Showing papers on "Verifiable secret sharing published in 2001"

A verifiable secret shuffle and its application to e-voting

Abstract: We present a mathematical construct which provides a cryptographic protocol to verifiably shuffle a sequence of k modular integers, and discuss its application to secure, universally verifiable, multi-authority election schemes. The output of the shuffle operation is another sequence of k modular integers, each of which is the same secret power of a corresponding input element, but the order of elements in the output is kept secret. Though it is a trivial matter for the "shuffler" (who chooses the permutation of the elements to be applied) to compute the output from the input, the construction is important because it provides a linear size proof of correctness for the output sequence (i.e. a proof that it is of the form claimed) that can be checked by an arbitrary verifiers. The complexity of the protocol improves on that of Furukawa-Sako[16] both measured by number of exponentiations and by overall size.The protocol is shown to be honest-verifier zeroknowledge in a special case, and is computational zeroknowledge in general. On the way to the final result, we also construct a generalization of the well known Chaum-Pedersen protocol for knowledge of discrete logarithm equality [10], [7]. In fact, the generalization specializes exactly to the Chaum-Pedersen protocol in the case k = 2. This result may be of interest on its own.An application to electronic voting is given that matches the features of the best current protocols with significant efficiency improvements. An alternative application to electronic voting is also given that introduces an entirely new paradigm for achieving Universally Verifiable elections.

The round complexity of verifiable secret sharing and secure multicast

Abstract: The round complexity of interactive protocols is one of their most important complexity measures. In this work we study the exact round complexity of two basic secure computation tasks: Verifiable Secret Sharing (VSS) and Secure Multicast.VSS allows a dealer to share a secret among several players in a way that would later allow a unique reconstruction of the secret. It is a well-studied primitive, which is used as a building block in virtually every general protocol for secure multi-party computation. Secure multicast is perhaps the simplest non-trivial instance of a secure computation. It allows a dealer to securely distribute an identical message to all players in a prescribed subset M. Both types of protocols are parameterized by the number of players, n, and a security threshold, t, which bounds the total number of malicious players (possibly including the dealer).We focus on a standard setting of perfect information-theoretic security, where all players have access to secure point-to-point channels and a common broadcast medium. For both types of primitives we prove, using related techniques, tight tradeoffs between the round complexity and the achievable security threshold. Specifically, for the VSS problem we show:2-round VSS is possible iff n>4t, where the ``if'' direction is realized by an efficient protocol.3-round VSS is possible iff n>3t, where the ``if'' direction is realized by an inefficient protocol.4-round efficient VSS is possible if n>3t.For the secure multicast problem we show:2-round secure multicast is (efficiently) possible iff

Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections

Abstract: A cryptographic process permits one to verifiably shuffle a series of input data elements. One or more authorities or individuals 'shuffle', or 'anonymize' the input data (e.g. public keys in discrete log form or ElGamal encrypted ballot data). The process includes a validity construction that prevents any one or more of the authorities or individuals from making any changes to the original data without being discovered by anyone auditing a resulting proof transcipt. The shuffling may be performed at various times. In the election example, the shuffling may be performed, e.g., after ballots are collected or during the registration, or ballot request phase of the election, thereby anonymizing the identities of the voters.

Improving quantum secret-sharing schemes

Abstract: We propose a protocol that enables a dealer to share a quantum secret with n players using less than n quantum shares for several access structures. For threshold schemes we derived an expression that shows how many quantum shares can be saved in this scheme. Also, several features that are available for classical secret-sharing schemes (and previously not known to be possible for quantum secret-sharing) become available with this protocol.

Information recording medium, information processing apparatus and method, program recording medium, and information processing system

Abstract: A ticket issuing device issues a highly convenient electronic ticket. The electronic ticket is formed of validity data and information to be validated. The validity data includes a secret key to which an algorithm whose presence is verifiable without being exposed is applicable. The information to be validated includes a public key corresponding to the secret key for verifying the presence of the secret key. The information is validated by the validity data. A ticket storage device generates a digital signature for verifying the presence of the secret key in the validity data, and sends the digital signature together with the information to be validated to a ticket checking device. The ticket checking device determines the presence of the secret key in the ticket storage device by using the digital signature from the ticket storage device and the public key contained in the information to be validated.

