Showing papers on "Verifiable secret sharing published in 1993"
TL;DR: As the first part of a study of problems involving common randomness at distance locations, information-theoretic models of secret sharing (generating a common random key at two terminals, without letting an eavesdropper obtain information about this key) are considered.
Abstract: As the first part of a study of problems involving common randomness at distance locations, information-theoretic models of secret sharing (generating a common random key at two terminals, without letting an eavesdropper obtain information about this key) are considered. The concept of key-capacity is defined. Single-letter formulas of key-capacity are obtained for several models, and bounds to key-capacity are derived for other models. >
1,471 citations
TL;DR: This work shows that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size, the first proof that there exist access structures for which the best achievable information rate is bounded away from 1.
Abstract: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multiparty secure protocols.
We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures that meets the bound with equality.
282 citations
TL;DR: By observing a simple set-theoretic property of an access structure, this paper proposes its mathematical definition and proves that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.
Abstract: In a secret sharing scheme, a datumd is broken into shadows which are shared by a set of trustees. The family {P?⊆P:P? can reconstructd} is called the access structure of the scheme. A (k, n)-threshold scheme is a secret sharing scheme having the access structure {P?⊆P: |P?|?k}. In this paper, by observing a simple set-theoretic property of an access structure, we propose its mathematical definition. Then we verify the definition by proving that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.
146 citations
22 Aug 1993
TL;DR: This paper establishes a formal setting to study secret sharing schemes in which the dealer has the feature of being able to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets by sending to all participants the same broadcast message.
Abstract: We consider secret sharing schemes in which the dealer has the feature of being able (after a preprocessing stage) to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets (in different time instants) by sending to all participants the same broadcast message. In this paper we establish a formal setting to study such secret sharing schemes. The security of the schemes presented is unconditional, since they are not based on any computational assumption. We give bounds on the size of the shares held by participants and on the site of the broadcast message in such schemes.
81 citations
TL;DR: It is shown that no ℱn secret-sharing scheme over any countable domain exists (for anyn ≥ 2), and noperfect private-key encryption schemes, over the set of all strings, exist.
Abstract: Let ? n be a monotone, nontrivial family of sets over {1, 2, ?,n}. An ? n perfect secret-sharing scheme is a probabilistic mapping of a secret ton shares, such that:
Various secret-sharing schemes have been proposed, and applications in diverse contexts were found. In all these cases the set of secrets and the set of shares are finite.
In this paper we study the possibility of secret-sharing schemes overinfinite domains. The major case of interest is when the secrets and the shares are taken from acountable set, for example all binary strings. We show that no ? n secret-sharing scheme over any countable domain exists (for anyn ? 2).
One consequence of this impossibility result is that noperfect private-key encryption schemes, over the set of all strings, exist. Stated informally, this means that there is no way to encrypt all strings perfectly without revealing information about their length. These impossibility results are stated and proved not only for perfect secret-sharing and private-key encryption schemes, but also for wider classes--weak secret-sharing and private-key encryption schemes.
We constrast these results with the case where both the secrets and the shares are real numbers. Simple perfect secret-sharing schemes (and perfect private-key encryption schemes) are presented. Thus, infinity alone does not rule out the possibility of secret sharing.
51 citations
06 Dec 1993
TL;DR: The problem of secret sharing schemes (555) in the case where all sharing functions are linear maps over a finite field is investigated and the nonexistence of an ideal threshold linear 555 for the cases where the number of participants is twice as large as thenumber of possible values of a secret is shown.
Abstract: The problem of secret sharing schemes (555) in the case where all sharing functions are linear maps over a finite field is investigated. We evaluate the performance of linear secret sharing schemes using the tools of linear algebra and coding theory. In particular, the nonexistence of an ideal threshold linear 555 for the case where the number of participants is twice as large as the number of possible values of a secret is shown.
43 citations
TL;DR: Upper bounds on both the number of participants in total and in the lower level are presented, which constitute the only nontrivial cases, and examples for the extremal cases are constructed.
Abstract: In this paper, using recent results in finite geometry, we study a certain class of 2-level shared secret schemes. We shall present upper bounds on both the number of participants in total and on the number of participants in the lower level, which constitute the only nontrivial cases, and construct examples for the extremal cases.
35 citations
19 Jul 1993
TL;DR: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any non-qualified subset has absolutely no information on the secret.
Abstract: A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any non-qualified subset has absolutely no information on the secret
23 citations
01 Dec 1993
TL;DR: A verifiable secret sharing scheme for a class of geometry-based secret sharing schemes based on finite geometries that provides verifiable sharing of secrets according to general monotone access structures and relies on the homomorphic properties of the discrete exponentiation and therefore on the cryptographic security ofThe discrete logarithm.
