Showing papers on "Verifiable secret sharing published in 2004"
01 Jan 2004
TL;DR: A new kind of receipt sets a far higher standard of security by letting voters verify the election outcome - even if all election computers and records were compromised.
Abstract: A new kind of receipt sets a far higher standard of security by letting voters verify the election outcome - even if all election computers and records were compromised. The system preserves ballot secrecy, while improving access, robustness, and adjucation, all at lower cost.
467 citations
TL;DR: The frequency of white pixels is used to show the contrast of the recovered image and the scheme is nonexpansible and can be easily implemented on a basis of conventional VSS scheme.
426 citations
13 Jun 2004
TL;DR: Under these assumptions, neither secret sharing nor multiparty function computation is possible using a mechanism that has a fixed running time, however, it is shown that both are possible using randomized mechanisms with constant expected running time.
Abstract: We consider the problems of secret sharing and multiparty computation, assuming that agents prefer to get the secret (resp., function value) to not getting it, and secondarily, prefer that as few as possible of the other agents get it. We show that, under these assumptions, neither secret sharing nor multiparty function computation is possible using a mechanism that has a fixed running time. However, we show that both are possible using randomized mechanisms with constant expected running time.
336 citations
TL;DR: A protocol of multiparty secret sharing of quantum information based on entanglement swapping is analyzed and it is convenient to realize the quantum secret sharing among the members of any subset of users.
235 citations
Journal Article•
TL;DR: The first identity-based (ID-based) signcryption scheme that is forward secure, publicly verifiable as well as provably secure was proposed by Boyen and Goyal as mentioned in this paper.
Abstract: Boyen [7] gave the first identity-based (ID-based) signcryption scheme that is forward secure, publicly verifiable as well as provably secure. However, his scheme aims at providing ciphertext unlinkability and anonymity which is not a desirable property in applications such as authentication of encrypted messages by firewalls [11], where any third party should be able to verify the origin of the ciphertext without knowing the content of the message and getting any help from the intended recipient. This requirement is referred as public ciphertext authenticity. In this paper, we give another ID-based signcryption scheme that can provide public ciphertext authenticity and is forward and provably secure as well as publicly verifiable. Our scheme is modified from Libert and Quisquater's ID-based signcryption scheme [16] and the efficiency of our scheme is comparable to other previous ID-based signcryption schemes.
212 citations
29 Nov 2004
TL;DR: This paper presents a protocol for establishing cluster keys in sensor networks using verifiable secret sharing using elliptic curve cryptosystems and develops a secure data aggregation and verification protocol that ensures that the base station never accepts faulty aggregate readings.
Abstract: Sensor networks include nodes with limited computation and communication capabilities. One of the basic functions of sensor networks is to sense and transmit data to the end users. The resource constraints and security issues pose a challenge to information aggregation in large sensor networks. Bootstrapping keys is another challenge because public key cryptosystems are unsuitable for use in resource-constrained sensor networks. In this paper, we propose a solution by dividing the problem in two domains. First, we present a protocol for establishing cluster keys in sensor networks using verifiable secret sharing. We chose elliptic curve cryptosystems for security because of their smaller key size, faster computations and reductions in processing power. Second, we develop a secure data aggregation and verification (SecureDAV) protocol that ensures that the base station never accepts faulty aggregate readings. An integrity check of the readings is done using Merkle hash trees, avoiding over-reliance on the cluster-heads.
152 citations
19 Feb 2004
TL;DR: This work presents a perfect secret sharing scheme for threshold secret sharing in groups with hierarchical structure that uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values.
Abstract: We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings, the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k 0 members from the highest level, as well as at least k 1 > k 0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past, none of the existing solutions addresses the simple setting where, say, a bank transfer should be signed by three employees, at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that, unlike most secret sharing schemes that are suitable for hierarchical structures, is ideal. As in Shamir’s scheme, the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently, our scheme uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In the course of this discussion, we borrow some results from the theory of Birkhoff interpolation over ℝ and import them to the context of finite fields.
