Topic
Verifiable secret sharing
About: Verifiable secret sharing is a research topic. Over the lifetime, 4241 publications have been published within this topic receiving 99569 citations.
Papers published on a yearly basis
Papers
More filters
••
31 Jul 2009TL;DR: This work applies the recent Groth-Sahai proof system for pairing product equations to two related cryptographic problems: compact e-cash and simulatable verifiable random functions, and obtains the first efficient fully simulatable sVRF with a polynomial sized output domain.
Abstract: Efficient non-interactive zero-knowledge proofs are a powerful tool for solving many cryptographic problems. We apply the recent Groth-Sahai (GS) proof system for pairing product equations (Eurocrypt 2008) to two related cryptographic problems: compact e-cash (Eurocrypt 2005) and simulatable verifiable random functions (CRYPTO 2007). We present the first efficient compact e-cash scheme that does not rely on a random oracle. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter).
75 citations
••
TL;DR: It is shown the first agent and the last agent can obtain all the secret without introducing any error in Zhang's et al. multiparty QSSCM scheme by a special attack with quantum teleportation.
74 citations
••
TL;DR: It is shown that the necessary amount of communication, termed “decoding bandwidth”, decreases as the number of parties that participate in decoding increases, and a tight lower bound on the decoding bandwidth is proved.
Abstract: A secret sharing scheme is a method to store information securely and reliably Particularly, in a threshold secret sharing scheme , a secret is encoded into $n$ shares, such that any set of at least $t_{1}$ shares suffice to decode the secret, and any set of at most $t_{2} shares reveal no information about the secret Assuming that each party holds a share and a user wishes to decode the secret by receiving information from a set of parties; the question we study is how to minimize the amount of communication between the user and the parties We show that the necessary amount of communication, termed “decoding bandwidth”, decreases as the number of parties that participate in decoding increases We prove a tight lower bound on the decoding bandwidth, and construct secret sharing schemes achieving the bound Particularly, we design a scheme that achieves the optimal decoding bandwidth when $d$ parties participate in decoding, universally for all $t_{1} \le d \le n$ The scheme is based on a generalization of Shamir’s secret sharing scheme and preserves its simplicity and efficiency In addition, we consider the setting of secure distributed storage where the proposed communication efficient secret sharing schemes not only improve decoding bandwidth but further improve disk access complexity during decoding
74 citations
••
TL;DR: This work proposes a zero-knowledge authentication scheme called pseudo trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function.
Abstract: Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called pseudo trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on zero-knowledge proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include (1) no need for a centralized trusted party or CA, (2) high scalability and security, (3) low traffic and cryptography processing overheads, and (4) man-in-middle attack resistance.
74 citations
••
21 Feb 2007TL;DR: This work constructs public-key obfuscations of a decryption shuffle based on the Boneh-Goh-Nissim (BGN) cryptosystem and a re-encryption shufflebased on the Paillier cryptos system that allow efficient distributed verifiable decryption.
Abstract: We show how to obfuscate a secret shuffle of ciphertexts: shuffling becomes a public operation. Given a trusted party that samples and obfuscates a shuffle before any ciphertexts are received, this reduces the problem of constructing a mix-net to verifiable joint decryption.
We construct public-key obfuscations of a decryption shuffle based on the Boneh-Goh-Nissim (BGN) cryptosystem and a re-encryption shuffle based on the Paillier cryptosystem. Both allow efficient distributed verifiable decryption.
Finally, we give a distributed protocol for sampling and obfuscating each of the above shuffles and show how it can be used in a trivial way to construct a universally composable mix-net. Our constructions are practical when the number of senders N is small, yet large enough to handle a number of practical cases, e.g. N = 350 in the BGN case and N = 2000 in the Paillier case.
73 citations