Efficient techniques for sharing a secret

Abstract: An n person secret sharing solution computes n unique keys to be distributed to the secret owners along with an exponentiated version of the secret. The custodian performs an exponent/modulo operation each time one of the keys is received from one of the secret owners. Alternatively, n+1 keys are created by the custodian, and the custodian retains one key after distributing the remaining n keys to the secret owners. After the custodian has received and processed the n keys from the secret owners, he performs an exponent/modulo operation using his own retained key. According to another aspect, a k out of n secret sharing solution involves computing and storing a database having an entry for each unique combination of k keys that could be returned from among the n keys. After k keys have been received, the custodian looks up in the database the entry corresponding to the particular unique combination of secret owners who returned keys. The custodian performs another exponent/modulo operation using the entry retrieved from the database in order to reconstruct the original secret. According to an embodiment, the custodian computes n+1 keys, distributes n of the keys to the secret owners, and keeps one of the keys for himself. The custodian retrieves his own key and performs a final exponent/modulo operation in order to reconstruct the original secret. According to another aspect, a k out of n secret sharing solution involves encrypting the original secret before applying any conventional k out of n secret sharing solution.

On the Composition of Matroids and Ideal Secret Sharing Schemes

Abstract: In an ideal secret sharing scheme, the access structure is uniquely determined by its minimal sets \Delta_s. The purpose of this paper is to characterise \Delta_s. We introduce the concept of strong connectivity and show that under this equivalence relation, an ideal secret sharing scheme decomposes into threshold schemes. We also give a description of the minimal sets that span the strong connectivity classes. As a result we obtain a necessary condition on the types of subsets that are allowed in an ideal access structure as well as an upper bound on the number of such access structures.

Multi-party Quantum Computation

Abstract: We investigate definitions of and protocols for multi-party quantum computing in the scenario where the secret data are quantum systems. We work in the quantum information-theoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of verifiable quantum secret sharing, we give a protocol which tolerates any t < n/4 cheating parties (out of n). This is shown to be optimal. We use this new tool to establish that any multi-party quantum computation can be securely performed as long as the number of dishonest players is less than n/6.

Efficient and Unconditionally Secure Verifiable Threshold Changeable Scheme

Abstract: In this paper, we describe how to construct an efficient and unconditionally secure verifiable threshold changeable scheme, in which any participants can verify whether the share given by the dealer is correct or not, in which the combiner can verify whether the pooled shares are correct or not, and in which the threshold can be updated plural times to the values determined in advance. An optimal threshold changeable scheme was defined and given by Martin et. al., and an unconditionally secure verifiable threshold scheme was given by Pedersen. Martin's scheme is based on Blakley's threshold scheme whereas Pedersen's is based on Shamir's. Hence these two schemes cannot directly be combined. Then we first construct an almost optimal threshold changeable scheme based on Shamir's, and after that using Pedersen's scheme, construct a unconditionally secure verifiable threshold scheme in which the threshold can be updated plural times, say N times. Furthermore, our method can decrease the amount of information the dealer has to be publish, comparing with simply applying Pedersen's scheme N times.

A PVSS as Hard as Discrete Log and Shareholder Separability

Abstract: A Publicly Verifiable Secret Sharing (PVSS)sc heme allows a prover to verifiably prove that a value with specific properties is shared among a number of parties. This verification can be performed by anyone. Stadler introduced a PVSS for proving that the discrete log of an element is shared [S96], and based the PVSS on double-decker exponentiation. Schoenmakers recently presented a PVSS scheme that is as hard to break as deciding Diffie-Hellman (DDH)[Sc h99]. He further showed how a PVSS can be used to improve on a number of applications: fair electronic cash (with anonymity revocation), universally verifiable electronic voting, and software key escrow schemes. When the solution in [Sch99] is used for sharing a key corresponding to a given public key, the double-decker exponentiation method and specific assumptions are still required. Here we improve on [Sch99] and present a PVSS for sharing discrete logs that is as hard to break as the Discrete-Log problem itself, thus weakening the assumption of [Sch99]. Our solution differs in that it can be used directly to implement the sharing of private keys (avoiding the double decker methods). The scheme can therefore be implemented with any semantically secure encryption method (paying only by a moderate increase in proof length). A major property of our PVSS is that it provides an algebraic decoupling of the recovering participants (who can be simply represented by any set of public keys)from the sharing operation. Thus, our scheme diverts from the traditional polynomial-secret-sharing-based VSS. We call this concept Separable Shareholders.

