in such a way that only qualified subsets of participants can recover the secret. If any nonqualified subset has absolutely no information on the secret, then the scheme is called perfect. The share in a scheme is the information that a participant must remember.
In [3] it was proved that for a certain access structure any perfect secret sharing scheme must give some participant a share which is at least 50\percent larger than the secret size. We prove that for each n there exists an access structure on n participants so that any perfect sharing scheme must give some participant a share which is at least about $n/\log n$ times the secret size.^1 We also show that the best possible result achievable by the information-theoretic method used here is n times the secret size.
^1 All logarithms in this paper are of base 2.
242 citations
01 Aug 1997
TL;DR: It is proved that for every function there exists a protocol secure against a set of potential passive collusions if and only if no two of these collusions add up to the full player set.
Abstract: The classical results in unconditional multi-party computation among a set of n players state that less than n/2 passive or less than n/3 active adversaries can be tolerated; assuming a broadcast channel the threshold for active adversaries is n/2. Strictly generalizing these results we specify the set of potentially misbehaving players as an arbitrary set of subsets of the player set. We prove the necessary and sufficient conditions for the existence of secure multi-party protocols in terms of the potentially misbehaving player sets. For every function there exists a protocol secure against a set of potential passive collusions if and only if no two of these collusions add up to the full player set. The same condition applies for active adversaries when assuming a broadcast channel. Without broadcast channels, for every function there exists a protocol secure against a set of potential active adverse player sets if and only if no three of these sets add up to the full player set. The complexities of the protocols not using a broadcast channel are polynomial, that of the protocol with broadcast is only slightly higher.
181 citations
TL;DR: It is proved that for any integer d there exists a d-regular graph for which any secret sharing scheme has information rate upper bounded by 2/(d+1), which improves on van Dijk's result dik and matches the corresponding lower bound proved by Stinson in [22].
Abstract: A secret sharing scheme is a protocol by means of which a dealer distributes a secret s among a set of participants P in such a way that only qualified subsets of P can reconstruct the value of s whereas any other subset of P, non-qualified to know s, cannot determine anything about the value of the secret.
In this paper we provide a general technique to prove upper bounds on the information rate of secret sharing schemes. The information rate is the ratio between the size of the secret and the size of the largest share given to any participant. Most of the recent upper bounds on the information rate obtained in the literature can be seen as corollaries of our result. Moreover, we prove that for any integer d there exists a d-regular graph for which any secret sharing scheme has information rate upper bounded by 2/(d+1). This improves on van Dijk‘s result dik and matches the corresponding lower bound proved by Stinson in [22].
134 citations
TL;DR: The vector space construction due to Brickell is generalized, and it turns out that the approach of minimal codewords by Massey is a special case of this construction.
Abstract: In this paper, we will generalize the vector space construction due to Brickell. This generalization, introduced by Bertilsson, leads to secret sharing schemes with rational information rates in which the secret can be computed efficiently by each qualified group. A one to one correspondence between the generalized construction and linear block codes is stated, and a matrix characterization of the generalized construction is presented. It turns out that the approach of minimal codewords by Massey is a special case of this construction. For general access structures we present an outline of an algorithm for determining whether a rational number can be realized as information rate by means of the generalized vector space construction. If so, the algorithm produces a secret sharing scheme with this information rate.
39 citations
09 Apr 1997
TL;DR: This paper proposes an efficient construction of perfect secret sharing schemes for graph-based prohibited structures where a vertex denotes a participant and an edge denotes a pair of participants who cannot recover the master key.
Abstract: A secret sharing scheme for the prohibited structure is a method of sharing a master key among a finite set of participants in such a way that only certain pre-specified subsets of participants cannot recover the master key. A secret sharing scheme is called perfect if any subset of participants who cannot recover the master key obtain no information regarding the master key. In this paper, we propose an efficient construction of perfect secret sharing schemes for graph-based prohibited structures where a vertex denotes a participant and an edge denotes a pair of participants who cannot recover the master key. The information rate of our scheme is 2/n, where n is the number of participants.
37 citations
07 Jul 1997
TL;DR: A threshold secret sharing scheme based on polynomial interpolation and the Diffie-Hellman problem is presented, which can be used for the reconstruction of multiple secrets and shares can be individually verified during both share distribution and secret recovery.
