Showing papers on "Secure multi-party computation published in 2006"
23 Jul 2006
TL;DR: K-resilient Nash equilibria, joint strategies where no member of a coalition C of size up to k can do better, even if the whole coalition defects, exist for secret sharing and multiparty computation, provided that players prefer to get the information than not to get it.
Abstract: We study k-resilient Nash equilibria, joint strategies where no member of a coalition C of size up to k can do better, even if the whole coalition defects. We show that such k-resilient Nash equilibria exist for secret sharing and multiparty computation, provided that players prefer to get the information than not to get it. Our results hold even if there are only 2 players, so we can do multiparty computation with only two rational agents. We extend our results so that they hold even in the presence of up to t players with "unexpected" utilities. Finally, we show that our techniques can be used to simulate games with mediators by games without mediators.
406 citations
TL;DR: A sufficient condition for all nonzero codewords of a linear code to be minimal is derived from exponential sums, and then used to construct secret sharing schemes with nice access structures.
Abstract: Secret sharing has been a subject of study for over 20 years, and has had a number of real-world applications. There are several approaches to the construction of secret sharing schemes. One of them is based on coding theory. In principle, every linear code can be used to construct secret sharing schemes. But determining the access structure is very hard as this requires the complete characterization of the minimal codewords of the underlying linear code, which is a difficult problem in general. In this paper, a sufficient condition for all nonzero codewords of a linear code to be minimal is derived from exponential sums. Some linear codes whose covering structure can be determined are constructed, and then used to construct secret sharing schemes with nice access structures.
298 citations
TL;DR: In the method proposed in this study, the difference image of the secret image is encoded using Huffman coding scheme, and the arithmetic calculations of the sharing functions are evaluated in a power-of-two Galois Field GF(2^t).
226 citations
01 Nov 2006
TL;DR: A two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.
Abstract: k-anonymity provides a measure of privacy protection by preventing re-identification of data to fewer than a group of k data items. While algorithms exist for producing k-anonymous data, the model has been that of a single source wanting to publish data. Due to privacy issues, it is common that data from different sites cannot be shared directly. Therefore, this paper presents a two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other. The framework is privacy preserving in the sense that it satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.
210 citations
20 Aug 2006
TL;DR: This work presents the first general protocol for secure multiparty computation which is scalable, in the sense that the amortized work per player does not grow, and in some natural settings even vanishes, with the number of players.
Abstract: We present the first general protocol for secure multiparty computation which is scalable, in the sense that the amortized work per player does not grow, and in some natural settings even vanishes, with the number of players. Our protocol is secure against an active adversary which may adaptively corrupt up to some constant fraction of the players. The protocol can be implemented in a constant number rounds assuming the existence of a “computationally simple” pseudorandom generator, or in a small non-constant number of rounds assuming an arbitrary pseudorandom generator.
160 citations
TL;DR: The experimental results demonstrate that cheating is possible when the cheaters form a coalition in order to deceive honest participants, and a simple cheating prevention visual cryptographic schemes are proposed.
Abstract: A secret sharing scheme allows a secret to be shared among a set of participants, P, such that only authorized subsets of P can recover the secret, but any unauthorized subset cannot recover the secret. In 1995, Naor and Shamir proposed a variant of secret sharing, called visual cryptography, where the shares given to participants are xeroxed onto transparencies. If X is an authorized subset of P, then the participants in X can visually recover the secret image by stacking their transparencies together without performing any computation. In this paper, we address the issue of cheating by dishonest participants, called cheaters, in visual cryptography. The experimental results demonstrate that cheating is possible when the cheaters form a coalition in order to deceive honest participants. We also propose two simple cheating prevention visual cryptographic schemes.
150 citations
TL;DR: A special attack strategy to the multiparty quantum secret sharing protocol is come up with, using fake signal and Bell measurement, the agent Bob who generates the initial signals can elicit Alice's secret message.