Cheating Immune Secret Sharing

Abstract: We consider secret sharing with binary shares. This model allows us to use the well developed theory of cryptographically strong boolean functions. We prove that for given secret sharing, the average cheating probability over all cheating and original vectors, i.e., ? = 1/n ? 2-n?c=1n???Vn ?c,? satisfies ? ?= 1/2, and the equality holds ? ?c,? satisfies ?c,? = 1/2 for every cheating vector ?c and every original vector ?. In this case the secret sharing is said to be cheating immune. We further establish a relationship between cheating-immune secret sharing and cryptographic criteria of boolean functions. This enables us to construct cheating-immune secret sharing.

Constructions of Cheating Immune Secret Sharing

Abstract: The work addresses the problem of cheating prevention in secret sharing. Two cheating scenarios are considered. In the first one, the cheaters always submit invalid shares to the combiner. In the second one, the cheaters collectively decide which shares are to be modified so the combiner gets a mixture of valid and invalid shares from the cheaters. The secret scheme is said to be k-cheating immune if any group of k cheaters has no advantage over honest participants. The paper investigates cryptographic properties of the defining function of secret sharing so the scheme is k-cheating immune. Constructions of secret sharing immune against k cheaters are given.

New method of secret image sharing based upon vector quantization

Abstract: Like data encryption, secret sharing is an important method of protecting secret messages. However, the basic ideas of secret sharing and data encryption are radically different. In this paper, a new method for secret sharing is proposed that focuses on image data. It is called the virtual image sharing method (VISM). It is basically derived from the virtual image cryptosystem. According to our experiments and security analyses, VISM can divide a secret image into a large number of different shadows which are guaran- teed to be significant images. Illegal users cannot detect whether they are real images or not. VISM also guarantees the security of the secret image because no one is able to reconstruct any piece of the secret image without possessing all of the shadows. Besides camouflage and security, VISM has two other benefits. One is its compression ability. The total size of shadows can be smaller than that of the secret image. The other benefit is its efficiency. VISM avoids the painstaking task of applying complex operations or tech- niques. © 2001 SPIE and IS&T. (DOI: 10.1117/1.1407823)

Design, analysis and applications of cryptographic techniques

Abstract: Cryptographic techniques, such as encipherment, digital signatures, key management and secret sharing schemes, are important building blocks in the implementation of all security services. In this thesis, we present a general model for online secret sharing schemes and investigate the design of online secret sharing schemes which are derived from this model such as Cachin and Pinch’s schemes [13, 48]. We propose a modified version of the Pinch multiple secret sharing protocol, which identifies all cheaters, regardless of their number, improving on previous results by Ghodosi et al. [21]. A new scheme is then proposed for computationally secure online secret sharing, in which the shares of the participants can be reused. The security of the scheme is based on the intractability of factoring. This scheme has the advantage that it detects cheating and it enables the identification of all cheaters by an arbitrator, regardless of their number. The scheme does not rely on a “last participant” who reconstructs the secret on behalf of a minimal trusted set: the responsibility is diffused among all participants. In addition, we cryptanalyse the recently proposed signature scheme by Shao, based on the discrete logarithm problem, and show it is subject to homomorphism attacks, despite a claim in [54] to the contrary. Moreover, we show that there are major differences between a digital signature with message recovery scheme and an authenticated encryption scheme and point out that the signature with message recovery scheme that was recently proposed by Chen [14] is actually not a signature scheme. It would more accurately be described as an authenticated encryption scheme. Furthermore, we propose a modification to the Helsinki protocol [5] which prevents 2 attacks by an adversary. Some of the material in Chapters 2, 3 and 4 of the thesis has appeared in published papers [40, 41, 59, 60, 61].

A Prepositioned Secret Sharing Scheme for Message Authentication in Broadcast Networks

Abstract: In modem electronic distribution networks, message authentication is an important objective of information security. This objective is met by providing the receiver of a message an assurance of the sender’s identity. As physical protection such as sealed envelopes is not possible for messages expressed as binary sequences, digital tools have been developed using cryptography. A major limitation of all cryptographic methods for message authentication lies in their use of algorithms with fixed symmetric or public keys. We describe a new key transport scheme, based on secret sharing, which not only allows each new message to be authenticated with a new key, but also generates different authentication keys for different groups of receivers in broadcast networks.

