Showing papers on "Secure multi-party computation published in 2003"
05 Nov 2003
TL;DR: This paper is the first on secure information aggregation in sensor networks that can handle a malicious aggregator and sensor nodes, and presents efficient protocols for secure computation of the median and the average of the measurements, for the estimation of the network size, and for finding the minimum and maximum sensor reading.
Abstract: Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor networks faces many challenges imposed by real-world demands. Sensor nodes often have limited computation and communication resources and battery power. Moreover, in many applications sensors are deployed in open environments, and hence are vulnerable to physical attacks, potentially compromising the sensor's cryptographic keys.One of the basic and indispensable functionalities of sensor networks is the ability to answer queries over the data acquired by the sensors. The resource constraints and security issues make designing mechanisms for information aggregation in large sensor networks particularly challenging.In this paper, we propose a novel framework for secure information aggregation in large sensor networks. In our framework certain nodes in the sensor network, called aggregators, help aggregating information requested by a query, which substantially reduces the communication overhead. By constructing efficient random sampling mechanisms and interactive proofs, we enable the user to verify that the answer given by the aggregator is a good approximation of the true value even when the aggregator and a fraction of the sensor nodes are corrupted. In particular, we present efficient protocols for secure computation of the median and the average of the measurements, for the estimation of the network size, and for finding the minimum and maximum sensor reading. Our protocols require only sublinear communication between the aggregator and the user. To the best of our knowledge, this paper is the first on secure information aggregation in sensor networks that can handle a malicious aggregator and sensor nodes.
918 citations
TL;DR: An idea to directly encode the qubit of quantum key distributions, and then present a quantum secret sharing scheme where only product states are employed, where the theoretic efficiency is doubled to approach 100%.
327 citations
TL;DR: It is shown that any two-party functionality can be securely computed in a constant number of rounds, where security is obtained against (polynomial-time) malicious adversaries that may arbitrarily deviate from the protocol specification.
Abstract: In this paper we show that any two-party functionality can be securely computed in a constant number of rounds , where security is obtained against (polynomial-time) malicious adversaries that may arbitrarily deviate from the protocol specification. This is in contrast to Yao's constant-round protocol that ensures security only in the face of semi-honest adversaries, and to its malicious adversary version that requires a polynomial number of rounds.
146 citations
IBM1
TL;DR: This protocol constitutes the first feasibility result for general two-party computation without setup assumptions for any model of concurrency, and has O(m) rounds of communication, where m is the bound on the number of concurrent executions.
Abstract: In this paper we study the feasibility of obtaining protocols for general two-party computation that remain secure under concurrent composition. (A general protocol can be used for obtaining secure computation of any functionality.) We consider a scenario where no trusted setup is assumed (and so, for example, there is no common reference string available to the parties); we call this the "plain model". We present both negative and positive results for this model. Specifically, we show that a general two-party protocol that remains secure for m concurrent executions and can be proven via black-box simulation, must have more than m rounds of communication. An important corollary of this result is that there do not exist protocols for black-box secure general two-party computation for the case of unbounded concurrency (where any polynomial number of concurrent executions may be run). On the positive side, we show that under general cryptographic assumptions, there exist secure protocols for general two-party computation in the model of bounded concurrent composition (in this model the number of concurrent executions is fixed and the protocol design may depend on this number). Our protocol has O(m) rounds of communication, where m is the bound on the number of concurrent executions, and uses both black-box and non black-box techniques. We note that this protocol constitutes the first feasibility result for general two-party computation without setup assumptions for any model of concurrency.
138 citations
TL;DR: This paper presents a sufficient condition under which it is able to determine all the minimal codewords of certain linear codes, and constructs some linear codes whose covering structure can be determined, and uses them to construct secret sharing schemes with interesting access structures.
Abstract: Secret sharing has been a subject of study for over twenty years, and has had a number of real-world applications. There are several approaches to the construction of secret sharing schemes. One of them is based on coding theory. In principle, every linear code can be used to construct secret sharing schemes. But determining the access structure is very hard as this requires the complete characterisation of the minimal codewords of the underlying linear code, which is a difficult problem. In this paper we present a sufficient condition under which we are able to determine all the minimal codewords of certain linear codes. The condition is derived using exponential sums. We then construct some linear codes whose covering structure can be determined, and use them to construct secret sharing schemes with interesting access structures.