144 citations
TL;DR: A sublinear-communication protocol for securely approximating the Hamming distance and a polynomial-time protocol for secure approximations of the permanent and related #P-hard problems are obtained.
Abstract: Approximation algorithms can sometimes provide efficient solutions when no efficient exact computation is known. In particular, approximations are often useful in a distributed setting where the inputs are held by different parties and may be extremely large. Furthermore, for some applications, the parties want to compute a function of their inputs securely without revealing more information than necessary. In this work, we study the question of simultaneously addressing the above efficiency and security concerns via what we call secure approximations.We start by extending standard definitions of secure (exact) computation to the setting of secure approximations. Our definitions guarantee that no additional information is revealed by the approximation beyond what follows from the output of the function being approximated. We then study the complexity of specific secure approximation problems. In particular, we obtain a sublinear-communication protocol for securely approximating the Hamming distance and a polynomial-time protocol for securely approximating the permanent and related nP-hard problems.
140 citations
21 Oct 2006
TL;DR: In this paper, anonymous communication over insecure channels can be used to implement unconditionally secure point-to-point channels, broadcast, and general multi-party protocols that remain secure as long as less than half of the players are maliciously corrupted.
Abstract: There is a vast body of work on implementing anonymous communication. In this paper, we study the possibility of using anonymous communication as a building block, and show that one can leverage on anonymity in a variety of cryptographic contexts. Our results go in two directions. middot Feasibility. We show that anonymous communication over insecure channels can be used to implement unconditionally secure point-to-point channels, broadcast, and general multi-party protocols that remain unconditionally secure as long as less than half of the players are maliciously corrupted. middot Efficiency. We show that anonymous channels can yield substantial efficiency improvements for several natural secure computation tasks. In particular, we present the first solution to the problem of private information retrieval (PIR) which can handle multiple users while being close to optimal with respect to both communication and computation
137 citations
TL;DR: In this article, a circular quantum secret sharing protocol is proposed, which is useful and efficient when one of the parties of secret sharing is remote to the others who are in adjacent, especially the parties are more than three.
Abstract: A circular quantum secret sharing protocol is proposed, which is useful and efficient when one of the parties of secret sharing is remote to the others who are in adjacent, especially the parties are more than three. We describe the process of this protocol and discuss its security when the quantum information carrying is polarized single photons running circularly. It will be shown that entanglement is not necessary for quantum secret sharing. Moreover, the theoretic efficiency is improved to approach 100% as almost all the instances can be used for generating the private key, and each photon can carry one bit of information without quantum storage. It is straightforwardly to utilize this topological structure to complete quantum secret sharing with multi-level two-particle entanglement in high capacity securely.
136 citations
01 Jan 2006
TL;DR: (TDSC) is a bimonthly journal that publishes archival research results focusing on research into foundations, methodologies, and mechanisms that support the achievement of systems and networks that are dependable and secure without compromising performance.
Abstract: (TDSC) is a bimonthly journal that publishes archival research results focusing on research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation— of systems and networks that are dependable and secure to the desired degree without compromising performance. Subscribe today or submit your manuscript at: www.computer.org/tdsc. Submissions are welcomed on any topic within the scope of TDSC, especially but not limited to:
TL;DR: A very simple approach to secure multi-party computation with straight-forward security proofs, which naturally yields protocols secure for mixed (active and passive) corruption and general adversary structures, confirming the previously proved tight bounds in a simpler framework.
21 May 2006
TL;DR: This paper presents protocols that use only black-box access to a family of (enhanced) trapdoor permutations or to a homomorphic public-key encryption scheme, and presents a protocol whose communication complexity is independent of the computational complexity of the underlying primitive and whose computational complexity grows only linearly with that ofThe underlying primitive.