121 citations
Proceedings Article•
05 Apr 2004
TL;DR: The focus of this paper is to formalize the concept of identity-based threshold signature and give the first provably secure scheme based on the bilinear pairings, and a private key associated with an identity rather than a master key of the public key generator is shared among signature generation servers.
Abstract: The focus of this paper is to formalize the concept ofidentity-based threshold signature and give the firstprovably secure scheme based on the bilinear pairings.An important feature of our scheme is that a privatekey associated with an identity rather than a masterkey of the Public Key Generator is shared amongsignature generation servers, which is more desirablein practice. Another interesting aspect of our results isthat the security of one of the verifiable secret sharingschemes used to construct the identity-based thresholdsignature scheme is relative to a slightly modifiedversion of the Generalized Tate Inversion problemrecently proposed by Joux.
102 citations
Patent•
28 Oct 2004TL;DR: In this paper, a secure solution to the problem of secret key agreement is provided, in particular a method of reliable forward secret key sharing is disclosed between two legitimate correspondents whose profiles match sufficiently.
Abstract: A secure solution is provided to the problem of secret key agreement. In particular, a method of reliable forward secret key sharing is disclosed between two legitimate correspondents whose profiles match sufficiently. The invention relies on a physical random function, sometimes referred to as a physical unclonable function (PUF) to provide a secure solution to the problem of secret key agreement. In one embodiment, a one-pass protocol is introduced based on Reed-Solomon codes leading to an unconditionally secure solution. In a further embodiment, the solution of the first embodiment is improved upon by providing a conditionally secure solution based on a pseudo random family of functions. In a still further embodiment, a two-pass protocol is introduced which is used exclusively for purposes of identification and authentication. In accordance with the principles of the two-pass protocol, two communications are required and unlike the one-pass protocol, the second correspondent selects the secret key K.
79 citations
02 Dec 2004
TL;DR: In this article, the first identity-based threshold ring signature scheme was proposed and the scheme is provably secure in the random oracle model and provides trusted authority compatibility, which is also the most efficient scheme in terms of number of pairing operations required.
Abstract: In threshold ring signature schemes, any group of t entities spontaneously conscript arbitrarily n – t entities to generate a publicly verifiable t-out-of-n signature on behalf of the whole group, yet the actual signers remain anonymous. The spontaneity of these schemes is desirable for ad-hoc groups such as mobile ad-hoc networks. In this paper, we present an identity based (ID-based) threshold ring signature scheme. The scheme is provably secure in the random oracle model and provides trusted authority compatibility. To the best of authors’ knowledge, our scheme is the first ID-based threshold ring signature scheme which is also the most efficient (in terms of number of pairing operations required) ID-based ring signature scheme (when t = 1) and threshold ring signature scheme from pairings.
77 citations
08 Jun 2004
TL;DR: A new efficient verifiable shuffle system based on Paillier encryption scheme is proposed and its security is proved in the proposed model.
Abstract: We propose a formal model for security of verifiable shuffles and prove security of a number of recently proposed shuffle schemes in this model. The model is general and can be extended to mix-nets and verifiable shuffle decryption. We propose a new efficient verifiable shuffle system based on Paillier encryption scheme and prove its security in the proposed model.
NEC1
TL;DR: This paper proposes a scheme to simultaneously prove the correctness of both shuffling and decryption of ElGamal ciphertexts, and proposes a formal definition for the core requirement of unlinkability in verifiable shuffle-decryption.
Abstract: In this paper, we propose a scheme to simultaneously prove the correctness of both shuffling and decryption. Our scheme is the most efficient of all previous schemes, as a total, in proving the correctness of both shuffling and decryption of ElGamal ciphertexts. We also propose a formal definition for the core requirement of unlinkability in verifiable shuffle-decryption, and then prove that our scheme satisfies this requirement. The proposed definition may be also useful for proving the security of verifiable shuffle-decryption, hybrid mix network, and other mix-nets.