A Generalized Secret Image Sharing and Recovery Scheme

Abstract: The secret sharing is an important issue in confirming the security of confidential information. This paper proposes a generalized sharing and recovery scheme suitable for secret images. The scheme coalesces vector quantization (VQ) compression technique and conventional generalized secret sharing scheme to produce pseudo codebooks out of the secret codebook used for compressing the secret image. Every pseudo codebook is held by a participant of the generalized access structure for secret sharing. On the other hand, the secret image can be only recovered by all participants, who belong to the same qualified subgroup of the generalized access structure, to work together with their possessed pseudo codebooks.

A trustworthy Internet auction model with verifiable fairness

Abstract: Describes a novel Internet auction model achieving verifiable fairness, a requirement aimed at enhancing the trust of bidders in auctioneers. Distrust in remote auctioneers prevents bidders from participating in Internet auctioning. According to proposed survey reports, this study presents four characteristics that render the Internet untrustworthy for bidders. These intrinsic properties suggest that auction sites not only follow auction policies, but provide customers with evidence validating that the policies are applied fairly. Evidence of verifiable fairness provides bidders with a basis for confidence in Internet auctions. Cryptographic techniques are also applied herein to establish a novel auction model with evidence to manifest and verify every step of the auctioneer. Analysis results demonstrate that the proposed model satisfies various requirements regarding fairness and privacy. Moreover, in the proposed model, the losing bids remain sealed.

Nonlinear secret sharing immune against cheating

Abstract: The paper investigates the design of secret sharing that is immune against cheating (as defined by the Tompa-Woll attack) We examine secret sharing with binary shares and secrets Bounds on the probability of successful cheating are given for two cases The first case relates to secret sharing based on bent functions and results in a non-perfect scheme The second case considers perfect secret sharing built on highly nonlinear balanced Boolean functions

Object authentification method using printed binary code and computer registry

Abstract: A binary code printed upon documents and articles includes: an origin code referring to pertinent data including category, creator identity, creation time; and an algorithm derived authentification code based upon the origin code. A world wide web (WWW) accessible registry provides authentification with input of the origin and authentification codes. A third ownership code possesses status which is similarly accessible. The authentification code is verified algorithmically from the origin code. Ownership code status indicates, at minimum, ‘home’ or ‘field’ for paper currency and ‘inventory’ or ‘sold’ for goods which status is only modifiable by authorized access. For suitable categories a secret code is available to the first purchaser after authorized release from inventory with WWW input of the printed origin and authentification binary code. This secret code is inaccessible without input of the full trinary code including the secret code. Ownership is hence verifiable and subsequent purchasers may replace the secret code with disclosure of the predecessor which capability verifies registered ownership.

How to Stop a Cheater: Secret Sharing with Dishonest Participation

Abstract: Excellence in Undergraduate Research. Keywords: Cryptography, secret sharing, distributed security, simultaneously exchange, zero-exchange proof 16 pages [FTP: CMU-CS-93-182.ps] At times it is necessary to obtain a group decision from a number of different nodes over a large network. Secret sharing protocols allow a quorum q of a group of n people to arrive at decisions by having the quorum recompute a predetermined secret, such as an access code, while preventing less that q people from gaining any information about the secret. However, current protocols are vulnerable when participants cheat, for example by giving false information to other participants. In this work, I present a powerful new protocol which detects cheaters immediately and halts the exchange before any more information is revealed. In addition, it prevents cheaters from gaining any information without revealing an equal amount of their own. This protocol will present new paradigms in a variety of applications, such as electronic balloting and secure file system fault tolerance.

Comment on Lin-Wu (t, n)-threshold verifiable multisecret sharing scheme

Abstract: T.Y. Lin and T.C. Wu (1999) gave a (t, n)-threshold verifiable multisecret sharing scheme ((t, n)-VMSS) of the following kind. A secret dealer (SD) issues secret shares to each of n participants, and any more than t participants can cooperatively reconstruct the secrets. The purpose of this paper is to paint out that the claim made previously by the authors, that their scheme is secure against cheating by a participant, is false. Further, the cheater might also be the only one who obtains the secret.

