Showing papers on "Verifiable secret sharing published in 2012"

How to delegate and verify in public: verifiable computation from attribute-based encryption

Abstract: The wide variety of small, computationally weak devices, and the growing number of computationally intensive tasks makes it appealing to delegate computation to data centers. However, outsourcing computation is useful only when the returned result can be trusted, which makes verifiable computation (VC) a must for such scenarios. In this work we extend the definition of verifiable computation in two important directions: public delegation and public verifiability, which have important applications in many practical delegation scenarios. Yet, existing VC constructions based on standard cryptographic assumptions fail to achieve these properties. As the primary contribution of our work, we establish an important (and somewhat surprising) connection between verifiable computation and attribute-based encryption (ABE), a primitive that has been widely studied. Namely, we show how to construct a VC scheme with public delegation and public verifiability from any ABE scheme. The VC scheme verifies any function in the class of functions covered by the permissible ABE policies (currently Boolean formulas). This scheme enjoys a very efficient verification algorithm that depends only on the output size. Efficient delegation, however, requires the ABE encryption algorithm to be cheaper than the original function computation. Strengthening this connection, we show a construction of a multi-function verifiable computation scheme from an ABE scheme with outsourced decryption, a primitive defined recently by Green, Hohenberger and Waters (USENIX Security 2011). A multi-function VC scheme allows the verifiable evaluation of multiple functions on the same preprocessed input. In the other direction, we also explore the construction of an ABE scheme from verifiable computation protocols.

Publicly verifiable delegation of large polynomials and matrix computations, with applications

Abstract: Outsourced computations (where a client requests a server to perform some computation on its behalf) are becoming increasingly important due to the rise of Cloud Computing and the proliferation of mobile devices. Since cloud providers may not be trusted, a crucial problem is the verification of the integrity and correctness of such computation, possibly in a public way, i.e., the result of a computation can be verified by any third party, and requires no secret key -- akin to a digital signature on a message. We present new protocols for publicly verifiable secure outsourcing of Evaluation of High Degree Polynomials and Matrix Multiplication. Compared to previously proposed solutions, ours improve in efficiency and offer security in a stronger model. The paper also discusses several practical applications of our protocols.

Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers

Abstract: Outsourcing data to cloud servers, while increasing service availability and reducing users' burden of managing data, inevitably brings in new concerns such as data privacy, since the server may be honest-but-curious. To mediate the conflicts between data usability and data privacy in such a scenario, research of searchable encryption is of increasing interest. Motivated by the fact that a cloud server, besides its curiosity, may be selfish in order to save its computation and/or download bandwidth, in this paper, we investigate the searchable encryption problem in the presence of a semi-honest-but-curious server, which may execute only a fraction of search operations honestly and return a fraction of search outcome honestly. To fight against this strongest adversary ever, a verifiable SSE (VSSE) scheme is proposed to offer verifiable searchability in additional to the data privacy, both of which are further confirmed by our rigorous security analysis. Besides, we treat the practicality/efficiency as a central requirement of a searchable encryption scheme. To demonstrate the lightweightness of our scheme, we implemented and tested the proposed VSSE on a laptop (serving as the server) and a mobile phone running Android 2.3.4 (serving as the end user). The experimental results optimistically suggest that the proposed scheme satisfies all of our design goals.

Building Verifiable Trusted Path on Commodity x86 Computers

Abstract: A trusted path is a protected channel that assures the secrecy and authenticity of data transfers between a user's input/output (I/O) device and a program trusted by that user We argue that, despite its incontestable necessity, current commodity systems do not support trusted path with any significant assurance This paper presents a hyper visor-based design that enables a trusted path to bypass an untrusted operating-system, applications, and I/O devices, with a minimal Trusted Computing Base (TCB) We also suggest concrete I/O architectural changes that will simplify future trusted-path system design Our system enables users to verify the states and configurations of one or more trusted-paths using a simple, secret less, hand-held device We implement a simple user-oriented trusted path as a case study

Non-interactive CCA-Secure threshold cryptosystems with adaptive security: new framework and constructions

Abstract: In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least t≤n servers need to contribute to the decryption process. A threshold primitive is said robust if no coalition of t malicious servers can prevent remaining honest servers from successfully completing private key operations. So far, most practical non-interactive threshold cryptosystems, where no interactive conversation is required among decryption servers, were only proved secure against static corruptions. In the adaptive corruption scenario (where the adversary can corrupt servers at any time, based on its complete view), all existing robust threshold encryption schemes that also resist chosen-ciphertext attacks (CCA) till recently require interaction in the decryption phase. A specific method (in composite order groups) for getting rid of interaction was recently suggested, leaving the question of more generic frameworks and constructions with better security and better flexibility (i.e., compatibility with distributed key generation). This paper describes a general construction of adaptively secure robust non-interactive threshold cryptosystems with chosen-ciphertext security. We define the notion of all-but-one perfectly sound threshold hash proof systems that can be seen as (threshold) hash proof systems with publicly verifiable and simulation-sound proofs. We show that this notion generically implies threshold cryptosystems combining the aforementioned properties. Then, we provide efficient instantiations under well-studied assumptions in bilinear groups (e.g., in such groups of prime order). These instantiations have a tighter security proof and are indeed compatible with distributed key generation protocols.