TL;DR: For codes that solve nonlinear partial differential equations (PDEs), powerful methodologies already exist for verification of codes, verification of calculations, and validation (V2V), but computational scientists and engineers should take the responsibility and the relatively little extra effort to design (or modify) their codes so that independent users can confirm V2V.
Abstract: For codes that solve nonlinear partial differential equations (PDEs), powerful methodologies already exist for verification of codes, verification of calculations, and validation (V2V). If computational scientists and engineers are serious about these issues, they will take the responsibility and the relatively little extra effort to design (or modify) their codes so that independent users can confirm V2V.
TL;DR: This paper proves that secret sharing schemes for a set of secrets of size two (BSSs) and VCSs are "equivalent" with respect to the randomness, and shows how to transform a BSS for a given access structure into a VCS for the same access structure while preserving therandomness of the original scheme.
13 Jul 2004
TL;DR: An optimistic two-party fair exchange protocol which does not rely on a centralized trusted third party, instead, the fairness of the protocol relies on the honesty of part of the neighbor participants.
Abstract: In this paper we propose an optimistic two-party fair exchange protocol which does not rely on a centralized trusted third party. Instead, the fairness of the protocol relies on the honesty of part of the neighbor participants. This new concept, which is based on a generic verifiable secret sharing scheme, is particularly relevant in networks where centralized authority can neither be used on-line nor off-line.
Posted Content•
TL;DR: This work gives a simple and efficient construction of a verifiable random function (VRF) on bilinear groups and shows that the scheme can be instantiated with an elliptic group of very reasonable size and can be made distributed and proactive.
Abstract: We give a simple and efficient construction of a verifiable random function (VRF) on bilinear groups. Our construction is direct. In contrast to prior VRF constructions [14,15], it avoids using an inefficient Goldreich-Levin transformation, thereby saving several factors in security. Our proofs of security are based on a decisional bilinear Diffie-Hellman inversion assumption, which seems reasonable given current state of knowledge. For small message spaces, our VRF's proofs and keys have constant size. By utilizing a collision-resistant hash function, our VRF can also be used with arbitrary message spaces. We show that our scheme can be instantiated with an elliptic group of very reasonable size. Furthermore, it can be made distributed and proactive.
19 Feb 2004
TL;DR: A new model for non-interactive zero-knowledge where security is not based on a common reference string, but where prover and verifier are assumed to possess appropriately correlated secret keys is considered, with immediate applications to non-Interactive verification of undeniable signatures and pseudorandom function values.
Abstract: We consider a new model for non-interactive zero-knowledge where security is not based on a common reference string, but where prover and verifier are assumed to possess appropriately correlated secret keys. We present efficient proofs for equality of discrete logarithms in this model with unconditional soundness and zero-knowledge. This has immediate applications to non-interactive verification of undeniable signatures and pseudorandom function values. Another application is the following: a set of l servers, of which less than l/2 are corrupt, hold shares of a secret integer s. A client C specifies g in some finite group G, and the servers want to allow the client to compute g s non-interactively, i.e., by sending information to C only once. This has immediate applications in threshold cryptography. Using our proof system, the problem can be solved as efficiently as the fastest previous solutions that either required interaction or had to rely on the random oracle model for a proof of security. The price we pay is the need to establish the secret key material once and for all. We present an alternative solution to the problem that is also non-interactive and where clients need no secret keys. This comes at the expense of more communication and the assumption that less than l/3 of the servers are corrupt.
Patent•
28 Oct 2004
TL;DR: In this article, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys, and verification of the signature proves that the keys are generated from a key generation process utilizing the signature.
Abstract: The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process.
TL;DR: This paper presents several threshold schemes that are generalizations of Shamir's secret sharing scheme such that only authorized people can reconstruct the secret from their shares.