131 citations
06 Feb 2003
TL;DR: A secure protocol for Yao's millionaires' problem, in which each of the two participating parties have a number and the objective is to determine whose number is larger without disclosing any information about the numbers, is presented.
Abstract: The increase in volume and sensitivity of data communicated and processed over the Internet has been accompanied by a corresponding need for e-commerce techniques in which entities can participate in a secure and anonymous fashion. Even simple arithmetic operations over a set of integers partitioned over a network require sophisticated algorithms. As apart of our earlier work, we have developed a secure protocol for computing dot products of two vectors. In this paper, we present a secure protocol for Yao's millionaires' problem. In this problem, each of the two participating parties have a number and the objective is to determine whose number is larger without disclosing any information about the numbers. This problem has direct applications in on-line bidding and auctions. Furthermore, combined with a secure dot-product, a solution to this secure multiparty computation provides necessary building blocks for such basic operations as frequent item-set generation in association rule mining. Although an asymptotically optimal solution for the secure multiparty computation of the 'less-or-equal' predicate exists in literature, this protocol is not suited for practical applications. Here, we present a protocol which has a much simpler structure and is more efficient for numbers in ranges practically encountered in typical e-commerce applications. Furthermore, advances in cryptanalysis and the subsequent increase in key lengths for public-key cryptographic systems accentuate the advantage of the proposed protocol. We present experimental evidence demonstrating the efficiency of the proposed protocol both in terms of time and communication overhead.
119 citations
Journal Article•
TL;DR: In this paper, the authors propose a secure MPC protocol over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements.
Abstract: Secure multi-party computation (MPC) is an active research area, and a wide range of literature can be found nowadays suggesting improvements and generalizations of existing protocols in various directions. However, all current techniques for secure MPC apply to functions that are represented by (boolean or arithmetic) circuits over finite fields. We are motivated by two limitations of these techniques: - GENERALITY. Existing protocols do not apply to computation over more general algebraic structures (except via a brute-force simulation of computation in these structures). - EFFICIENCY. The best known constant-round protocols do not efficiently scale even to the case of large finite fields. Our contribution goes in these two directions. First, we propose a basis for unconditionally secure MPC over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements. second, we extend these results to the constant-round setting, and suggest efficiency improvements that are relevant also for the important special case of fields. We demonstrate the usefulness of the above results by presenting a novel application of MPC over (non-field) rings to the round-efficient secure computation of the maximum function.
70 citations
Posted Content•
TL;DR: This work proposes a basis for unconditionally secure MPC over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtains efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements.
Abstract: Secure multi-party computation (MPC) is an active research area, and a wide range of literature can be found nowadays suggesting improvements and generalizations of existing protocols in various directions. However, all current techniques for secure MPC apply to functions that are represented by (boolean or arithmetic) circuits over finite fields. We are motivated by two limitations of these techniques: - GENERALITY. Existing protocols do not apply to computation over more general algebraic structures (except via a brute-force simulation of computation in these structures). - EFFICIENCY. The best known constant-round protocols do not efficiently scale even to the case of large finite fields.
Our contribution goes in these two directions. First, we propose a basis for unconditionally secure MPC over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements. Second, we extend these results to the constant-round setting, and suggest efficiency improvements that are relevant also for the important special case of fields. We demonstrate the usefulness of the above results by presenting a novel application of MPC over (non-field) rings to the round-efficient secure computation of the maximum function.
69 citations
Book•
05 Nov 2003
TL;DR: This chapter discusses the Composition of Authenticated Byzantine Agreement, a model for Secure Computation without Agreement, and Universally Composable Multi-party Computation, which is based on Byzantine agreement.
Abstract: 1 Introduction- 2 The Composition of Authenticated Byzantine Agreement- 3 Secure Computation without Agreement- 4 Universally Composable Multi-party Computation
46 citations
13 Oct 2003
TL;DR: The system architecture of the SPREAD scheme, including how to divide the secret message into multiple shares using the secret sharing scheme, how to find the desired multiple secure paths, as well as how to allocate the message shares onto each selected path such that maximum security can be achieved, is presented.