Abstract: Several verifiable secret sharing schemes for threshold schemes based on polynomial interpolation have been presented in the literature. Simmons and others introduced secret sharing (also called shared control) schemes based on finite geometries, which allow istributing a secret according to any monotone access structure.In this paper we present a verifiable secret sharing scheme for a class of these geometry-based secret sharing schemes, which thus provides verifiable sharing of secrets according to general monotone access structures.Our scheme relies on the homomorphic properties of the discrete exponentiation and therefore on the cryptographic security of the discrete logarithm. The version based on Simmons' scheme is non-interactive.
13 citations
01 Jan 1993
TL;DR: A secret sharing scheme is a method for dividing a secret key k among a set P of participants in such a way that any set A ⊆ P, which is not qualified to know the secret, has absolutely no information on k.
Abstract: A secret sharing scheme is a method for dividing a secret key k among a set P of participants in such a way that: if the participants in A ⊆ P are qualified to know the secret they can reconstruct the secret key k; but any set A ⊆ P, which is not qualified to know the secret, has absolutely no information on k.
10 citations
Book•
01 Nov 1993
TL;DR: Public-key cryptosystem based on the discrete logarithm problem, including a modular exponentiation unit based on systolic arrays, and the design of a conference key distribution system.
Abstract: Threshold cryptosystems.- Authentication codes with perfect protection.- Practical proven secure authentication with arbitration.- Authentication codes under impersonation attack.- Cumulative arrays and geometric secret sharing schemes.- Nonperfect secret sharing schemes.- A construction of practical secret sharing schemes using linear block codes.- HAVAL - A one-way hashing algorithm with variable length of output (extended abstract).- On the power of memory in the design of collision resistant hash functions.- A practical digital multisignature scheme based on discrete logarithms (extended abstract).- Group-oriented undeniable signature schemes without the assistance of a mutually trusted party.- Highly nonlinear 0-1 balanced boolean functions satisfying strict avalanche criterion (extended abstract).- Linear nonequivalence versus nonlinearity.- Constructing large cryptographically strong S-boxes.- Nonasymptotic estimates of information protection efficiency for the wire-tap channel concept.- Cryptanalysis of LOKI 91.- Cryptanalysis of summation generator.- Secure addition sequence and its applications on the server-aided secret computation protocols.- Subliminal channels for signature transfer and their application to signature distribution schemes.- A practical secret voting scheme for large scale elections.- Privacy for multi-party protocols.- New protocols for electronic money.- Modelling and analyzing cryptographic protocols using Petri nets.- On verifiable implicit asking protocols for RSA computation.- Modified Maurer-Yacobi's scheme and its applications.- The vulnerability of geometric sequences based on fields of odd characteristic.- A fast cryptographic checksum algorithm based on stream ciphers.- An approach to the initial state reconstruction of a clock-controlled shift register based on a novel distance measure.- Construction of m-ary de Bruijn sequences (extended abstract).- Information technology security standards - An Australian perspective.- Non-interactive generation of shared pseudorandom sequences.- A generalized description of DES-based and Benes-based permutationgenerators.- Prime generation with the Demytko-Miller-Trbovich algorithm.- Constructions of feebly-one-way families of permutations.- On bit correlations among preimages of "Many to one" One-way functions.- The fast cascade exponentiation algorithm and its applications on cryptography.- The design of a conference key distribution system.- Remarks on "The design of a Conference Key Distribution System".- Public-key cryptosystem based on the discrete logarithm problem.- Elliptic curves over F p suitable for cryptosystems.- The probability Distribution of the Diffie-Hellman Key.- A modular exponentiation unit based on systolic arrays.- A comparison of key distribution patterns constructed from circle geometries.- A block cipher method using combinations of different methods under the control of the user key.- An attack on two hash functions by Zheng-Matsumoto-Imai.- Primality testing with Lucas functions.
Proceedings Article•
01 Jan 1993
TL;DR: This paper investigates an approach for proving correctness of distributed programs under an assumed data-exchange capability using the ASLAN specification language and develops a high-level specification based on a generalized communications model from which the MPI model may be derived.
Abstract: Distributed programs are dependent on explicit message passing between disjoint components of the computation. This paper is concerned with investigating an approach for proving correctness of distributed programs under an assumed data-exchange capability. Stated informally, the data exchange assumption is that every message is passed correctly, i.e., neither lost nor corrupted. One approach for constructing a proof under this assumption would be to embed an abstract model of the data communications mechanism into the program specification. The Message Passing Interface (MPI) standard provides a basis for such a modal. In support of our investigations, we have developed a high-level specification using the ASLAN specification language. Our specification is based on a generalized communications model from which the MPI modelmay be derived. We describe the specification of this model and an approach to the specification of distributed programs with explicit message passing based on a verifiable data exchange model.
Proceedings Article•
01 Jan 1993
TL;DR: A method to obtain verifiable implicit asking protocols highly secure against passive attacks by modifying some base protocols which are fast enough but not completely free from passive attacks since sending to Server some information not independent from d is sent.