Abstract: It is well known that the secure computation of non-trivial functionalities in the setting of no honest majority requires computational assumptions. We study the way such computational assumptions are used. Specifically, we ask whether the secure protocol can use the underlying primitive (e.g., one-way trapdoor permutation) in a black-box way, or must it be nonblack-box (by referring to the code that computes this primitive)? Despite the fact that many general constructions of cryptographic schemes (e.g., CPA-secure encryption) refer to the underlying primitive in a black-box way only, there are some constructions that are inherently nonblack-box. Indeed, all known constructions of protocols for general secure computation that are secure in the presence of a malicious adversary and without an honest majority use the underlying primitive in a nonblack-box way (requiring to prove in zero-knowledge statements that relate to the primitive).In this paper, we study whether such nonblack-box use is essential. We present protocols that use only black-box access to a family of (enhanced) trapdoor permutations or to a homomorphic public-key encryption scheme. The result is a protocol whose communication complexity is independent of the computational complexity of the underlying primitive (e.g., a trapdoor permutation) and whose computational complexity grows only linearly with that of the underlying primitive. This is the first protocol to exhibit these properties.
21 May 2006
TL;DR: In this paper, the authors investigated the question of whether security of protocols in the information-theoretic setting (where the adversary is computationally unbounded) implies security under concurrent composition.
Abstract: We investigate the question of whether security of protocols in the information-theoretic setting (where the adversary is computationally unbounded) implies security under concurrent composition. This question is motivated by the folklore that all known protocols that are secure in the information-theoretic setting are indeed secure under concurrent composition. We provide answers to this question for a number of different settings (i.e., considering perfect versus statistical security, and concurrent composition with adaptive versus fixed inputs). Our results enhance the understanding of what is necessary for obtaining security under composition, as well as providing tools (i.e., composition theorems) that can be used for proving the security of protocols under composition while considering only the standard stand-alone definitions of security.
21 Oct 2006
TL;DR: A first definition of general secure computation that, without any trusted set-up, handles an arbitrary number of concurrent executions; and is implementable based on standard complexity assumptions is put forward.
Abstract: We put forward a first definition of general secure computation that, without any trusted set-up, --handles an arbitrary number of concurrent executions; and --is implementable based on standard complexity assumptions. In contrast to previous definitions of secure computation, ours is not simulation-based.
26 Jun 2006
TL;DR: A strong (k,n) threshold-based ramp secret sharing scheme with k access levels with large compression rate on the size of the shares and strong protection of the secrets is presented.
Abstract: This paper presents a strong (k,n) threshold-based ramp secret sharing scheme with k access levels The secrets are the elements represented in a square matrix S The secret matrix S can be shared among n different participants using a matrix projection technique where: i) any subset of k participants can collaborate together to reconstruct the secret, and ii) any subset of (k-1) or fewer participants cannot partially discover the secret matrix The primary advantages are its large compression rate on the size of the shares and its strong protection of the secrets
29 Sep 2006
TL;DR: This approach's advantages are its large compression rate on the size of the image shares, its strong protection of the secret image and its ability for the realtime processing.
Abstract: This paper presents a reliable image secret sharing method which incorporates two k-out-of-n secret sharing schemes: i) Shamir's secret sharing scheme and ii) matrix projection secret sharing scheme. The technique allows a colored secret image to be divided as n image shares so that: i) any k image shares (k \leqslant n) are sufficient to reconstruct the secret image in the lossless manner and ii) any (k - 1) or fewer image shares cannot get enough information to reveal the secret image. It is an effective, reliable and secure method to prevent the secret image from being lost, stolen or corrupted. In comparison with other image secret sharing methods, this approach's advantages are its large compression rate on the size of the image shares, its strong protection of the secret image and its ability for the realtime processing.
21 Oct 2006
TL;DR: The algorithm presents the first solution to privacy preserving decision tree classification among more than two parties and makes a performance comparison with the existing solution, which is only applicable to the twoparty case.