Abstract: This paper considers the delivery of secret information across insecure networks. A novel end-to-end multipath secure data delivery scheme, secure protocol for reliable data delivery (SPREAD), is proposed as a complementary mechanism for the data confidentiality service in the public networks. The idea behind SPREAD is to improve the confidentiality by enforcing the secret sharing principle in the network via multipath routing. With a (T,N) secret sharing scheme, the message to be protected can be divided into N shares such that from any T or more shares, it can easily recover the message, while from any T-1 or less shares, it should be impossible to recover the message. Then using multipath routing, the shares are delivered across the network via multiple independent paths. The destination node reconstructs the original message upon receiving T or more shares. This paper presents the system architecture of the SPREAD scheme, including how to divide the secret message into multiple shares using the secret sharing scheme, how to find the desired multiple secure paths, as well as how to allocate the message shares onto each selected path such that maximum security can be achieved. The discussion on the optimal share allocations reveals that redundant SPREAD scheme is not only more secure but also more error-tolerant and fault-tolerant. The simulation results show that significantly reduced message interception ratio can be achieved by SPREAD.
36 citations
30 Oct 2003
TL;DR: This paper surveys approaches to secure multi-party computation, and gives a method whereby an efficient protocol for two parties using an untrusted third party can be used to construct an efficient peer-to-peer securemulti-party protocol.
Abstract: Secure Multi-Party Computation enables parties with private data to collaboratively compute a global function of their private data, without revealing that data. The increase in sensitive data on networked computers, along with improved ability to integrate and utilize that data, make the time ripe for practical secure multi-party computation. This paper surveys approaches to secure multi-party computation, and gives a method whereby an efficient protocol for two parties using an untrusted third party can be used to construct an efficient peer-to-peer secure multi-party protocol.
27 Jan 2003
TL;DR: This work generalizes some protocols dealing with verifiable secret sharing, in such a way that they run in a general distributed scenario for both the tolerated subset of dishonest players and the subsets of honest players authorized to execute the different phases of the protocols.
Abstract: Secret sharing schemes are an essential part of distributed cryptographic systems. When dishonest participants are considered, then an appropriate tool are verifiable secret sharing schemes. Such schemes have been traditionally considered for a threshold scenario, in which all the participants play an equivalent role. In this work, we generalize some protocols dealing with verifiable secret sharing, in such a way that they run in a general distributed scenario for both the tolerated subsets of dishonest players and the subsets of honest players authorized to execute the different phases of the protocols.
19 May 2003
TL;DR: A distributed store that offers various levels of security guarantees while tolerating a limited number of nodes that are compromised by an adversary is presented and secret sharing is integrated with replication for better performance and to keep access costs low.
Abstract: We present the design of a distributed store that offers various levels of security guarantees while tolerating a limited number of nodes that are compromised by an adversary. The store uses secret sharing schemes to offer security guarantees namely availability, confidentiality and integrity. However, a pure secret sharing scheme could suffer from performance problems and high access costs. We integrate secret sharing with replication for better performance and to keep access costs low. The tradeoffs involved between availability and access cost on one hand and confidentiality and integrity on the other are analyzed. Our system differs from traditional approaches such as state machine or quorum based replication that have been developed to tolerate Byzantine failures. Unlike such systems, we augment replication with secret sharing and demonstrate that such a hybrid scheme offers additional flexibility that is not possible with replication alone.
24 Feb 2003
TL;DR: This paper shows the first instance for which an improvement is possible, and shows instances of multi-secret sharing schemes which achieve this improvement, with respect to both efficiency measures, thus showing that the above bound is tight.