Ideal Hierarchical Secret Sharing Schemes

Abstract: Hierarchical secret sharing is among the most natural generalizations of threshold secret sharing, and it has attracted a lot of attention since the invention of secret sharing until nowadays. Several constructions of ideal hierarchical secret sharing schemes have been proposed, but it was not known what access structures admit such a scheme. We solve this problem by providing a natural definition for the family of the hierarchical access structures and, more importantly, by presenting a complete characterization of the ideal hierarchical access structures, that is, the ones admitting an ideal secret sharing scheme. Our characterization is based on the well-known connection between ideal secret sharing schemes and matroids and, more specifically, on the connection between ideal multipartite secret sharing schemes and integer polymatroids. In particular, we prove that every hierarchical matroid port admits an ideal linear secret sharing scheme over every large enough finite field. Finally, we use our results to present a new proof for the existing characterization of the ideal weighted threshold access structures.

Verifiable quantum (k, n)-threshold secret sharing

Abstract: In a conventional quantum (k, n) threshold scheme, a trusted party shares a quantum secret with n agents such that any k or more agents can cooperate to recover the original secret, while fewer than k agents obtain no information about the secret. Is the reconstructed quantum secret same with the original one? Or is the dishonest agent willing to provide a true share during the secret reconstruction? In this paper we reexamine the security of quantum (k, n) threshold schemes and show how to construct a verifiable quantum (k, n) threshold scheme by combining a qubit authentication process. The novelty of ours is that it can provide a mechanism for checking whether the reconstructed quantum secret is same with the original one. This mechanism can also attain the goal of checking whether the dishonest agent provides a false quantum share during the secret reconstruction such that the secret quantum state cannot be recovered correctly.

Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond.

Abstract: Functional encryption is a powerful primitive: given an encryption Enc(x) of a value x and a secret key skf corresponding to a circuit f , it enables efficient computation of f(x) without revealing any additional information about x. Constructing functional encryption schemes with succinct ciphertexts that guarantee security for even a single secret key (for a general function f ) is an important open problem with far reaching applications, which this paper addresses. Our main result is a functional encryption scheme for any general function f of depth d, with succinct ciphertexts whose size grows with the depth d rather than the size of the circuit for f . We prove the security of our construction based on the intractability of the learning with error (LWE) problem. More generally, we show how to construct a functional encryption scheme from any public-index predicate encryption scheme and fully homomorphic encryption scheme. Previously, the only known constructions of functional encryption were either for specific inner product predicates, or for a weak form of functional encryption where the ciphertext size grows with the size of the circuit for f . We demonstrate the power of this result, by using it to construct a reusable circuit garbling scheme with input and circuit privacy: an open problem that was studied extensively by the cryptographic community during the past 30 years since Yao’s introduction of a one-time circuit garbling method in the mid 80’s. Our scheme also leads to a new paradigm for general function obfuscation which we call token-based obfuscation. Furthermore, we show applications of our scheme to homomorphic encryption for Turing machines where the evaluation runs in input-specific time rather than worst case time, and to publicly verifiable and secret delegation.

Security limitations of using secret sharing for data outsourcing

Abstract: Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k=8.

Methods and systems for recording verifiable documentation

Abstract: Systems and methods for collecting information, verifying authenticity of such information, processing, maintaining, and managing such information are described. The system can be a standalone unit or can comprise a combination of various units configured to function together.

Nonthreshold quantum secret-sharing schemes in the graph-state formalism

Abstract: In a recent work, Markham and Sanders have proposed a framework to study quantum secret sharing (QSS) schemes using graph states. This framework unified three classes of QSS protocols, namely, sharing classical secrets over private and public channels, and sharing quantum secrets. However, most work on secret sharing based on graph states focused on threshold schemes. In this paper, we focus on general access structures. We show how to realize a large class of arbitrary access structures using the graph state formalism. We show an equivalence between $[[n,1]]$ binary quantum codes and graph state secret sharing schemes sharing one bit. We also establish a similar (but restricted) equivalence between a class of $[[n,1]]$ Calderbank-Shor-Steane (CSS) codes and graph state QSS schemes sharing one qubit. With these results we are able to construct a large class of quantum secret sharing schemes with arbitrary access structures.

