Showing papers on "Verifiable secret sharing published in 2005"
23 Jan 2005
TL;DR: In this paper, a verifiable random function (VRF) on bilinear groups is presented, which avoids using an inefficient Goldreich-Levin transformation, thereby saving several factors in security.
Abstract: We give a simple and efficient construction of a verifiable random function (VRF) on bilinear groups. Our construction is direct. In contrast to prior VRF constructions [14,15], it avoids using an inefficient Goldreich-Levin transformation, thereby saving several factors in security. Our proofs of security are based on a decisional bilinear Diffie-Hellman inversion assumption, which seems reasonable given current state of knowledge. For small message spaces, our VRF's proofs and keys have constant size. By utilizing a collision-resistant hash function, our VRF can also be used with arbitrary message spaces. We show that our scheme can be instantiated with an elliptic group of very reasonable size. Furthermore, it can be made distributed and proactive.
423 citations
TL;DR: This work takes advantage of this multiparty QSSCM scheme to establish a scheme of multiparty secret sharing of quantum information (SSQI), in which only all quantum information receivers collaborate can the original qubit be reconstructed.
Abstract: Based on a quantum secure direct communication (QSDC) protocol [Phys. Rev. A 69 052319 (2004)], we propose a (n,n)-threshold scheme of multiparty quantum secret sharing of classical messages (QSSCM) using only single photons. We take advantage of this multiparty QSSCM scheme to establish a scheme of multiparty secret sharing of quantum information (SSQI), in which only all quantum information receivers collaborate can the original qubit be reconstructed. A general idea is also proposed for constructing multiparty SSQI schemes from any QSSCM scheme.
404 citations
TL;DR: The security of the present multiparty QSS against eavesdropping has been analyzed and confirmed even in a noisy quantum channel.
Abstract: A multiparty quantum secret sharing (QSS) protocol of classical messages (i.e., classical bits) is proposed by using swapping quantum entanglement of Bell states. The secret messages are imposed on Bell states by local unitary operations. The secret messages are split into several parts, and each part is distributed to a separate party so that no action of a subset of all the parties without the cooperation of the entire group is able to read out the secret messages. In addition, dense coding is used in this protocol to achieve a high efficiency. The security of the present multiparty QSS against eavesdropping has been analyzed and confirmed even in a noisy quantum channel.
374 citations
TL;DR: In this paper, error-correcting codes from perfect nonlinear mappings are constructed, and then employed to construct secret sharing schemes, and many of them are optimal or almost optimal.
Abstract: In this paper, error-correcting codes from perfect nonlinear mappings are constructed, and then employed to construct secret sharing schemes. The error-correcting codes obtained in this paper are very good in general, and many of them are optimal or almost optimal. The secret sharing schemes obtained in this paper have two types of access structures. The first type is democratic in the sense that every participant is involved in the same number of minimal-access sets. In the second type of access structures, there are a few dictators who are in every minimal access set, while each of the remaining participants is in the same number of minimal-access sets.
363 citations
10 Feb 2005
TL;DR: This work presents a method for converting shares of a secret into shares of the same secret in a different secret-sharing scheme using only local computation and no communication between players, and shows how this can be combined with any pseudorandom function to create any number of Shamir secret-sharings of (pseudo)random values without communication.
Abstract: We present a method for converting shares of a secret into shares of the same secret in a different secret-sharing scheme using only local computation and no communication between players. In particular, shares in a replicated scheme based on a CNF representation of the access structure can be converted into shares from any linear scheme for the same structure.
We show how this can be combined with any pseudorandom function to create, from initially distributed randomness, any number of Shamir secret-sharings of (pseudo)random values without communication. We apply this technique to obtain efficient non-interactiveprotocols for secure computation of low-degree polynomials, which in turn give rise to other applications in secure computation and threshold cryptography. For instance, we can make the Cramer-Shoup threshold cryptosystem by Canetti and Goldwasser fully non-interactive, or construct non-interactive threshold signature schemes secure without random oracles.
The latter solutions are practical only for a relatively small number of players. However, in our main applications the number of players is typically small, and furthermore it can be argued that no solution that makes a black-box use of a pseudorandom function can be more efficient.
272 citations
TL;DR: In this article, a quantum secret sharing protocol between multiparty (m$ members in group 1) and multiparty(n$ participants in group 2) using a sequence of single photons is proposed.
