Simple and Asymptotically Optimal tt-Cheater Identifiable Secret Sharing Scheme

In this paper, we consider the problem of k-out-of-n secret sharing scheme, capable of identifying t cheaters. We design a very simple k-out-of-n secret sharing scheme, which can identify up to t cheaters, with probability at least 1 - \epsilon, where 0 < \epsilon < 1/2, provided t < k / 2. This is the maximum number of cheaters, which can be identified by any k-out-of-n secret sharing scheme, capable of identifying t cheaters (we call these schemes as Secret Sharing with Cheater Identification (SSCI)). In our scheme, the set of all possible i^{th} share V_i satisfies the condition that |V_i| = |S| / \epsilon^{3n}, where S denotes the set of all possible secrets. Moreover, our scheme requires polynomial computation. In EUROCRYPT 2011, Satoshi Obana presented two SSCI schemes, which can identify up to t < k / 2 cheaters. However, the schemes require |V_i| \approx (n (t+1) 2^{3t-1} |S|) / \epsilon and |V_i| \approx ((n t 2^{3t})^2 |S|) / (\epsilon^2)$ respectively. Moreover, both the schemes are computationally inefficient, as they require to perform exponential computation in general. So comparing our scheme with the schemes of Obana, we find that not only our scheme is computationally efficient, but in our scheme the share size is significantly smaller than that of Obana. Thus our scheme solves one of the open problems left by Obana, urging to design efficient SSCI scheme with t < k/2. In CRYPT0 1995, Kurosawa, Obana and Ogata have shown that in any SSCI scheme, |V_i| \geq (|S| - 1) / (\epsilon) + 1. Though our proposed scheme does not exactly matches this bound, we show that our scheme {\it asymptotically} satisfies the above bound. To the best of our knowledge, our scheme is the best SSCI scheme, capable of identifying the maximum number of cheaters

Universal Construction of Cheater-Identifiable Secret Sharing Against Rushing Cheaters without Honest Majority

For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase, they can disturb the protocol and reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we propose the concepts of individual identification and agreed identification

An Efficient tt-Cheater Identifiable Secret Sharing Scheme with Optimal Cheater Resiliency

In this paper, we present an efficient $k$-out-of-$n$ secret sharing scheme, which can identify up to $t$ rushing cheaters, with probability at least $1 - \epsilon$, where $0<\epsilon<1/2$, provided $t < k/2$. This is the optimal number of cheaters that can be tolerated in the setting of public cheater identification, on which we focus in this work. In our scheme, the set of all possible shares $V_i$ satisfies the condition that $|V_i|= \frac{(t+1)^{2n+k-3}|S|}{\epsilon^{2n+k-3}}$, where $S$ denotes the set of all possible secrets. In PODC-2012, Ashish Choudhury came up with an efficient $t$-cheater identifiable $k$-out-of-$n$ secret sharing scheme, which was a solution of an open problem proposed by Satoshi Obana in EUROCRYPT-2011. The share size, with respect to a secret consisting of one field element, of Choudhury\u27s proposal in PODC-2012 is $|V_i|=\frac{(t+1)^{3n}|S|}{\epsilon^{3n}}$. Therefore, our scheme presents an improvement in share size over the above construction. Hence, to the best of our knowledge, our proposal currently has the minimal share size among existing efficient schemes with optimal cheater resilience, in the case of a single secret

Insecurity of position-based quantum cryptography protocols against entanglement attacks

Recently, position-based quantum cryptography has been claimed to be unconditionally secure. In contrary, here we show that the existing proposals for position-based quantum cryptography are, in fact, insecure if entanglement is shared among two adversaries. Specifically, we demonstrate how the adversaries can incorporate ideas of quantum teleportation and quantum secret sharing to compromise the security with certainty. The common flaw to all current protocols is that the Pauli operators always map a codeword to a codeword (up to an irrelevant overall phase). We propose a modified scheme lacking this property in which the same cheating strategy used to undermine the previous protocols can succeed with a rate at most 85%. We conjecture that the modified protocol is unconditionally secure and prove this to be true when the shared quantum resource between the adversaries is a two- or three- level system

不正検知可能な準最適 (2, 2, n) ランプ型秘密分散

In this research, we consider a strong ramp secret sharing scheme that can detect cheating. A cheating-detectable (k, L, n) ramp secret sharing scheme has been studied so far, and a strong ramp secret sharing scheme which achieves lower bounds on the size of shares and random number used in encoding (i. e., share generation), and the success probability of impersonation attack has been presented. Now a challenging task is to achieve the lower bound on the success probability of substitution attack.In this paper, we present a strong (2, 2, n) ramp secret sharing scheme that almost achieves the lower bound on the success probability of substitution attack. The proposed scheme is the first to almost achieve the lower bound. Moreover the proposed scheme also achieves other lower bounds such as those on the size of shares and random number used in encoding, and the success probability of impersonation attack. We take a unique strategy to construct the scheme. Most existing works present generic type verification functions which can detect cheating for any linear and strong (k, L, n) ramp scheme. On the other hand, our proposed verification function (one of those which we call limited type verification functions) can detect cheating when used with a linear and strong (2, 2, n) ramp scheme satisfying a certain property

Quantum secret sharing based on Smolin states alone

It was indicated [Yu 2007 Phys. Rev. A 75 066301] that a previous proposed quantum secret sharing (QSS) protocol based on Smolin states [Augusiak 2006 Phys. Rev. A 73 012318] is insecure against an internal cheater. Here we build a different QSS protocol with Smolin states alone, and prove it to be secure against known cheating strategies. Thus we open a promising venue for building secure QSS using merely Smolin states, which is a typical kind of bound entangled states. We also propose a feasible scheme to implement the protocol experimentally.Comment: Published versio

Application of Recursive Algorithm on Shamir's Scheme Reconstruction for Cheating Detection and Identification

Information data protection is necessary to ward off and overcome various fraud attacks that may be encountered. A secret sharing scheme that implements cryptographic methods intends to maintain the security of confidential data by a group of trusted parties is the answer. In this paper, we choose the application of recursive algorithm on Shamir-based linear scheme as the primary method. In the secret reconstruction stage and since the beginning of the share distribution stage, these algorithms have been integrated by relying on a detection parameter to ensure that the secret value sought is valid. Although the obtained scheme will be much simpler because it utilizes the Vandermonde matrix structure, the security aspect of this scheme is not reduced. Indeed, it is supported by two detection parameters formulated from a recursive algorithm to detect cheating and identify the cheater(s). Therefore, this scheme is guaranteed to be unconditionally secure and has a high time efficiency (polynomial running time)

Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem

Secret sharing allows a secret key to be distributed among n persons, such that k(1 &lt;= k &lt;= n) of these must be present in order to recover it at a later time. This report first shows how this can be done such that every person can verify (by himself) that his part of the secret is correct even though fewer than k persons get no Shannon information about the secret. However, this high level of security is not needed in public key schemes, where the secret key is uniquely determined by a corresponding public key. It is therefore shown how such a secret key (which can be used to sign messages or decipher cipher texts) can be distributed. This scheme has the property, that even though everybody can verify his own part, sets of fewer than k persons cannot sign/decipher unless they could have done so given just the public key. This scheme has the additional property that more than k persons can use the key without compromising their parts of it. Hence, the key can be reused. This technique is further developed to be applied to undeniable signatures. These signatures differ from traditional signatures as they can only be verified with the signer's assistance. The report shows how the signer can authorize agents who can help verifying signatures, but they cannot sign (unless the signer permits it)