A Secret Sharing Scheme Based on Group Presentations and the Word Problem

A (t,n)-threshold secret sharing scheme is a method to distribute a secret among n participants in such a way that any t participants can recover the secret, but no t-1 participants can. In this paper, we propose two secret sharing schemes using non-abelian groups. One scheme is the special case where all the participants must get together to recover the secret. The other one is a (t,n)-threshold scheme that is a combination of Shamir's scheme and the group-theoretic scheme proposed in this paper.Comment: 8 page

Function and secret sharing extensions for Blakley and Asmuth-Bloom secret sharing schemes

Ankara : The Department of Computer Engineering and the Institute of Engineering and Science of Bilkent University, 2009.Thesis (Master's) -- Bilkent University, 2009.Includes bibliographical references leaves 65-69.Threshold cryptography deals with situations where the authority to initiate or perform cryptographic operations is distributed amongst a group of individuals. Usually in these situations a secret sharing scheme is used to distribute shares of a highly sensitive secret, such as the private key of a bank, to the involved individuals so that only when a sufficient number of them can reconstruct the secret but smaller coalitions cannot. The secret sharing problem was introduced independently by Blakley and Shamir in 1979. They proposed two different solutions. Both secret sharing schemes (SSS) are examples of linear secret sharing. Many extensions and solutions based on these secret sharing schemes have appeared in the literature, most of them using Shamir SSS. In this thesis, we apply these ideas to Blakley secret sharing scheme. Many of the standard operations of single-user cryptography have counterparts in threshold cryptography. Function sharing deals with the problem of distribution of the computation of a function (such as decryption or signature) among several parties. The necessary values for the computation are distributed to the participants using a secret sharing scheme. Several function sharing schemes have been proposed in the literature with most of them using Shamir secret sharing as the underlying SSS. In this work, we investigate how function sharing can be achieved using linear secret sharing schemes in general and give solutions of threshold RSA signature, threshold Paillier decryption and threshold DSS signature operations. The threshold RSA scheme we propose is a generalization of Shoup’s Shamir-based scheme. It is similarly robust and provably secure under the static adversary model. In threshold cryptography the authorization of groups of people are decided simply according to their size. There are also general access structures in which any group can be designed as authorized. Multipartite access structures constitute an example of general access structures in which members of a subset are equivalent to each other and can be interchanged. Multipartite access structures can be used to represent any access structure since all access structures are multipartite. To investigate secret sharing schemes using these access structures, we used Mignotte and Asmuth-Bloom secret sharing schemes which are based on the Chinese remainder theorem (CRT). The question we tried to asnwer was whether one can find a Mignotte or Asmuth-Bloom sequence for an arbitrary access structure. For this purpose, we adapted an algorithm that appeared in the literature to generate these sequences. We also proposed a new SSS which solves the mentioned problem by generating more than one sequence.Bozkurt, İlker NadiM.S

Enabling Private Real-Time Applications by Exploiting the Links Between Erasure Coding and Secret Sharing Mechanisms

A huge amount of personal data is shared in real time by online users, increasingly using mobile devices and (unreliable) wireless channels. There is a large industry effort in aggregation and analysis of this data to provide personalised services, and a corresponding research effort to enable processing of such data in a secure and privacy preserving way. Secret sharing is a mechanism that allows private data sharing, revealing the information only to a select group. A parallel research effort has been invested in addressing the performance of real time mobile communication on lossy wireless channel, commonly improved by using erasure codes. In this thesis, we bring together the theoretically related fields of secret sharing and erasure coding, to provide a rich source of solutions to the two problem areas. Our aim is to enable solutions that deliver the required performance level while being efficient and implementable. The thesis has the following contributions. We evaluate the applicability of a new class of Maximum Distance Separable (MDS) erasure codes to transmission of real time content to mobile devices and demonstrate that the systematic code outperforms the non-systematic variant in regards to computation complexity and buffer size requirements, making it practical for mobile devices. We propose a new Layered secret sharing scheme for real time data sharing in Online Social Networks (OSNs). The proposed scheme enables automated profile sharing in OSN groups with fine-grained privacy control, via a multi-secret sharing scheme comprising of layered shares. The scheme does not require reliance on a trusted third party. Compared to independent sharing of specific profile attributes (e.g. text, images or video), the scheme does not leak any information about what is shared, including the number of attributes and it introduces a relatively small computation and communications overhead. Finally, we investigate the links between MDS codes and secret sharing schemes, motivated by the inefficiency of the commonly used Shamir scheme. We derive the theoretical links between MDS codes and secret sharing schemes and propose a novel MDS code based construction method for strong ramp schemes. This allows the use of existing efficient implementations of MDS codes for secret sharing and secure computing applications. We demonstrate that strong ramp schemes deliver a significant reduction of processing time and communication overhead, compared to Shamir scheme