Abstract: We propose a quantum secret sharing protocol between multiparty ($m$ members in group 1) and multiparty ($n$ members in group 2) using a sequence of single photons. These single photons are used directly to encode classical information in a quantum secret sharing process. In this protocol, all members in group 1 directly encode their respective keys on the states of single photons via unitary operations; then, the last one (the $m\mathrm{th}$ member of group 1) sends $1∕n$ of the resulting qubits to each of group 2. Thus the secret message shared by all members of group 1 is shared by all members of group 2 in such a way that no subset of each group is efficient to read the secret message, but the entire set (not only group 1 but also group 2) is. We also show that it is unconditionally secure. This protocol is feasible with present-day techniques.
204 citations
TL;DR: A simple and practical protocol for the solution of a secure multiparty communication task, the secret sharing, and its proof-of-principle experimental realization, in which a secret is split among several parties in a way that its reconstruction requires the collaboration of the participating parties.
Abstract: We present a simple and practical protocol for the solution of a secure multiparty communication task, the secret sharing, and its proof-of-principle experimental realization. In this protocol, a secret is split among several parties in a way that its reconstruction requires the collaboration of the participating parties. In our scheme the parties solve the problem by sequential transformations on a single qubit. In contrast with recently proposed schemes involving multiparticle Greenberger-Horne-Zeilinger states, the approach demonstrated here is much easier to realize and scalable in practical applications.
189 citations
Posted Content•
TL;DR: It is found that the proposed quantum secret sharing protocol is secure if the quantum signal transmitted is only a single photon but insecure with a multi-photon signal as some agents can get the information about the others' message if they attack the communication with a Trojan horse.
Abstract: Recently, Yan and Gao proposed a quantum secret sharing protocol between multiparty ($m$ members in group 1) and multiparty ($n$ members in group 2) using a sequence of single photons (Phys. Rev. A \textbf{72}, 012304 (2005)). We find that it is secure if the quantum signal transmitted is only a single photon but insecure with a multi-photon signal as some agents can get the information about the others' message if they attack the communication with a Trojan horse. However, security against this attack can be attained with a simple modification.
174 citations
TL;DR: A new multi-secret sharing scheme based on two variable one-way function and Hermite interpolating polynomial is presented, in which the participants' shadows remain secret and can be reused.
133 citations
TL;DR: Only Bell states are employed and needed to be identified to realize the multiparty secret sharing of quantum information, where the secret is an arbitrary unknown quantum state in a qubit.
Abstract: In this paper, only Bell states are employed and needed to be identified to realize the multiparty secret sharing of quantum information, where the secret is an arbitrary unknown quantum state in a qubit. In our multiparty quantum information secret sharing (QISS) scheme, no subset of all the quantum information receivers is sufficient to reconstruct the unknown state in a qubit but the entire is. The present multiparty QISS scheme is more feasible with present-clay technique.
125 citations
01 Jan 2005
TL;DR: These lecture notes introduce the notion of secure multiparty computation, and introduce some concepts necessary to define what it means for a multiparty protocol to be secure, and survey some known general results that describe when secure multiparta computation is possible.
Abstract: These lecture notes introduce the notion of secure multiparty computation. We introduce some concepts necessary to define what it means for a multiparty protocol to be secure, and survey some known general results that describe when secure multiparty computation is possible. We then look at some general techniques for building secure multiparty protocols, including protocols for commitment and verifiable secret sharing, and we show how these techniques together imply general secure multiparty computation. Our goal with these notes is to convey an understanding of some basic ideas and concepts from this field, rather than to give a fully formal account of all proofs and details. We hope the notes will be accessible to most graduate students in computer science and mathematics with an interest in cryptography.
TL;DR: A wavelet-based copyright-proving scheme that does not require the original image for logo verification is proposed and is strong enough to resist malicious manipulations of an image including blurring, JPEG compression, noising, sharpening, scaling, rotation, cropping, scaling-cropping, and print-photocopy-scan attacks.
Abstract: A wavelet-based copyright-proving scheme that does not require the original image for logo verification is proposed in this paper. The scheme is strong enough to resist malicious manipulations of an image including blurring, JPEG compression, noising, sharpening, scaling, rotation, cropping, scaling-cropping, and print-photocopy-scan attacks. The proposed scheme is also resistant to StirMark and unZign attacks and it is not only a robust method but also a lossless one. Experiments are conducted to show the robustness of this method. Moreover, cryptographic tools, such as digital signature and timestamp, are introduced to make copyright proving publicly verifiable.
