Showing papers on "Verifiable secret sharing published in 1997"

Constructions and Properties of k out of nVisual Secret Sharing Schemes

Abstract: The idea of visual k out of n secret sharing schemes was introduced in Naor. Explicit constructions for k = 2 and k = n can be found there. For general k out of n schemes bounds have been described. Here, two general k out of n constructions are presented. Their parameters are related to those of maximum size arcs or MDS codes. Further, results on the structure of k out of n schemes, such as bounds on their parameters, are obtained. Finally, the notion of coloured visual secret sharing schemes is introduced and a general construction is given.

An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement

Abstract: Broadcasting guarantees the recipient of a message that everyone else has received the same message. This guarantee no longer exists in a setting in which all communication is person-to-person and some of the people involved are untrustworthy: though he may claim to send the same message to everyone, an untrustworthy sender may send different messages to different people. In such a setting, Byzantine agreement offers the "best alternative" to broadcasting. Thus far, however, reaching Byzantine agreement has required either many rounds of communication (i.e., messages had to be sent back and forth a number of times that grew with the size of the network) or the help of some external trusted party. In this paper, for the standard communication model of synchronous networks in which each pair of processors is connected by a private communication line, we exhibit a protocol that, in probabilistic polynomial time and without relying on any external trusted party, reaches Byzantine agreement in an expected constant number of rounds and in the worst natural fault model. In fact, our protocol successfully tolerates that up to 1/3 of the processors in the network may deviate from their prescribed instructions in an arbitrary way, cooperate with each other, and perform arbitrarily long computations. Our protocol effectively demonstrates the power of randomization and zero-knowledge computation against errors. Indeed, it proves that "privacy" (a fundamental ingredient of one of our primitives), even when is not a desired goal in itself (as for the Byzantine agreement problem), can be a crucial tool for achieving correctness. Our protocol also introduces three new primitives---graded broadcast, graded verifiable secret sharing, and oblivious common coin---that are of independent interest, and may be effectively used in more practical protocols than ours.

The Size of a Share Must Be Large

Abstract: A secret sharing scheme permits a secret to be shared among participants of an n-element group in such a way that only qualified subsets of participants can recover the secret. If any nonqualified subset has absolutely no information on the secret, then the scheme is called perfect. The share in a scheme is the information that a participant must remember. In [3] it was proved that for a certain access structure any perfect secret sharing scheme must give some participant a share which is at least 50\percent larger than the secret size. We prove that for each n there exists an access structure on n participants so that any perfect sharing scheme must give some participant a share which is at least about $n/\log n$ times the secret size.^1 We also show that the best possible result achievable by the information-theoretic method used here is n times the secret size. ^1 All logarithms in this paper are of base 2.

Strategic information transmission with verifiable messages

Abstract: IF THE SENDER'S PREFERENCES are monotonic in the Receiver's action, then it is known that the Sender reveals its type in every sequential equilibrium of a Sender-Receiver game with verifiable messages (see, e.g., Milgrom (1981)). Monotonicity is a natural condition in social situations such as buyer-seller relationships; but there are obviously other situations in which the ideal action for a Sender varies with its type. Accordingly, we generalize Milgrom's result by replacing monotonicity with more general conditions on the Sender's preferences, which are sufficient for existence and uniqueness of a fully revealing equilibrium in verifiable message games. These conditions include all games in which preferences satisfy the conditions which Crawford-Sobel (1982) imposed on cheap talk games.

Tight Bounds on the Information Rate of Secret SharingSchemes

Abstract: A secret sharing scheme is a protocol by means of which a dealer distributes a secret s among a set of participants P in such a way that only qualified subsets of P can reconstruct the value of s whereas any other subset of P, non-qualified to know s, cannot determine anything about the value of the secret. In this paper we provide a general technique to prove upper bounds on the information rate of secret sharing schemes. The information rate is the ratio between the size of the secret and the size of the largest share given to any participant. Most of the recent upper bounds on the information rate obtained in the literature can be seen as corollaries of our result. Moreover, we prove that for any integer d there exists a d-regular graph for which any secret sharing scheme has information rate upper bounded by 2/(d+1). This improves on van Dijk‘s result dik and matches the corresponding lower bound proved by Stinson in [22].