Abstract: A secret sharing scheme is a system designed to share a piece of information or the secret among a group of people such that only authorized people can reconstruct the secret from their shares. Since Blakley and Shamir proposed threshold secret sharing schemes in 1979 independently, many secret sharing schemes have been constructed. In this paper, we present several threshold schemes that are generalizations of Shamir's secret sharing scheme.
29 Mar 2004
TL;DR: The concept of admission tickets is employed to delegate the access right from ancestors to their descendants and the presented scheme is based on general hierarchies, and may be more suitable for real applications.
Abstract: We propose a secret sharing scheme with the property of access structures in a hierarchy. We employ the concept of admission tickets to delegate the access right from ancestors to their descendants. Each participant group has an authorized access structure and each access structure has its own secret key. The presented scheme is based on general hierarchies, and may be more suitable for real applications.
TL;DR: In this article, a robust and universally verifiable membership testing scheme (MTS) was proposed that allows a collection of voters to cast votes and determine whether their tally belongs to some pre-specified small set (e.g., exceeds a given threshold).
Proceedings Article•
01 Jan 2004TL;DR: The voter verifiable election scheme presented in this paper provides voters with an encrypted receipt that they can use to check that their vote is entered into the tabulation, which provides a high degree of transparency within the constraints imposed by ballot secrecy.
Abstract: We present a variant of Chaum's voter verifiable election scheme that preserves the essential characteristics of the original whilst being significantly easier to understand and implementThe scheme provides voters with an encrypted receipt that they can use to check that their vote is entered into the tabulation The scheme provides a high degree of transparency, within the constraints imposed by ballot secrecy Various checks are performed by independent auditors and the voters themselves to catch any failure to decrypt receipts correctly Thus assurance of accuracy is provided by close monitoring of the vote capture and processing, with minimal dependence on the voting devices and tellersAssurance of secrecy is derived from multiple anonymising mixes of the ballot receipts
Patent•
06 Oct 2004
TL;DR: In this paper, the authors describe techniques and systems for protecting verifiable digital secrets such as encryption keys and identification codes based on partition and recovery processes, which may be used to offer individuals a personalized tool for protecting secret data and providing enhanced security.
Abstract: Techniques and systems for protecting verifiable digital secrets such as encryption keys and identification codes based on partition and recovery processes are described. Implementations of the present techniques may be used, for example, to offer individuals a personalized tool for protecting secret data and to provide enhanced security. The partition and recovery may be carried out at the same computer or on separate computers.
23 Aug 2004
TL;DR: This paper introduces the notion of Verifiable Pairing, together with a concrete construction, to ensure the robustness of these protocols, and finds that the scheme for verifiable pairing gives rise to a new identity-based signature that is provably secure in the random oracle model without using the forking lemma.
Abstract: Pairing-based cryptography is rapidly emerging in recent years. Many cryptographic protocols, such as signcryption, threshold decryption and undeniable signature enabled by pairing require sending the result of the pairing function with private key as one of the input. Since private key is only known to its owner, the correctness of the result may not be easily verifiable (which requires solving the decisional bilinear Diffie-Hellman problem). In this paper, we introduce the notion of Verifiable Pairing, together with a concrete construction, to ensure the robustness of these protocols. Verifiable pairing is a useful primitive in many information security applications. As examples, we show how verifiable pairing can be applied in signcryption, threshold decryption and how it can help in fixing insecure protocol. In adding verifiability to threshold decryption, our solution is more efficient than the previous proposal in [21]. As a bonus result, we find that our scheme for verifiable pairing gives rise to a new identity-based signature that is provably secure in the random oracle model without using the forking lemma, assuming the hardness of the computational bilinear Diffie-Hellman problem.
TL;DR: It is proved that for given secret sharing, the average cheating probability over all cheating vectors and all original vectors, i.e., 1/n 2^n ∑ _c=1...n ∈V n ρ _c,α , satisfies overlineρ ≥ \frac12, and the secret sharing is said to be cheating immune.