IBM1
TL;DR: Weakly verifiable puzzles as discussed by the authors show that solving many independent puzzles with probability more than e is harder than solving a single instance, and when the puzzles are not even weakly verifiably verifiable, solving many puzzles may be no harder than the single one.
Abstract: Is it harder to solve many puzzles than it is to solve just one? This question has different answers, depending on how you define puzzles. For the case of inverting one-way functions it was shown by Yao that solving many independent instances simultaneously is indeed harder than solving a single instance (cf. the transformation from weak to strong one-way functions). The known proofs of that result, however, use in an essential way the fact that for one-way functions, verifying candidate solutions to a given puzzle is easy. We extend this result to the case where solutions are efficiently verifiable only by the party that generated the puzzle. We call such puzzles weakly verifiable. That is, for weakly verifiable puzzles we show that if no efficient algorithm can solve a single puzzle with probability more than e, then no efficient algorithm can solve n independent puzzles simultaneously with probability more than en. We also demonstrate that when the puzzles are not even weakly verifiable, solving many puzzles may be no harder than solving a single one.
Hardness amplification of weakly verifiable puzzles turns out to be closely related to the reduction of soundness error under parallel repetition in computationally sound arguments. Indeed, the proof of Bellare, Impagliazzo and Naor that parallel repetition reduces soundness error in three-round argument systems implies a result similar to our first result, albeit with considerably worse parameters. Also, our second result is an adaptation of their proof that parallel repetition of four-round systems may not reduce the soundness error.
TL;DR: An efficient secret sharing scheme using Largrange's interpolation for generalized access structures is proposed that offers a more efficient and effective way to share multiple secrets.
TL;DR: A new efficient verifiable multi-secret sharing based on YCH and the intractability of the discrete logarithm (DL) scheme is presented.
26 Oct 2005
TL;DR: This work presents a storage and communication-efficient scheme for asynchronous verifiable information dispersal that achieves an asymptotically optimal storage blow-up and shows how to guarantee the secrecy of the stored data with respect to an adversary that may mount adaptive attacks.
Abstract: Information dispersal addresses the question of storing a file by distributing it among a set of servers in a storage-efficient way. We introduce the problem of verifiable information dispersal in an asynchronous network, where up to one third of the servers as well as an arbitrary number of clients might exhibit Byzantine faults. Verifiability ensures that the stored information is consistent despite such faults. We present a storage and communication-efficient scheme for asynchronous verifiable information dispersal that achieves an asymptotically optimal storage blow-up. Additionally, we show how to guarantee the secrecy of the stored data with respect to an adversary that may mount adaptive attacks. Our technique also yields a new protocol for asynchronous reliable broadcast that improves the communication complexity by an order of magnitude on large inputs.
TL;DR: It is proved that there exists a contrast-optimal scheme that is a member of a special set of schemes, which are called canonical schemes, and that satisfy strong symmetry properties.
Abstract: Visual cryptography schemes allow the encoding of a secret image into n shares which are distributed to the participants. The shares are such that only qualified subsets of participants can "visually" recover the secret image. Usually the secret image consist of black and white pixels. In colored threshold visual cryptography schemes the secret image is composed of pixels taken from a given set of c colors. The pixels expansion and the contrast of a scheme are two measures of the goodness of the scheme.In this paper, we study c-color (k,n)-threshold visual cryptography schemes and provide a characterization of contrast-optimal schemes. More specifically we prove that there exists a contrast-optimal scheme that is a member of a special set of schemes, which we call canonical schemes, and that satisfy strong symmetry properties.Then we use canonical schemes to provide a constructive proof of optimality, with respect to the pixel expansion, of c-color (n,n)-threshold visual cryptography schemes.Finally, we provide constructions of c-color (2,n)-threshold schemes whose pixels expansion improves on previously proposed schemes.
TL;DR: The former protocol is the most efficient in computational and communication complexity among 3-move honest verifier perfect zero-knowledge protocols for proving a shuffling of ElGamal cipher-texts.
Abstract: In this paper, we propose an efficient protocol for proving the correctness of shuffling and an efficient protocol for simultaneously proving the correctness of both shuffling and decryption. The former protocol is the most efficient in computational and communication complexity among 3-move honest verifier perfect zero-knowledge protocols for proving a shuffling of ElGamal cipher-texts. The latter protocol is the most efficient in computational, communication, and round complexity, as a whole, in proving the correctness of both shuffling and decryption of ElGamal cipher-texts. The proposed protocols will be a building block of an efficient, universally verifiable mix-net, whose application to voting systems is prominent.