Statistical zero knowledge protocols to prove modular polynomial relations

Abstract: This paper proposes a bit commitment scheme, BC(.), and efficient statistical zero knowledge (in short, SZK) protocols in which, for any given multi-variable polynomial f(X 1 ,...,X t ) and any given modulus n, prover P gives (I 1 ,...,I t ) to verifier V and can convince V that P knows (x 1 ,...,x t ) satisfying f(x 1 ,...x t )? 0 (mod n) and I i = BC(x i ), (i = 1,.., t). The proposed protocols are O(|n|) times more efficient than the corresponding previous ones [Dam93, Dam95, Oka95]. The (knowledge) soundness of our protocols holds under a computational assumption, the intractability of a modified RSA problem (see Def.3), while the (statistical) zero-knowledgeness of the protocols needs no computational assumption. The protocols can be employed to construct various practical cryptographic protocols, such as fair exchange, untraceable electronic cash and verifiable secret sharing protocols.

A Linear Construction of Secret Sharing Schemes

Abstract: In this paper, we will generalize the vector space construction due to Brickell. This generalization, introduced by Bertilsson, leads to secret sharing schemes with rational information rates in which the secret can be computed efficiently by each qualified group. A one to one correspondence between the generalized construction and linear block codes is stated, and a matrix characterization of the generalized construction is presented. It turns out that the approach of minimal codewords by Massey is a special case of this construction. For general access structures we present an outline of an algorithm for determining whether a rational number can be realized as information rate by means of the generalized vector space construction. If so, the algorithm produces a secret sharing scheme with this information rate.

Secret sharing in graph-based prohibited structures

Abstract: A secret sharing scheme for the prohibited structure is a method of sharing a master key among a finite set of participants in such a way that only certain pre-specified subsets of participants cannot recover the master key. A secret sharing scheme is called perfect if any subset of participants who cannot recover the master key obtain no information regarding the master key. In this paper, we propose an efficient construction of perfect secret sharing schemes for graph-based prohibited structures where a vertex denotes a participant and an edge denotes a pair of participants who cannot recover the master key. The information rate of our scheme is 2/n, where n is the number of participants.

Digital signature method and communication system

Abstract: A system for enabling verified or verifiable communications while maintaining anonymity, in which a common public parameter, such as a prime number, and a registered signature are changed, respectively, by a specifier and a signer to provide a digital signature which accompanies a message sent from the signer to a verifier.

Secret Sharing with Reusable Polynomials

Abstract: We present a threshold secret sharing scheme based on polynomial interpolation and the Diffie-Hellman problem In this scheme shares can be used for the reconstruction of multiple secrets, shareholders can dynamically join or leave without distributing new shares to the existing shareholders, and shares can be individually verified during both share distribution and secret recovery

An open secret.

Abstract: Some people may be laughing when looking at you reading in your spare time. Some may be admired of you. And some may want be like you who have reading hobby. What about your own feel? Have you felt right? Reading is a need and a hobby at once. This condition is the on that will make you feel that you must read. If you know are looking for the book enPDFd the open secret as the choice of reading, you can find here.

Generalized secret sharing and group-key distribution using short keys

Abstract: We relate two basic primitives: generalized secret sharing and group-key distribution. We suggest cryptographic implementations for both and show that they are provably secure according to exact definitions and assumptions given in the present paper. Both solutions require small secret space (namely, short keys). We first consider secret sharing with arbitrary access structures which is a basic primitive for controlling retrieval of secret information. We consider the computational security model, where cryptographic assumptions are allowed. Our design of a general secret-sharing scheme requires considerably less secure memory (i.e., shorter keys) than before. We then introduce the notion of a (single source) group-key distribution protocol which allows a center in an integrated network to securely and repeatedly send different keys to different groups. Such a capability is of increasing importance as it is a building block for secret information dissemination to various groups of participants in the presence of eavesdropping in a network environment. There are only a few previous investigations concerning this primitive and they either require a large amount of storage of secret information (due to their information theoretic security model) or lack rigorous definitions and proofs of security. We base both primitives on pseudo-random functions. We prove that the two are related; we give a reduction showing that group-key distribution implies secret-sharing under pseudo-random functions (i.e., one-way functions).