Extending ECC-based RFID authentication protocols to privacy-preserving multi-party grouping proofs

Abstract: Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability, security and/or privacy problems. In this article, we extend the notion of public-key RFID authentication protocols and propose a privacy-preserving multi-party grouping-proof protocol which relies exclusively on the use of elliptic curve cryptography (ECC). It allows to generate a proof which is verifiable by a trusted verifier in an offline setting, even when readers or tags are potentially untrusted, and it is privacy-preserving in the setting of a narrow-strong attacker. We also demonstrate that our RFID grouping-proof protocol can easily be extended to use cases with more than two tags, without any additional cost for an RFID tag. To illustrate the implementation feasibility of our proposed solutions, we present a novel ECC hardware architecture designed for RFID.

Visual secret sharing for general access structures by random grids

Abstract: Visual secret sharing (VSS) is a way to protect a secret image among a group of participants by using the notions of perfect ciphers and secret sharing. However, each share generated by conventional VSS is m times as big as the original secret image, where m is called pixel expansion. Random grid (RG) is an alternative approach to implement VSS without pixel expansion. However, reported RG-based VSS methods are threshold schemes. In this study, RG-based VSS for general access structures is presented. Secret image is encoded into n RGs while qualified sets can recover the secret visually and forbidden sets cannot. The proposed scheme is a generalisation of the threshold methods, where those reported RG-based schemes can be considered as the special cases of the proposed scheme. Experimental results are provided, demonstrating the effectiveness and advantages of the proposed scheme.

Verifiable data streaming

Abstract: In a verifiable data streaming protocol, the client streams a long string to the server who stores it in its database. The stream is verifiable in the sense that the server can neither change the order of the elements nor manipulate them. The client may also retrieve data from the database and update them. The content of the database is publicly verifiable such that any party in possession of some value $s$ and a proof O can check that s is indeed in the database.We introduce the notion of verifiable data streaming and present an efficient instantiation that supports an exponential number of values based on general assumptions. Our main technique is an authentication tree in which the leaves are not fixed in advanced such that the user, knowing some trapdoor, can authenticate a new element on demand without pre- or re-computing all other leaves. We call this data structure chameleon authentication tree (CAT). We instantiate our scheme with primitives that are secure under the discrete logarithm assumption. The algebraic properties of this assumption allow us to obtain a very efficient verification algorithm. As a second application of CATs, we present a new transformation from any one-time to many-time signature scheme that is more efficient than previously known solutions.

BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems

Abstract: Audit logs are an integral part of modern computer systems due to their forensic value. Protecting audit logs on a physically unprotected machine in hostile environments is a challenging task, especially in the presence of active adversaries. It is critical for such a system to have forward security and append-only properties such that when an adversary compromises a logging machine, she cannot forge or selectively delete the log entries accumulated before the compromise. Existing public-key-based secure logging schemes are computationally costly. Existing symmetric secure logging schemes are not publicly verifiable and open to certain attacks.In this article, we develop a new forward-secure and aggregate signature scheme called Blind-Aggregate-Forward (BAF), which is suitable for secure logging in resource-constrained systems. BAF is the only cryptographic secure logging scheme that can produce publicly verifiable, forward-secure and aggregate signatures with low computation, key/signature storage, and signature communication overheads for the loggers, without requiring any online trusted third party support. A simple variant of BAF also allows a fine-grained verification of log entries without compromising the security or computational efficiency of BAF. We prove that our schemes are secure in Random Oracle Model (ROM). We also show that they are significantly more efficient than all the previous publicly verifiable cryptographic secure logging schemes.

Socio-Rational Secret Sharing as a New Direction in Rational Cryptography

Abstract: Rational secret sharing was proposed by Halpern and Teague in [8]. The authors show that, in a setting with rational players, secret sharing and multiparty computation are only possible if the actual secret reconstruction round remains unknown to the players. All the subsequent works use a similar approach with different assumptions.

Reducing the Quantum Communication Cost of Quantum Secret Sharing

Abstract: We demonstrate a new construction for perfect quantum secret sharing (QSS) schemes based on imperfect “ramp” secret sharing combined with classical encryption, in which the individual parties' shares are split into quantum and classical components, allowing the former to be of lower dimension than the secret itself. We show that such schemes can be performed with smaller quantum components and lower overall quantum communication than required for existing methods. We further demonstrate that one may combine both imperfect quantum and imperfect classical secret sharing to produce an overall perfect QSS scheme, and that examples of such schemes (which we construct) can have the smallest quantum and classical share components possible for their access structures, something provably not achievable using perfect underlying schemes. Our construction has significant potential for being adapted to other QSS schemes based on stabilizer codes.