Abstract: Privacy preserving decision tree classification algorithm is to solve such a distributed computation problem that the participant parties jointly build a decision tree over the data set distributed among them, and they do not want their private sensitive data to be revealed to others during the tree-building process. The existing privacy preserving decision tree classification algorithms over the data set horizontally partitioned and distributed among different parties only can cope with the data with discrete attribute values. This paper propose a solution to privacy preserving C4.5 algorithm based on secure multi-party computation techniques, which can securely build a decision tree over the horizontally partitioned data with both discrete and continuous attribute values. Moreover, we propose a secure two-party bubble sort algorithm to solve the privacy preserving sort problem in our solution.
Journal Article•
TL;DR: It is proved, using the concept of entropy, that in any perfect threshold secret sharing scheme the shares must be at least as long as the secret and, later on, Capocelli, De Santis, Gargano, and Vaccaro have extended this result to the …
Abstract: Preface A secret sharing scheme starts with a secret and then derives from it certain shares (or shadows) which are distributed to users. The secret may be recovered only by certain predetermined groups which belong to the access structure. Secret sharing schemes have been independently introduced by Blakley [12] and Shamir [134] as a solution for safeguarding cryptographic keys. Secret sharing schemes can be used for any situation in which the access to an important resource has to be restricted. We mention here the case of opening bank vaults or launching a nuclear missile. In the first secret sharing schemes only the number of the participants in the reconstruction phase was important for recovering the secret. Such schemes have been referred to as threshold secret sharing schemes. There are secret sharing schemes that deal with more complex access structures than the threshold ones. We mention here the weighted threshold secret sharing schemes in which a positive weight is associated to each user and the secret can be reconstructed if and only if the sum of the weights of the participants is greater than or equal to a fixed threshold, the hierarchical (or multilevel) secret sharing schemes in which the set of users is partitioned into some levels and the secret can be recovered if and only if there is an initialization level such that the number of the participants from this level or higher levels is greater than or equal to the initialization level threshold, the compartmented secret sharing schemes in which the set of users is partitioned into compartments and the secret can be recovered if and only if the number of participants from any compartment is greater than or equal to a compartment threshold and the total number of participants is greater than or equal to a global threshold. Ito, Saito, and Nishizeki [90], Benaloh and Leichter [9] have proposed constructions for realizing any monotone (i.e., if a group belongs to the access structure, so does a larger group) access iii iv structure. The schemes in which the unauthorized groups gain no information about the secret are referred to as perfect. Karnin, Greene, and Hellman [97] have proved, using the concept of entropy, that in any perfect threshold secret sharing scheme the shares must be at least as long as the secret and, later on, Capocelli, De Santis, Gargano, and Vaccaro [27] have extended this result to the …
20 Aug 2006
TL;DR: This paper studies the possibility of obtaining general protocols for multiparty computation that simultaneously guarantee security (allowing abort) in the case that an arbitrary number of parties are corrupted and full security (including guaranteed output delivery) inThe case that only a minority of the Parties are corrupted.
Abstract: In the setting of multiparty computation, a set of parties wish to jointly compute a function of their inputs, while preserving security in the case that some subset of them are corrupted. The typical security properties considered are privacy, correctness, independence of inputs, guaranteed output delivery and fairness. Until now, all works in this area either considered the case that the corrupted subset of parties constitutes a strict minority, or the case that a half or more of the parties are corrupted. Secure protocols for the case of an honest majority achieve full security and thus output delivery and fairness are guaranteed. However, the security of these protocols is completely compromised if there is no honest majority. In contrast, protocols for the case of no honest majority do not guarantee output delivery, but do provide privacy, correctness and independence of inputs for any number of corrupted parties. Unfortunately, an adversary controlling only a single party can disrupt the computation of these protocols and prevent output delivery.