10 Jan 2005
TL;DR: A variant of Chaum's voter verifiable election scheme is presented that preserves the essential characteristics of the original whilst being significantly easier to understand and implement.
Abstract: We present a variant of Chaum's voter verifiable election scheme that preserves the essential characteristics of the original whilst being significantly easier to understand and implement.The scheme provides voters with an encrypted receipt that they can use to check that their vote is entered into the tabulation. The scheme provides a high degree of transparency, within the constraints imposed by ballot secrecy. Various checks are performed by independent auditors and the voters themselves to catch any failure to decrypt receipts correctly. Thus assurance of accuracy is provided by close monitoring of the vote capture and processing, with minimal dependence on the voting devices and tellers.Assurance of secrecy is derived from multiple anonymising mixes of the ballot receipts.
TL;DR: In this article, the authors study the set of equilibria that can be achieved by adding general communication systems to Bayesian games in which some information can be certified or, equivalently, in which players’ types are partially verifiable.
Posted Content•
TL;DR: The first UC-secure mix-net was proposed in this paper, where each mix-server partially decrypts and permutes its input, and no re-encryption is necessary.
Abstract: We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no re-encryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability.
The mix-net is provably UC-secure against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle.
Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption.
Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.
Posted Content•
TL;DR: In this article, a decryption shuffle based on the Boneh-Goh-Nissim (BGN) cryptosystem was constructed and a re-encryption shuffle was constructed.
Abstract: We show how to public-key obfuscate two commonly used shuffles: decryption shuffles which permute and decrypt ciphertexts, and re-encryption shuffles which permute and re-encrypt ciphertexts. Given a trusted party that samples and obfuscates a shuffle before any ciphertexts are received, this reduces the problem of constructing a mix-net to verifiable joint decryption. We construct a decryption shuffle from any additively homomorphic cryptosystem and show how it can be public-key obfuscated. This construction does not allow efficient distributed verifiable decryption. Then we show how to public-key obfuscate: a decryption shuffle based on the Boneh-Goh-Nissim (BGN) cryptosystem, and a re-encryption shuffle based on the Paillier cryptosystem. Both constructions allow efficient distributed verifiable decryption. In the Paillier case we identify and exploit a previously overlooked “homomorphic” property of the cryptosystem. Finally, we give a distributed protocol for sampling and obfuscating each of the above shuffles and show how it can be used in a trivial way to construct a universally composable mix-net. Our constructions are practical when the number of senders N is reasonably small, e.g. N = 350 in the BGN case and N = 2000 in the Paillier case.
Journal Article•
TL;DR: In this paper, the first UC-secure mix-net was proposed, where each mix-server partially decrypts and permutes its input, and no re-encryption is necessary.
Abstract: We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no re-encryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability. The mix-net is provably UC-secure against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle. Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption. Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.
20 Jul 2005
TL;DR: Two spatial-domain image hiding schemes with the concept of secret sharing using the two-out-of-two visual secret sharing technique to generate two shares for hiding a secret two-tone image are proposed.
Abstract: In this paper, we shall propose two spatial-domain image hiding schemes with the concept of secret sharing. The two new schemes use the two-out-of-two visual secret sharing technique to generate two shares for hiding a secret two-tone image. These two secret shares are embedded into two gray-level cover images by the proposed embedding scheme. To decode the hidden messages, we can superimpose the extracted shares from the secret-share-carrier images (namely the embedding images). The advantages of our scheme are simple computation and good security, and thus it is very suitable for applications involving low power verification systems. Besides, our scheme can support two participants to share one secret two-tone image. According to our experimental results, the two proposed schemes are capable of offering satisfactory embedding image quality
TL;DR: In this article, the optimal information rate of secret sharing schemes with three or four minimal qualified subsets has been characterized and the ideal case is completely characterized and for the non-ideal case, the optimal rate is given.
Abstract: In this paper we study secret sharing schemes whose access structure has three or four minimal qualified subsets. The ideal case is completely characterized and for the non-ideal case we provide bounds on the optimal information rate.
06 Jun 2005
TL;DR: Two new building blocks employed - a distributed blinding protocol and verifiable dual encryption proofs - could have uses beyond re-encryption protocols.