Abstract: The paper addresses the cheating prevention in secret sharing We consider secret sharing with binary shares The secret also is binary This model allows us to use results and constructions from the well developed theory of cryptographically strong boolean functions In particular, we prove that for given secret sharing, the average cheating probability over all cheating vectors and all original vectors, ie, 1/n 2^n ∑ _c=1n ∑ _α ∈V n ρ _c,α , denoted by overlineρ , satisfies overlineρ ≥ \frac12 , and the equality holds if and only if ρ _c,α satisfies ρ _c,α = \frac12 for every cheating vector δ _c and every original vector α In this case the secret sharing is said to be cheating immune We further establish a relationship between cheating-immune secret sharing and cryptographic criteria of boolean functionsThis enables us to construct cheating-immune secret sharing
02 Dec 2004
TL;DR: A new solution to the millionaire problem is designed on the base of two new techniques: zero test and batch equation, a technique used to test whether one or more ciphertext contains a zero without revealing other information.
Abstract: A new solution to the millionaire problem is designed on the base of two new techniques: zero test and batch equation. Zero test is a technique used to test whether one or more ciphertext contains a zero without revealing other information. Batch equation is a technique used to test equality of multiple integers. Combination of these two techniques produces the only known solution to the millionaire problem that is correct, private, publicly verifiable and efficient at the same time.
TL;DR: The contribution of finite projective geometry to secret sharing theory is reviewed, highlighting results and techniques where its use has been of particular significance.
Abstract: Finite geometry has found applications in many different fields and practical environments. We consider one such application, to the theory of secret sharing, where finite projective geometry has proved to be very useful, both as a modelling tool and as a means to establish interesting results. A secret sharing scheme is a means by which some secret data can be shared among a group of entities in such a way that only certain subsets of the entities can jointly compute the secret. Secret sharing schemes are useful for information security protocols, where they can be used to jointly protect cryptographic keys or provide a means of access control. We review the contribution of finite projective geometry to secret sharing theory, highlighting results and techniques where its use has been of particular significance.
05 Apr 2004
TL;DR: In this article, the authors formalize the concept of identity-based threshold signature and give the first provably secure scheme based on the bilinear pairings, where a private key associated with an identity rather than a master key of the public key generator is shared among signature generation servers.
Abstract: The focus of this paper is to formalize the concept of identity-based threshold signature and give the first provably secure scheme based on the bilinear pairings. An important feature of our scheme is that a private key associated with an identity rather than a master key of the public key generator is shared among signature generation servers, which is more desirable in practice. Another interesting aspect of our results is that the security of one of the verifiable secret sharing schemes used to construct the identity-based threshold signature scheme is relative to a slightly modified version of the generalized Tate inversion problem recently proposed by Joux.
TL;DR: A general uncoercible e-bidding game that distributes the bidding procedure between the bidder and a tamper-resistant token in a verifiable way is presented.
Abstract: The notion of uncoercibility was first introduced in e-voting systems to deal with the coercion of voters. However this notion extends to many other e-systems for which the privacy of users must be protected, even if the users wish to undermine their own privacy. In this paper we consider uncoercible e-bidding games. We discuss necessary requirements for uncoercibility, and present a general uncoercible e-bidding game that distributes the bidding procedure between the bidder and a tamper-resistant token in a verifiable way. We then show how this general game can be used to design provably uncoercible e-auctions and e-elections. Finally, we discuss the practical consequences of uncoercibility in other areas of e-commerce.
01 Jan 2004
TL;DR: A method for making random selections in such a way that the unbiased nature of the choice is publicly verifiable, and the selection of the voting members of the IETF Nominations Committee (NomCom) from the pool of eligible volunteers is used.
Abstract: Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This document describes a method for making random selections in such a way that the unbiased nature of the choice is publicly verifiable. As an example, the selection of the voting members of the IETF Nominations Committee (NomCom) from the pool of eligible volunteers is used. Similar techniques would be applicable to other cases.