In this paper, we study the possibility of obtaining general protocols for multiparty computation that simultaneously guarantee security (allowing abort) in the case that an arbitrary number of parties are corrupted and full security (including guaranteed output delivery) in the case that only a minority of the parties are corrupted. That is, we wish to obtain the best of both worlds in a single protocol, depending on the corruption case. We obtain both positive and negative results on this question, depending on the type of the functionality to be computed (standard or reactive) and the type of dishonest majority (semi-honest or malicious).
TL;DR: This paper generalized the square block-wise approach to further reduce pixel expansion in an aspect ratio invariant visual secret sharing scheme and proposes a new scheme based on processing one and four pixel blocks.
18 Sep 2006
TL;DR: This work introduces the TrustedPals framework, an efficient smart card based implementation of SMC for any number of participating entities in such a model, and shows that in this model SMC can be implemented by reducing it to a fault-tolerance problem at the level of security modules.
Abstract: We study the problem of Secure Multi-party Computation (SMC) in a model where individual processes contain a tamper-proof security module, and introduce the TrustedPals framework, an efficient smart card based implementation of SMC for any number of participating entities in such a model. Security modules can be trusted by other processes and can establish secure channels between each other. However, their availability is restricted by their host, that is, a corrupted party can stop the computation of its own security module as well as drop any message sent by or to its security module. We show that in this model SMC can be implemented by reducing it to a fault-tolerance problem at the level of security modules. Since the critical part of the computation can be executed locally on the smart card, we can compute any function securely with a protocol complexity which is polynomial only in the number of processes (that is, the complexity does not depend on the function which is computed), in contrast to previous approaches.
04 Mar 2006
TL;DR: This paper provides gES protocols for general secure computation, based on a new, concrete number theoretic assumption called the relativized discrete log assumption (rDLA), and provides secure protocols for functionalities in the (limited) client-server framework of [PS05], replacing their hash function assumption with the standard discrete log assumptions.
Abstract: We address the problem of realizing concurrently composable secure computation without setup assumptions. While provably impossible in the UC framework of [Can01], Prabhakaran and Sahai had recently suggested a relaxed framework called generalized Environmental Security (gES) [PS04], as well as a restriction of it to a “client-server” setting based on monitored functionalities [PS05]. In these settings, the impossibility results do not apply, and they provide secure protocols relying on new non-standard assumptions regarding the existence of hash functions with certain properties.
In this paper, we first provide gES protocols for general secure computation, based on a new, concrete number theoretic assumption called the relativized discrete log assumption (rDLA). Second, we provide secure protocols for functionalities in the (limited) client-server framework of [PS05], replacing their hash function assumption with the standard discrete log assumption. Both our results (like previous work) also use (standard) super-polynomially strong trapdoor permutations.
We believe this is an important step towards obtaining positive results for efficient secure computation in a concurrent environment based on well studied assumptions. Furthermore, the new assumption we put forward is of independent interest, and may prove useful for other cryptographic applications.
Patent•
17 Feb 2006TL;DR: In this article, a method and system for determining a shared secret between two entities in a cryptosystem is presented, where a first random secret is selected that is known to the first entity and unknown to the second entity.
Abstract: A method and system are provided for determining a shared secret between two entities in a cryptosystem. A first random secret is selected that is known to the first entity and unknown to the second entity. A first intermediate shared secret component is determined using the first random secret and a system parameter. The first intermediate shared secret component is communicated to the second entity. A second random secret is selected that is known to the second entity, but unknown to the first entity. A second intermediate shared secret component is determined using the second random secret and the system parameter. The second intermediate shared secret component is communicated to the first entity. It is confirmed that both the first entity and the second entity know a non-interactive shared secret. An interactive shared secret is determined using the first random secret, the second random secret, and the system parameter.
TL;DR: An efficient multiparty quantum secret sharing scheme with Greenberger–Horne–Zeilinger (GHZ) states following some ideas in quantum dense coding has the advantage of high capacity as each GHZ state can carry two bits of information.