Abstract: A secret sharing scheme is a method for distributing a secret among several parties in such a way that only qualified subsets of the parties can reconstruct it and unqualified subsets receive no information about the secret. A multi-secret sharing scheme is the natural extension of a secret sharing scheme to the case in which many secrets need to be shared, each with respect to possibly different subsets of qualified parties. A multi-secret sharing scheme can be trivially realized by realizing a secret sharing scheme for each of the secrets.In this paper we address the natural questions of whether this simple construction is the most efficient as well, and, if not, how much improvement is possible over it, with respect to both efficiency measures used in the literature; namely, the maximum piece of information and the sum of all pieces of information distributed to all parties. We completely answer these questions, as follows. We show the first instance for which an improvement is possible; we prove a bound on how much improvement is possible with respect to both measures; and we show instances of multi-secret sharing schemes which achieve this improvement, with respect to both measures, thus showing that the above bound is tight.
15 Sep 2003
TL;DR: In this paper, a new method is proposed to construct a visual secret sharing scheme with a general access structure for plural secret images, which can encode plural gray-scale and/or color secret images.
Abstract: In this paper, a new method is proposed to construct a visual secret sharing scheme with a general access structure for plural secret images. Although the proposed scheme can be considered as an extension of Droste’s method that can encode only black-white images, it can encode plural gray-scale and/or color secret images. key words: visual secret sharing schemes, plural secret images, general access structures
Journal Article•
TL;DR: A new method is proposed to construct a visual secret sharing scheme with a general access structure for plural secret images that can encode plural gray-scale and/or color secret images.
02 Apr 2003
TL;DR: New protocols for secure strong secret sharing, based on RSA, Diffie-Hellman, and El-Gamal, are presented, which are simpler and quicker than their predecessors and have stronger security properties.
Abstract: Sometimes two parties who already share a weak secret k such as a password wish to share also a strong secret s such as a session key without revealing information about k to an active attacker. We assume that both parties can generate strong random numbers and forget secrets, and present new protocols for secure strong secret sharing, based on RSA, Diffie-Hellman, and El-Gamal. As well as being simpler and quicker than their predecessors, our protocols also have stronger security properties. In particular, our protocols make no cryptographic use of s and so do not impose subtle restrictions upon the use which is subsequently made of s by other protocols. Neither do we rely upon the existence of hash functions with serendipitous properties. In the course of presenting these protocols, we also consider how to frustrate some new types of cryptographic and system attack.
Patent•
IBM1
TL;DR: In this article, the authors present an approach for secure processing of sensitive data, which includes a network server (102) which receives a request (110) for processing from a requestor (101) over a secure network channel, a secure computation environment (102), and a contract engine that controls the processing of the request based on contracts on which the parties agreed.
Abstract: Apparatus for secure processing of sensitive data includes a network server (102), which receives a request (110) for processing from a requestor (101) over a secure network channel, a secure computation environment (102) for processing sensitive data in a way that can not be externally observed or tampered with, and a contract engine that controls the processing of the request based on contracts on which the parties agreed. A task processing unit, which performs a sequence of processing steps as defined in the contract, thereby using and extending the processing state, which initially contains the information sent in the request. A responder, which selects parts of the processing state as defined in the contract, and generates response messages, which it sends over secure network channels to the parties (101, 103, 104) defined in the contract.
Journal Article•
04 May 2003
TL;DR: In this paper, the authors propose a secure MPC protocol over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements.
Abstract: Secure multi-party computation (MPC) is an active research area, and a wide range of literature can be found nowadays suggesting improvements and generalizations of existing protocols in various directions. However, all current techniques for secure MPC apply to functions that are represented by (boolean or arithmetic) circuits over finite fields. We are motivated by two limitations of these techniques: - GENERALITY. Existing protocols do not apply to computation over more general algebraic structures (except via a brute-force simulation of computation in these structures). - EFFICIENCY. The best known constant-round protocols do not efficiently scale even to the case of large finite fields.
Our contribution goes in these two directions. First, we propose a basis for unconditionally secure MPC over an arbitrary finite ring, an algebraic object with a much less nice structure than a field, and obtain efficient MPC protocols requiring only a black-box access to the ring operations and to random ring elements. Second, we extend these results to the constant-round setting, and suggest efficiency improvements that are relevant also for the important special case of fields. We demonstrate the usefulness of the above results by presenting a novel application of MPC over (non-field) rings to the round-efficient secure computation of the maximum function.
