Linear threshold multisecret sharing schemes

In a multisecret sharing scheme, several secret values are distributed among a set of n users, and each secret may have a differ- ent associated access structure. We consider here unconditionally secure schemes with multithreshold access structures. Namely, for every subset P of k users there is a secret key that can only be computed when at least t of them put together their secret information. Coalitions with at most w users with less than t of them in P cannot obtain any information about the secret associated to P. The main parameters to optimize are the length of the shares and the amount of random bits that are needed to set up the distribution of shares, both in relation to the length of the secret. In this paper, we provide lower bounds on this parameters. Moreover, we present an optimal construction for t = 2 and k = 3, and a construction that is valid for all w, t, k and n. The models presented use linear algebraic techniques.Peer ReviewedPostprint (author’s final draft

A Study on Multisecret-Sharing Schemes Based on Linear Codes

Secret sharing has been a subject of study since 1979. In the secret sharing schemes there are some participants and a dealer. The dealer chooses a secret. The main principle is to distribute a secret amongst a group of participants. Each of whom is called a share of the secret. The secret can be retrieved by participants. Clearly the participants combine their shares to reach the secret. One of the secret sharing schemes is  threshold secret sharing scheme. A  threshold secret sharing scheme is a method of distribution of information among  participants such that  can recover the secret but  cannot. The coding theory has been an important role in the constructing of the secret sharing schemes. Since the code of a symmetric  design is a linear code, this study is about the multisecret-sharing schemes based on the dual code  of  code  of a symmetric  design. We construct a multisecret-sharing scheme Blakley’s construction of secret sharing schemes using the binary codes of the symmetric design. Our scheme is a threshold secret sharing scheme. The access structure of the scheme has been described and shows its connection to the dual code. Furthermore, the number of minimal access elements has been formulated under certain conditions. We explain the security of this scheme

Localised multisecret sharing

localised multisecret sharing scheme is a multisecret sharing scheme for an ordered set of players in which players in the smallest sets who are authorised to access secrets are close together in the underlying ordering. We define threshold versions of localised multisecret sharing schemes, we provide lower bounds on the share size of perfect localised multisecret sharing schemes in an information theoretic setting, and we give explicit constructions of schemes to show that these bounds are tight. We then analyse a range of approaches to relaxing the model that provide trade-offs between the share size and the level of security guarantees provided by the scheme, in order to permit the construction of schemes with smaller shares. We show how these techniques can be used in the context of an application to key distribution for RFID-based supply-chain management motivated by the proposal of Juels, Pappu and Parno from USENIX 2008

An Epitome of Multi Secret Sharing Schemes for General Access Structure

Secret sharing schemes are widely used now a days in various applications, which need more security, trust and reliability. In secret sharing scheme, the secret is divided among the participants and only authorized set of participants can recover the secret by combining their shares. The authorized set of participants are called access structure of the scheme. In Multi-Secret Sharing Scheme (MSSS), k different secrets are distributed among the participants, each one according to an access structure. Multi-secret sharing schemes have been studied extensively by the cryptographic community. Number of schemes are proposed for the threshold multi-secret sharing and multi-secret sharing according to generalized access structure with various features. In this survey we explore the important constructions of multi-secret sharing for the generalized access structure with their merits and demerits. The features like whether shares can be reused, participants can be enrolled or dis-enrolled efficiently, whether shares have to modified in the renewal phase etc., are considered for the evaluation

One-out-of-qq OT Combiners

In $1$-out-of-$q$ Oblivious Transfer (OT) protocols, a sender Alice is able to send one of $q\ge 2$ messages to a receiver Bob, all while being oblivious to which message was transferred. Moreover, the receiver learns only one of these messages. Oblivious Transfer combiners take $n$ instances of OT protocols as input, and produce an OT protocol that is secure if sufficiently many of the $n$ original OT instances are secure. We present new $1$-out-of-$q$ OT combiners that are perfectly secure against active adversaries. Our combiners arise from secret sharing techniques. We show that given an $\mathbb{F}_q$-linear secret sharing scheme on a set of $n$ participants and adversary structure $\mathcal{A}$, we can construct $n$-server, $1$-out-of-$q$ OT combiners that are secure against an adversary corrupting either Alice and a set of servers in $\mathcal{A}$, or Bob and a set of servers $B$ with $\bar{B}\notin\mathcal{A}$. If the normalized total share size of the scheme is $\ell$, then the resulting OT combiner requires $\ell$ calls to OT protocols, and the total amount of bits exchanged during the protocol is $(q^2+q+1)\ell\log q$. We also present a construction based on $1$-out-of-$2$ OT combiners that uses the protocol of Crépeau, Brassard and Robert (FOCS 1986). This construction provides smaller communication costs for certain adversary structures, such as threshold ones: For any prime power $q\geq n$, there are $n$-server, $1$-out-of-$q$ OT combiners that are perfectly secure against active adversaries corrupting either Alice or Bob, and a minority of the OT candidates, exchanging $O(qn\log q)$ bits in total

New results and applications for multi-secret sharing schemes

In a multi-secret sharing scheme (MSSS), different secrets are distributed among the players in some set , each one according to an access structure. The trivial solution to this problem is to run independent instances of a standard secret sharing scheme, one for each secret. In this solution, the length of the secret share to be stored by each player grows linearly with (when keeping all other parameters fixed). Multi-secret sharing schemes have been studied by the cryptographic community mostly from a theoretical perspective: different models and definitions have been proposed, for both unconditional (information-theoretic) and computational security. In the case of unconditional security, there are two different definitions. It has been proved that, for some particular cases of access structures that include the threshold case, a MSSS with the strongest level of unconditional security must have shares with length linear in . Therefore, the optimal solution in this case is equivalent to the trivial one. In this work we prove that, even for a more relaxed notion of unconditional security, and for some kinds of access structures (in particular, threshold ones), we have the same efficiency problem: the length of each secret share must grow linearly with . Since we want more efficient solutions, we move to the scenario of MSSSs with computational security. We propose a new MSSS, where each secret share has constant length (just one element), and we formally prove its computational security in the random oracle model. To the best of our knowledge, this is the first formal analysis on the computational security of a MSSS. We show the utility of the new MSSS by using it as a key ingredient in the design of two schemes for two new functionalities: multi-policy signatures and multi-policy decryption. We prove the security of these two new multi-policy cryptosystems in a formal security model. The two new primitives provide similar functionalities as attribute-based cryptosystems, with some advantages and some drawbacks that we discuss at the end of this work.Peer ReviewedPostprint (author’s final draft