Abstract: We present a threshold secret sharing scheme based on polynomial interpolation and the Diffie-Hellman problem In this scheme shares can be used for the reconstruction of multiple secrets, shareholders can dynamically join or leave without distributing new shares to the existing shareholders, and shares can be individually verified during both share distribution and secret recovery
34 citations
TL;DR: Lower bounds on the size of the share sets in any ( t, w ) threshold scheme, and for an infinite class of non-threshold access structures, are provided.
32 citations
TL;DR: Two basic primitives: generalized secret sharing and group-key distribution are related and it is proved that the two are related; a reduction is given showing that group- key distribution implies secret-sharing under pseudo-random functions (i.e., one-way functions).
Abstract: We relate two basic primitives: generalized secret sharing and group-key distribution. We suggest cryptographic implementations for both and show that they are provably secure according to exact definitions and assumptions given in the present paper. Both solutions require small secret space (namely, short keys). We first consider secret sharing with arbitrary access structures which is a basic primitive for controlling retrieval of secret information. We consider the computational security model, where cryptographic assumptions are allowed. Our design of a general secret-sharing scheme requires considerably less secure memory (i.e., shorter keys) than before. We then introduce the notion of a (single source) group-key distribution protocol which allows a center in an integrated network to securely and repeatedly send different keys to different groups. Such a capability is of increasing importance as it is a building block for secret information dissemination to various groups of participants in the presence of eavesdropping in a network environment. There are only a few previous investigations concerning this primitive and they either require a large amount of storage of secret information (due to their information theoretic security model) or lack rigorous definitions and proofs of security. We base both primitives on pseudo-random functions. We prove that the two are related; we give a reduction showing that group-key distribution implies secret-sharing under pseudo-random functions (i.e., one-way functions).
25 citations
TL;DR: New bounds on the information distributed to participant in any (k, n, e) robust secret sharing scheme are provided which relate the size of the shares, thesize of the secret, the probability of cheating, and the probabilities of guessing.
07 Apr 1997
TL;DR: This paper first extends the result of Blakley and Kabatianski to general non-perfect SSS using information-theoretic arguments, and establishes that in the light of this generalization, ideal schemes do not always have a matroidal morphology.
Abstract: This paper first extends the result of Blakley and Kabatianski [3] to general non-perfect SSS using information-theoretic arguments Furthermore, we refine Okada and Kurosawa's lower bound [12] into a more precise information-theoretic characterization of non-perfect secret sharing idealness We establish that in the light of this generalization ideal schemes do not always have a matroidal morphology As an illustration of this result, we design an ad-hoc ideal non-perfect scheme and analyze it in the last section
TL;DR: Two cryptographic primitives are proposed: homomorphic shared commitments and linear secret sharing schemes with an additional multiplication property and new constructions for general secure multi-party computation protocols are described, both in the cryptographic and the information-theoretic setting.
Abstract: The contributions of this paper are three-fold First, as an abstraction of previously proposed cryptographic protocols we propose two cryptographic primitives: homomorphic shared commitments and linear secret sharing schemes with an additional multiplication property We describe new constructions for general secure multi-party computation protocols, both in the cryptographic and the information-theoretic (or secure channels) setting, based on any realizations of these primitives Second, span programs, a model of computation introduced by Karchmer and Wigderson, are used as the basis for constructing new linear secret sharing schemes, from which the two above-mentioned primitives as well as a novel verifiable secret sharing scheme can efficiently be realized Third, note that linear secret sharing schemes can have arbitrary (as opposed to threshold) access structures If used in our construction, this yields multi-party protocols secure against general sets of active adversaries, as long as in the cryptographic (information-theoretic) model no two (no three) of these potentially misbehaving player sets cover the full player set This is a strict generalization of the threshold-type adversaries and results previously considered in the literature While this result is new for the cryptographic model, the result for the information-theoretic model was previously proved by Hirt and Maurer However, in addition to providing an independent proof, our protocols are not recursive and have the potential of being more efficient
TL;DR: This paper addresses the problem of establishing secret sharing schemes for a given access structure without the use of a mutually trusted authority by discussing a general protocol and implementing several implementations of this protocol.
Abstract: Traditional secret sharing schemes involve the use of a mutually trusted authority to assist in the generation and distribution of shares that will allow a secret to be protected among a set of participants. In contrast, this paper addresses the problem of establishing secret sharing schemes for a given access structure without the use of a mutually trusted authority. A general protocol is discussed and several implementations of this protocol are presented. Several efficiency measures are proposed and we consider how to refine the general protocol in order to improve the efficiency with respect to each of the proposed measures. Special attention is given to mutually trusted authority-free threshold schemes. Constructions are presented for such threshold schemes that are shown to be optimal with respect to each of the proposed efficiency measures.