Verifiable Escrowed Signature

Abstract: We combine a publicly verifiable encryption technique and a Schnorr type signature scheme to achieve a verifiable escrowed signature scheme. The scheme allows a signer to convince a verifier the validity of a signature without letting him see the signature value. The unavailable but verifiable signature is encrypted under a public key of someone (e.g., a trusted third party) who stays off-line. The technique will have useful applications in such as fair exchange of contracts between two untrusted parties without using on-line help of a commonly trusted third party, and fair escrow cryptosystems using off-line escrow agents.

On Ideal Non-perfect Secret Sharing Schemes

Abstract: This paper first extends the result of Blakley and Kabatianski [3] to general non-perfect SSS using information-theoretic arguments Furthermore, we refine Okada and Kurosawa's lower bound [12] into a more precise information-theoretic characterization of non-perfect secret sharing idealness We establish that in the light of this generalization ideal schemes do not always have a matroidal morphology As an illustration of this result, we design an ad-hoc ideal non-perfect scheme and analyze it in the last section

Span Programs and General Secure Multi-Party Computation

Abstract: The contributions of this paper are three-fold First, as an abstraction of previously proposed cryptographic protocols we propose two cryptographic primitives: homomorphic shared commitments and linear secret sharing schemes with an additional multiplication property We describe new constructions for general secure multi-party computation protocols, both in the cryptographic and the information-theoretic (or secure channels) setting, based on any realizations of these primitives Second, span programs, a model of computation introduced by Karchmer and Wigderson, are used as the basis for constructing new linear secret sharing schemes, from which the two above-mentioned primitives as well as a novel verifiable secret sharing scheme can efficiently be realized Third, note that linear secret sharing schemes can have arbitrary (as opposed to threshold) access structures If used in our construction, this yields multi-party protocols secure against general sets of active adversaries, as long as in the cryptographic (information-theoretic) model no two (no three) of these potentially misbehaving player sets cover the full player set This is a strict generalization of the threshold-type adversaries and results previously considered in the literature While this result is new for the cryptographic model, the result for the information-theoretic model was previously proved by Hirt and Maurer However, in addition to providing an independent proof, our protocols are not recursive and have the potential of being more efficient

Mutually Trusted Authority-Free Secret Sharing Schemes

Abstract: Traditional secret sharing schemes involve the use of a mutually trusted authority to assist in the generation and distribution of shares that will allow a secret to be protected among a set of participants. In contrast, this paper addresses the problem of establishing secret sharing schemes for a given access structure without the use of a mutually trusted authority. A general protocol is discussed and several implementations of this protocol are presented. Several efficiency measures are proposed and we consider how to refine the general protocol in order to improve the efficiency with respect to each of the proposed measures. Special attention is given to mutually trusted authority-free threshold schemes. Constructions are presented for such threshold schemes that are shown to be optimal with respect to each of the proposed efficiency measures.

V-fairness (t, n) secret sharing scheme

Abstract: All secret sharing schemes proposed to date are not really fair on reconstructing a secret since there exists a probability /spl epsiv/, /spl epsiv/>0, such that a dishonest shareholder can obtain the secret while honest ones cannot. The paper proposes a V-fairness (t, n) secret sharing scheme, VFSS scheme, such that all shareholders have an equal probability of obtaining the secret without releasing their shadows simultaneously, even if V, V

Secret sharing in hierarchical groups

Abstract: We introduce the idea of hierarchical delegation within a secret sharing scheme and consider solutions with both conditional and unconditional security.

Remarks on the multiple assignment secret sharing scheme

Abstract: The paper analyses the multiple assignment secret sharing scheme, presented at the GLOBECOM'87 Conference, and contains three technical comments. First it is proved that the proposed multiple assignment secret sharing scheme is not perfect. In fact, the non-perfectness of the scheme is due to the non-perfectness of a certain type of Shamir secret sharing scheme defined in the paper. Next, it is shown that both the extended multiple assignment secret sharing scheme and the extended Shamir secret sharing scheme are not secure, i.e., unauthorized sets of participants can recover the secret.