Secret Sharing and Visual Cryptography Schemes

Abstract: A secret sharing scheme is a method for sharing a secret among a set P of n participants. The secret is encoded into n pieces called shares each of which is given to a distinct participant. Certain qualified subsets of participants can recover the secret by pooling together their information, whereas forbidden subsets of participants have no information on the secret. The specification of the qualified sets and the forbidden sets is called access structure.

A New Method for Construction Multiple Assignment Schemes for Generalized Secret Sharing.

Abstract: A secret sharing scheme is a way of protecting a secret by distributing partial information to a set of participants P in such a way that only authorized subsets of P can recover the secret. The family of authorized subsets is called the access structure of the scheme. In 1979, threshold schemes were proposed to realize threshold access structures, and in 1987, multiple assignment schemes were proposed to realize monotone access structures. In this paper, we propose a new method for constructing multiple assignment schemes. Basically, our construction method is a combination of the threshold scheme and the cumulative scheme. We also show that the new method yields better results for some special access structures.

Verifiable Partial Escrow of Integer Factors

Abstract: We construct an efficient interactive protocol for realizing verifiable partial escrow of the factors of an integer n with time-delayed and threshold key recovery features. The computational cost of the new scheme amounts to 10k\log_2P multiplications of numbers of size of P, where P is a protocol parameter which permits n of size up to (\log_2P) -4 to be dealt with and k is a security parameter which controls the error probability for correct key escrow under 1/2^k. The new scheme realizes a practical method for fine tuning the time complexity for factoring an integer, where the complexity tuning has no respect to the size of the integer.

New Multistage Secret Sharing Scheme Based on the Factorization Problem

Abstract: A (t, n) secret sharing scheme [1, 2] allows a secret to be shared among n users in such a way that only t or more users can reconstruct the secret, but any t − 1 or less users have absolutely no information about the secret. One common drawback of almost all known secret sharing schemes is that they are one-time schemes. That is, once any t or more users reconstruct the secret by pooling their shares, both the secret and all shares become known to everyone within the group and everyone else. Thus, each share kept by each user can be used to reconstruct only one secret. However, if many different secrets have to be shared among the group of users, a straightforward method is to apply the secret sharing scheme repeatedly. In this case, each user has to keep many secret shares, which is very inefficient. In 1994, He and Dawson proposed a multistage (t, n) secret sharing (MSS) scheme [3] based on a one-way function to solve this problem. For k secrets to be shared among n users, only one secret share has to be kept by each user. The share is the same size as any single secret. These k secrets can be reconstructed one by one in a predetermined order, and revelation of the secrets at earlier stages will not compromise the security of

Distillation of Unconditionally-Secure Secret-Key Against Active Adversaries Based on Smooth Entropy

Abstract: This paper investigates the distillation of unconditionally secure secret key against active adversaries over an insecure and not even authentic channel based on smooth entropy.First we discuss unconditionally secure authentication where the common key is only partially secret,then the authentication method is used to secret key agreement against active opponents and obtains the size of the secret key with some probability.

Verifiable Secret Redistribution

Abstract: : The authors present a new protocol to perform non-interactive verifiable secret redistribution (VSR) for secrets distributed with Shamir's secret sharing scheme. They base their VSR protocol on Desmedt and Jajodia's redistribution protocol for linear secret-sharing schemes, which they specialize for Shamir's scheme. They extend their redistribution protocol with Feldman's non-interactive verifiable secret sharing scheme to ensure that a SUBSHARES-VALID condition is true after redistribution. They show that the SUBSHARES-VALID condition is necessary but not sufficient to guarantee that the new shareholders have valid shares, so they present an additional SHARES-VALID condition.

Method for constructing domain-verifiable signcryption

Abstract: PURPOSE: A domain verifiable signcryption method is provided, which can satisfy the requirement of maintaining a secrecy as to each secret information of each participant of a message processed between participants and at the same time can perform a verifiable signcryption by each participant as to the whole message CONSTITUTION: A message transmitter(20) codes a corresponding message using a signcryption procedure and generates(c1-cm) and a signature value(r1-rn,s) and transmits them to a message receiver Message receivers(21,22) generate a decoding and signature verify key using an unsigncryption procedure, and decode corresponding message of its own among the received coding message, and perform a signature verify procedure as to the whole procedure