When Reality Comes Knocking Norwegian Experiences with Verifiable Electronic Voting.

Abstract: This paper discusses the Norwegian experiences in piloting a verifiable, remote voting system in a legally binding, public election First, we provide a highlevel description of the system used We then go into detail about the major challenges that were encountered in the implementation and execution of the system In particular, the generation and printing of return codes and the key management are described in detail We also discuss the relationship between the Norwegian Electoral Management Body and the system integrators, indicating how verifiability may enable new models of cooperation

A novel and efficient multiparty quantum secret sharing scheme using entangled states

Abstract: We proposed a novel and efficient multiparty quantum secret sharing scheme using entangled state which in that the number of parties can be arbitrary large. The state which we used, has special properties that make our scheme simple and safe. The operations which are needed to recover secret message, are only exclusive-or addition and complement operation. Moreover it is shown that this scheme is secure against eavesdropping. Also this scheme provides the best quantum bit efficiency compared with some famous quantum secret sharing schemes.

A publicly verifiable lossless watermarking scheme for copyright protection and ownership assertion

Abstract: In this paper, a discrete cosine transform based copyright protection scheme that does not require the original image for logo verification is proposed. Features of logistic map and discrete cosine transform are used to generate the verification map. Digital signature and timestamp are used to make copyright proving publicly verifiable. We have combined cryptographic tools and digital watermarking, in order to enhance the security and reliability of copyright protection. In addition, chaotic map is used to generate a chaotic pattern image, which can be used as secret key to improve the security of proposed algorithm. Experiments are conducted to show the robustness and effectiveness of the proposed algorithm. Experimental results show that our scheme outperforms related works in most of the cases.

Distributed Key Generation in the Wild.

Abstract: Distributed key generation (DKG) has been studied extensively in the cryptographic literature. However, it has never been examined outside of the synchronous setting, and the known DKG protocols cannot guarantee safety or liveness over the Internet. In this work, we present the first realistic DKG protocol for use over the Internet. We propose a practical system model for the Internet and define an efficient verifiable secret sharing (VSS) scheme in it. We observe the necessity of Byzantine agreement for asynchronous DKG and analyze the difficulty of using a randomized protocol for it. Using our VSS scheme and a leader-based agreement protocol, we then design a provably secure DKG protocol. We also consider and achieve cryptographic properties such as uniform randomness of the shared secret and compare static versus adaptive adversary models. Finally, we implement our DKG protocol, and establish its efficiency and reliability by extensively testing it on the PlanetLab platform. Counter to a general non-scalability perception about asynchronous systems, our experiments demonstrate that our asynchronous DKG protocol scales well with the system size and it is suitable for realizing multiparty computation and threshold cryptography over the Internet.

Generalized semiquantum secret-sharing schemes

Abstract: We investigate quantum secret-sharing schemes constructed from ${[[n,k,\ensuremath{\delta}]]}_{D}$ nonbinary stabilizer quantum error-correcting codes with carrier qudits of prime dimension $D$. We provide a systematic way of determining the access structure, which completely determines the forbidden and intermediate structures. We then show that the information available to the intermediate structure can be fully described and quantified by what we call the information group, a subgroup of the Pauli group of $k$ qudits, and we employ this group structure to construct a method for hiding the information from the intermediate structure via twirling of the information group and sharing of classical bits between the dealer and the players. Our scheme allows for the transformation of a ramp (intermediate) quantum secret-sharing scheme into a semiquantum perfect secret-sharing scheme with the same access structure as the ramp one but without any intermediate subsets, and is optimal in the amount of classical bits the dealer has to distribute.

Plaintext Related Two-level Secret Key Image Encryption Scheme

Abstract: Some chaos-based image encryption schemes using plain-images independent secret code streams have weak encryption security and are vulnerable to chosen plaintext and chosen cipher-text attacks. This paper proposed a two-level secret key image encryption scheme, where the first-level secret key is the private symmetric secret key, and the second-level secret key is derived from both the first-level secret key and the plain image by iterating piecewise linear map and Logistic map. Even though the first-level key is identical, the different plain images will produce different second-level secret keys and different secret code streams. The results show that the proposed has high encryption speed, and also can effectively resist the existing cryptanalytic attacks. DOI: http://dx.doi.org/10.11591/telkomnika.v10i6.1599 Full Text: PDF