TL;DR: Two new (2, n) ASS schemes are proposed, which carefully employ the technique of time division with only one cover sound and have the advantage of flexible improvement in relative contrast as needed.
Abstract: An Audio Secret Sharing (ASS) scheme is a special type of secret sharing scheme [3], which the shares of embedded messages use music as cover sound. Desmedt et al. firstly introduced the (2, 2) ASS scheme with one cover sound and also the generalized (2, n) ASS scheme with [log2n] different cover sounds. No only will more cover sounds overburden the human hearing system but also may become difficult for people to distinguish the secret bit correctly. Thus, their scheme is not practical when n is large. In this paper, we will propose two new (2, n) ASS schemes, which carefully employ the technique of time division with only one cover sound. Comparing with the first scheme, the second scheme has the advantage of flexible improvement in relative contrast as needed. To test the acoustic result, we implemented these two proposed (2, n) ASS schemes for small n using one wave-type cover sound and then obtained near expected results.
Journal Article•
TL;DR: In this paper, the optimal information rate of ideal access structures with intersection number equal to one is studied. But the optimal rate is not known for the non-ideal case.
Abstract: The characterization of ideal access structures and the search for bounds on the optimal information rate are two important problems in secret sharing. These problems are studied in this paper for access structures with intersection number equal to one, that is, access structures such that there is at most one participant in the intersection of any two minimal qualified subsets. Examples of such access structures are those defined by finite projective planes and those defined by graphs. In this work, ideal access structures with intersection number equal to one are completely characterized and bounds on the optimal information rate are provided for the non-ideal case.
15 Dec 2003
TL;DR: This paper investigates the construction of efficient secret sharing schemes for several classes of access structures by using a technique called hypergraph decomposition, extending in a non-trivial way the previously studied graph decomposition technique.
Abstract: In this paper we investigate the construction of efficient secret sharing schemes by using a technique called hypergraph decomposition, extending in a non-trivial way the previously studied graph decomposition technique. A major advantage advantage of hypergraph decomposition is that it applies to any access structure, rather than only structures representable as graphs. As a consequence we obtain secret sharing schemes for several classes of access structures with improved efficiency over previous results. We also obtain an elementary characterization of the ideal access structures among the hyperstars, which is of independent interest.
TL;DR: A foundational framework is presented and a range of general constructions of unconditionally secure secret sharing schemes offering various degrees of anonymity are provided.
Abstract: We discuss the concept of anonymity in an unconditionally secure secret sharing scheme, proposing several types of anonymity and situations in which they might arise. We present a foundational framework and provide a range of general constructions of unconditionally secure secret sharing schemes offering various degrees of anonymity.
08 Dec 2003
TL;DR: This work considers both information-theoretic and cryptographic settings for Multi-Party Computation (MPC), based on the underlying linear secret sharing scheme, and shows which conditions the resulting access structure should fulfill in order to achieve MPC secure against an adaptive, active adversary in the zero-error case.
Abstract: We consider both information-theoretic and cryptographic settings for Multi-Party Computation (MPC), based on the underlying linear secret sharing scheme. Our goal is to study the Monotone Span Program (MSP), that is the result of local multiplication of shares distributed by two given MSPs as well as the access structure that this resulting MSP computes. First, we expand the construction proposed by Cramer et al. for multiplying two different general access structures and we prove some properties of the resulting MSP.We prove that using two (different) MSPs to compute their resulting MSP is more efficient than building a multiplicative MSP.Next we define a (strongly) multiplicative resulting MSP and we prove that when one uses dual MSPs only all players together can compute the product. An analog of the algebraic simplification protocol of Gennaro et al. is presented. We show which conditions the resulting access structure should fulfill in order to achieve MPC secure against an adaptive, active adversary in the zero-error case in both the computational and the information-theoretic model.
Journal Article•
TL;DR: In this paper, it is shown that without access to a black box for some complete function such as AND, not all functions can be securely computed in the information theoretic setting.