Abstract: A protocol is given to take an ElGamal ciphertext encrypted under the key of one distributed service and produce the corresponding ciphertext encrypted under the key of another distributed service, but without the plaintext ever becoming available. Each distributed service comprises a set of servers and employs threshold cryptography to maintain its service private key. Unlike prior work, the protocol requires no assumptions about execution speeds or message delivery delays. The protocol also imposes fewer constraints on where and when various steps are performed, which can bring improvements in end-to-end performance for some applications (e.g., a trusted publish/subscribe infrastructure). Two new building blocks employed - a distributed blinding protocol and verifiable dual encryption proofs - could have uses beyond re-encryption protocols
10 Feb 2005
TL;DR: This work characterization all weighted threshold access structures that are ideal relies heavily on the strong connection between ideal secret sharing schemes and matroids, as proved by Brickell and Davenport.
Abstract: Weighted threshold secret sharing was introduced by Shamir in his seminal work on secret sharing. In such settings, there is a set of users where each user is assigned a positive weight. A dealer wishes to distribute a secret among those users so that a subset of users may reconstruct the secret if and only if the sum of weights of its users exceeds a certain threshold. A secret sharing scheme is ideal if the size of the domain of shares of each user is the same as the size of the domain of possible secrets (this is the smallest possible size for the domain of shares). The family of subsets authorized to reconstruct the secret in a secret sharing scheme is called an access structure. An access structure is ideal if there exists an ideal secret sharing scheme that realizes it.
It is known that some weighted threshold access structures are not ideal, while other nontrivial weighted threshold access structures do have an ideal scheme that realizes them. In this work we characterize all weighted threshold access structures that are ideal. We show that a weighted threshold access structure is ideal if and only if it is a hierarchical threshold access structure (as introduced by Simmons), or a tripartite access structure (these structures, that we introduce here, generalize the concept of bipartite access structures due to Padro and Saez), or a composition of two ideal weighted threshold access structures that are defined on smaller sets of users. We further show that in all those cases the weighted threshold access structure may be realized by a linear ideal secret sharing scheme. The proof of our characterization relies heavily on the strong connection between ideal secret sharing schemes and matroids, as proved by Brickell and Davenport.
19 Dec 2005
TL;DR: This paper proposes a conceptual framework for fingerprinted secret sharing steganography, a technique to break the main secret into multiple parts and hide them individually in a cover medium and uses the Lagrange interpolating polynomial method to recover the shared secret.
Abstract: Steganography is the art and science of hiding information In this paper we propose a conceptual framework for fingerprinted secret sharing steganography We offer a technique to break the main secret into multiple parts and hide them individually in a cover medium We use a novel technique to compress the data to a considerable extent We use the Lagrange interpolating polynomial method to recover the shared secret We also show how the proposed technique can offer robust mechanism to protect data loss because of image cropping We use the (k,n) threshold scheme to decide the minimum number of parts required to recover the secret data completely The security of our scheme is based on the security principle of steganography and secret sharing scheme
Patent•
01 Jun 2005
TL;DR: In this paper, a technique and system for protecting verifiable digital secrecy such as encryption keys and identification codes based on the partition and recovery processes of digital secrecy is presented, which may be implemented to offer individuals a personalized tool for protecting confidential data and to provide enhanced security.
Abstract: The present invention provides a method for protecting digital secrecy, and objects and system thereof. Described contents hereby are novel technique and system for protecting verifiable digital secrecy such as encryption keys and identification codes based on the partition and recovery processes of digital secrecy. Implementations of the technique in the present invention may be implemented, for example, to offer individuals a personalized tool for protecting confidential data and to provide enhanced security. The partition and recovery of secrecy may be carried out at a same computer or at different computers.
TL;DR: This paper takes the lead in studying size-adjustable VSS schemes such that one can choose appropriate shadow size and the recovered image contrast for practical use.
Abstract: Visual secret sharing (VSS) scheme is a perfect secure method that protects a secret image by breaking it into shadows. Unlike other secret sharing schemes, the VSS scheme can be easily decoded by the human visual sight when staking the shadows. We replace a pixel in the secret image by m sub pixels in the shadow image and the value m is called as pixel expansion. In general, most papers are dedicated to find the minimum m for a VSS scheme, i.e. a smaller shadow size. However, it seems that no one studies how to trade the shadow size for the contrast. In this paper, we take the lead in studying size-adjustable VSS schemes such that one can choose appropriate shadow size and the recovered image contrast for practical use.