Abstract: An efficient multiparty quantum secret sharing scheme is proposed with Greenberger–Horne–Zeilinger (GHZ) states following some ideas in quantum dense coding. The agents take the single-photon measurements on the photons received for eavesdropping check and exploit the four local unitary operations I, σz, σx and iσy to code their message. This scheme has the advantage of high capacity as each GHZ state can carry two bits of information. The parties do not need to announce the measuring bases for almost all the photons, which will reduce the classical information exchanged largely. The intrinsic efficiency for qubits and the total efficiency both approach the maximal values.
NEC1
TL;DR: In this paper, the problem of cheating in secret sharing schemes, where individuals submit forged shares in the secret reconstruction phase in an effort to make another participant reconstruct an invalid secret, was considered.
Abstract: We consider the problem of cheating in secret sharing schemes, cheating in which individuals submit forged shares in the secret reconstruction phase in an effort to make another participant reconstruct an invalid secret. We introduce a novel technique which uses universal hash functions to detect such cheating and propose two efficient secret sharing schemes that employ the functions. The first scheme is nearly optimum with respect to the size of shares; that is, the size of shares is only one bit longer than its existing lower bound. The second scheme possesses a particular merit in that the parameter for the probability of successful cheating can be chosen without regard to the size of the secret. Further, the proposed schemes are proven to be secure regardless of the probability distribution of the secret.
TL;DR: This study points out that the mth party (the last party to process the quantum state) of group 1 can maliciously replace the secret message with an arbitrary message without the detection of the other parties.
Abstract: Recently, Yan and Gao [Phys. Rev. A 72, 012304 (2005)] presented a quantum secret sharing protocol which allows a secret message to be shared between two groups of parties (m parties in group 1 and n parties in group 2). Their protocol is claimed to be secure that, except with the cooperation of the entire group 1 or group 2, no subgroup of either group 1 or group 2 can extract the secret message. However, this study points out that the mth party (the last party to process the quantum state) of group 1 can maliciously replace the secret message with an arbitrary message without the detection of the other parties.
TL;DR: A new size-reduced VSS schemes are proposed and the pixel expansion is dramatically decreased by a half, making these schemes impractical for real application.
Abstract: The Visual Secret Sharing (VSS) scheme proposed by Naor and Shamir is a perfectly secure scheme to share a secret image By using m sub pixels to represent one pixel, we encrypt the secret image into several noise-like shadow images The value of m is known as the pixel expansion More pixel expansion increases the shadow size and makes VSS schemes impractical for real application In this paper, we propose new size-reduced VSS schemes and dramatically decrease the pixel expansion by a half
Journal Article•
TL;DR: A novel technique which uses universal hash functions to detect cheating and two efficient secret sharing schemes that employ the functions are proposed that are proven to be secure regardless of the probability distribution of the secret.
Abstract: We consider the problem of cheating in secret sharing schemes, cheating in which individuals submit forged shares in the secret reconstruction phase in an effort to make another participant reconstruct an invalid secret. We introduce a novel technique which uses universal hash functions to detect such cheating and propose two efficient secret sharing schemes that employ the functions. The first scheme is nearly optimum with respect to the size of shares; that is, the size of shares is only one bit longer than its existing lower bound. The second scheme possesses a particular merit in that the parameter for the probability of successful cheating can be chosen without regard to the size of the secret. Further, the proposed schemes are proven to be secure regardless of the probability distribution of the secret.
TL;DR: Based on entanglement swapping, a scheme for the secret sharing of an arbitrary two-particle entangled state is proposed, where the controllers do not co-operate with the eavesdropper and the eaves dropper's successful probability decreases with the number of controllers increasing.
Abstract: Based on entanglement swapping, a scheme for the secret sharing of an arbitrary two-particle entangled state is proposed. If the controllers do not co-operate with the eavesdropper, the eavesdropper's successful probability decreases with the number of the controllers increasing. In addition, only the Bell-state measurements are required to realize the secret sharing scheme.