Abstract: Secure computation is one of the most fundamental cryptographic tasks. It is known that all functions can be computed securely in the information theoretic setting, given access to a black box for some complete function such as AND. However, without such a black box, not all functions can be securely computed. This gives rise to two types of functions, those that can be computed without a black box (“easy”) and those that cannot (“hard”). However, no further distinction among the hard functions is made.
01 Jan 2003
TL;DR: This work studies three aspects of secret sharing, VSS and MPC, and gives a complete characterization of black-box secret sharing in terms of simple algebraic conditions on the integer sharing coefficients, and proposes a black- box secret sharing scheme with minimal expansion factor.
Abstract: While classically cryptography is concerned with the problem of private communication among two entities, say players, in modern cryptography multi-player protocols play an important role. And among these, it is probably fair to say that secret sharing, and its stronger version verifiable secret sharing (VSS), as well as multi-party computation (MPC) belong to the most appealing and/or useful ones. The former two are basic tools to achieve better robustness of cryptographic schemes against malfunction or misuse by " decentralizing " the security from one single to a whole group of individuals (captured by the term threshold cryptography). The latter allows—at least in principle—to execute any collaboration among a group of players in a secure way that guarantees the correctness of the outcome but simultaneously respects the privacy of the participants. In this work, we study three aspects of secret sharing, VSS and MPC, which we denote by fundamentals, generality, and efficiency. By fundamentals we mean the quest for understanding why a protocol works and is secure in abstract (and hopefully simple) mathematical terms. By generality we mean generality with respect to the underlying mathematical structure, in other words, minimizing the mathematical axioms required to do some task. And efficiency of course deals with the improvement of protocols with respect to some meaningful complexity measure. We briefly summarize our main results. (1) We give a complete characterization of black-box secret sharing in terms of simple algebraic conditions on the integer sharing coefficients, and we propose a black-box secret sharing scheme with minimal expansion factor. Note that, in contrast to the classical field-based secret sharing schemes, a black-box secret sharing scheme allows to share a secret sampled from an arbitrary Abelian group and requires only black-box access to the group operations and to random group elements. Such a scheme may be very useful in the construction of threshold cryptosystems based on groups with secret order (like RSA). (2) We show that without loss of efficiency, MPC can be based on arbitrary finite rings. This is in sharp contrast to the literature where essentially all MPC protocols require a much stronger mathematical structure, namely a field. Apart from its theoretical value, this can lead to efficiency improvements since it allows a greater freedom in the (mathematical) representation of the task that needs to be securely executed. (3) We propose a unified treatment of perfectly secure linear VSS and distributed commitments (a weaker version …
Journal Article•
TL;DR: A simple approach to secure multi-party computation is presented, based on essentially no mathematical structure or sophisticated subprotocols, which yields protocols secure for mixed corruption and general adversary structures in a simpler formulation and with simpler proofs.
Abstract: A simple approach to secure multi-party computation is presented. Unlike previous approaches, it is based on essentially no mathematical structure (like bivariate polynomials) or sophisticated subprotocols (like zero-knowledge proofs). It naturally yields protocols secure for mixed (active and passive) corruption and general (as opposed to threshold) adversary structures, confirming the previous tight bounds in a simpler formulation and with simpler proofs. Due to their simplicity, the described protocols are well-suited for didactic purposes, which is a main goal of this paper.
01 Jan 2003
TL;DR: This chapter considers an asynchronous multi-party network and an adversary that can adaptively corrupt as many parties as it wishes, and presents protocols that allow any subset of parties in this setting to securely realize any desired functionality of their inputs, and be guaranteed that security is preserved regardless of the activity in the rest of the network.
Abstract: In this chapter we prove a fundamental result stating that secure multiparty computation that remains secure under concurrent general composition can be achieved, for any number of corrupted parties. That is, we consider an asynchronous multi-party network and an adversary that can adaptively corrupt as many parties as it wishes. We present protocols that allow any subset of parties in this setting to securely realize any desired functionality of their inputs, and be guaranteed that security is preserved regardless of the activity in the rest of the network. Our protocols are in the common reference string model and rely on standard intractability assumptions.
TL;DR: Certain two-weight codes are used to construct secret sharing schemes, and their access structure is analyzed to determine the access structure of these schemes.