Publicly verifiable partial key escrow

Abstract: A partial key escrow cryptosystem based on publicly verifiable encryption is proposed. Partial key escrow adds a great deal of difficulty to mass privacy intrusion interested by malicious authorities (e.g., a human rights abusive government. Public verifiability improves efficiency and guarantees correctness in the establishment of partially escrowed key.

Design and Analyses of Two Basic Protocols for Use in TTP-Based Key Escrow

Abstract: In this paper, we study two basic protocols which are important in realizing TTP-based key escrow systems. A TTP-based key escrow system was studied in [3] under the scenario of multiple domains (e.g., countries), where a protocol based on verifiable secret sharing scheme was proposed to transfer a shared secret from one set of TTPs to another set of TTPs. However, the protocol only allows one step transfer, i.e., transfer a shared secret from set A to set B, but the same shared secret can not be further transferred from B to any other set. Our first protocol improves the protocol in [3] to allow multiple step transfers. The problem of subliminal channel in key escrow was studied in [10] and

Binding Bit Patterns to Real World Entities

Abstract: Public key cryptography is often used to verify the integrity of a piece of data, or more generally to ensure that operations which modify the data have been requested and carried out by principals who are authorized to do so. This requires keys to be bound to principals in an unforgetably verifiable manner.

On the decomposition constructions for perfect secret sharing schemes

Abstract: We propose the concept of weight-decomposition construction for perfect secret sharing schemes. This construction is more general than previous constructions. Based on the weight-decomposition construction, we improve the information rate in 4 cases of the left unsolved 18 cases of secret sharing schemes for connected graphs on six vertices. In addition, we also propose some efficient decomposition constructions for perfect secret sharing schemes with access structures of constant rank. Compared with the best previous constructions, our constructions have some improved lower bounds on the information rate.

Information and Communications Security: First International Conference, ICIS'97, Beijing, China, November 11-14, 1997, Proceedings

Abstract: Minimizing the use of random oracles in authenticated encryption schemes.- Zero-knowledge proofs of decision power: New protocols and optimal round-complexity.- Computational learning theoreitc cryptanalysis of language theoretic cryptosystems.- A language for specifying sequences of authorization transformations and its applications.- On the decomposition constructions for perfect secret sharing schemes.- Traceable visual cryptography.- Remarks on the multiple assignment secret sharing scheme.- Secret sharing in hierarchical groups.- Stateless connections.- Design of a security platform for CORBA based application.- Secure document management and distribution in an open network environment.- A 2-code = Affine resolvable + BIBD.- Multisender authentication systems with unconditional security.- Proposal of user identification scheme using mouse.- An effective genetic algorithm for finding highly nonlinear boolean functions.- Duality of Boolean functions and its cryptographic significance.- Construction of correlation immune Boolean functions.- An improved key stream generator based on the programmable cellular automata.- A trust policy framework.- Critical analysis of security in voice hiding techniques.- Two efficient RSA multisignature schemes.- Proxy signatures, revisited.- Related-key cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA.- A multiplication-addition structure against differential attack.- On strict estimation method of provable security against differential and linear cryptanalysis.- Improved fast software implementation of block ciphers (Extended abstract).- Security comments on the Hwang-Chen algebraic-code cryptosystem.- Efficient elliptic curve exponentiation.- Efficient construction of secure hyperelliptic discrete logarithm problems.- A new and optimal chosen-message attack on RSA-type cryptosystems.- On weak RSA-keys produced from pretty good privacy.- Self-synchronized message randomization methods for subliminal channels.- Hiding the hidden: A software system for concealing ciphertext as innocuous text.- Digital signature and public key cryptosystem in a prime order subgroup of Z n * .- Trapdoor one-way permutations and multivariate polynomials.- Asymmetric cryptography with S-Boxes Is it easier than expected to design efficient asymmetric cryptosystems?.- On the powerline system.- Making unfair a "Fair" blind signature scheme.- Enforcing traceability in software.- Publicly verifiable partial key escrow.- A secure code for recipient watermarking against conspiracy attacks by all users.- Protocols for Issuing public-key certificates over the Internet.- Distributed cryptographic function application protocols.- Fault tolerant anonymous channel.- An Implementable scheme for secure delegation of computing and data.- Electronic commerce with secure intelligent trade agents.- Efficient scalable fair cash with off-line extortion prevention.- An anonymous and undeniable payment scheme.