01 Jul 1997
TL;DR: A V-fairness (t, n) secret sharing scheme, VFSS scheme, is proposed, such that all shareholders have an equal probability of obtaining the secret without releasing their shadows simultaneously, even if V, V
Abstract: All secret sharing schemes proposed to date are not really fair on reconstructing a secret since there exists a probability /spl epsiv/, /spl epsiv/>0, such that a dishonest shareholder can obtain the secret while honest ones cannot. The paper proposes a V-fairness (t, n) secret sharing scheme, VFSS scheme, such that all shareholders have an equal probability of obtaining the secret without releasing their shadows simultaneously, even if V, V
11 Nov 1997
TL;DR: This work introduces the idea of hierarchical delegation within a secret sharing scheme and considers solutions with both conditional and unconditional security.
Abstract: We introduce the idea of hierarchical delegation within a secret sharing scheme and consider solutions with both conditional and unconditional security.
11 Nov 1997
TL;DR: The paper analyses the multiple assignment secret sharing scheme, presented at the GLOBECOM'87 Conference, and shows that both the extended multiple assignmentsecret sharing scheme and the extended Shamir secret share scheme are not secure, i.e., unauthorized sets of participants can recover the secret.
Abstract: The paper analyses the multiple assignment secret sharing scheme, presented at the GLOBECOM'87 Conference, and contains three technical comments. First it is proved that the proposed multiple assignment secret sharing scheme is not perfect. In fact, the non-perfectness of the scheme is due to the non-perfectness of a certain type of Shamir secret sharing scheme defined in the paper. Next, it is shown that both the extended multiple assignment secret sharing scheme and the extended Shamir secret sharing scheme are not secure, i.e., unauthorized sets of participants can recover the secret.
TL;DR: A cryptanalysis is made on Lin and Harn's generalized secret sharing scheme and another method is presented to improve their security such that the ability of preventing illegal users from reconstructing the secret can still be held, and the conspiracy of those legal users to other users' shadows can be avoided.
Journal Article•
Posted Content•
TL;DR: A general proof that all multi-party computations can be implemented in a way which is unconditionally secure if they are carried out on a quantum computer is given.
Abstract: The most general type of multi-party computation involves n participants. Participant i supplies private data x i and obtains an output function f ition is said to be unconditionally secure if each participant can verify, with probability arbitrarily close to one, that every other participant obtains arbitrarily little information beyond their agreed output f i. We give a general proof that all multi-party computations can be implemented in a way which is unconditionally secure if they are carried out on a quantum computer.
Journal Article•
11 Nov 1997
TL;DR: Based on the weight-decomposition construction, the information rate is improved in 4 cases of the left unsolved 18 cases of secret sharing schemes for connected graphs on six vertices and some efficient decomposition constructions for perfectsecret sharing schemes with access structures of constant rank are proposed.
Abstract: We propose the concept of weight-decomposition construction for perfect secret sharing schemes. This construction is more general than previous constructions. Based on the weight-decomposition construction, we improve the information rate in 4 cases of the left unsolved 18 cases of secret sharing schemes for connected graphs on six vertices. In addition, we also propose some efficient decomposition constructions for perfect secret sharing schemes with access structures of constant rank. Compared with the best previous constructions, our constructions have some improved lower bounds on the information rate.
Journal Article•
TL;DR: A label assignment method is suggested for reducing the data expansion of a simple threshold scheme for secret sharing, and the effect of the improved scheme is obvious and its security is ensured too.
Abstract: Secret sharing is an effective technique for key management, and has been widely used in many aspects of data security. The existing (k,n) threshold schemes for the secret sharing are relatively complex and the data expansion they cause is remarkable. In this paper, a label assignment method is suggested for reducing the data expansion of a simple threshold scheme. The effect of the improved scheme is obvious and its security is ensured too. Such scheme can be used in the secret sharing of the data on a large scale such as images.
29 Jun 1997
TL;DR: A new approach to upper bound the worst-case information rate for linear secret sharing schemes is presented, easier to apply than existing methods and in all examples considered so far it never leads to worse upper bounds.
Abstract: We present a new approach to upper bound the worst-case information rate for linear secret sharing schemes. It is easier to apply than existing methods and in all examples considered so far it never leads to worse upper bounds.