A Rational Threshold Signature Model and Protocol Based on Different Permissions

This paper develops a novel model and protocol used in some specific scenarios, in which the participants of multiple groups with different permissions can finish the signature together. We apply the secret sharing scheme based on difference equation to the private key distribution phase and secret reconstruction phrase of our threshold signature scheme. In addition, our scheme can achieve the signature success because of the punishment strategy of the repeated rational secret sharing. Besides, the bit commitment and verification method used to detect players' cheating behavior acts as a contributing factor to prevent the internal fraud. Using bit commitments, verifiable parameters, and time sequences, this paper constructs a dynamic game model, which has the features of threshold signature management with different permissions, cheat proof, and forward security.Mathematics, AppliedSCI(E)[email protected]

On Sigma-Protocols and (packed) Black-Box Secret Sharing Schemes

$\Sigma$-protocols are a widely utilized, relatively simple and well understood type of zero-knowledge proofs. However, the well known Schnorr $\Sigma$-protocol for proving knowledge of discrete logarithm in a cyclic group of known prime order, and similar protocols working over this type of groups, are hard to generalize to dealing with other groups. In particular with hidden order groups, due to the inability of the knowledge extractor to invert elements modulo the order. In this paper, we introduce a universal construction of $\Sigma$-protocols designed to prove knowledge of preimages of group homomorphisms for any abelian finite group. In order to do this, we first establish a general construction of a $\Sigma$-protocol for $\mathfrak{R}$-module homomorphism given only a linear secret sharing scheme over the ring $\mathfrak{R}$, where zero knowledge and special soundness can be related to the privacy and reconstruction properties of the secret sharing scheme. Then, we introduce a new construction of 2-out-of-$n$ packed black-box secret sharing scheme capable of sharing $k$ elements of an arbitrary (abelian, finite) group where each share consists of $k+\log n-3$ group elements. From these two elements we obtain a generic ``batch\u27\u27 $\Sigma$-protocol for proving knowledge of $k$ preimages of elements via the same group homomorphism, which communicates $k+\lambda-3$ elements of the group to achieve $2^{-\lambda}$ knowledge error. For the case of class groups, we show that our $\Sigma$-protocol improves in several aspects on existing proofs for knowledge of discrete logarithm and other related statements that have been used in a number of works. Finally, we extend our constructions from group homomorphisms to the case of ZK-ready functions, introduced by Cramer and Damg\aa rd in Crypto 09, which in particular include the case of proofs of knowledge of plaintext (and randomness) for some linearly homomorphic encryption schemes such as Joye-Libert encryption. However, in the case of Joye-Libert, we show an even better alternative, using Shamir secret sharing over Galois rings, which achieves $2^{-k}$ knowledge soundness by communicating $k$ ciphertexts to prove $k$ statements

On the Conjunction of Network Security Requirements and Clustering: a New Framework for Reliable and Energy-efficient Communication

Several perspectives of network security and energy efficiency were investigated and a scheme is proposed for each. A new approach is introduced to enhance communication security among nodes based on the threshold secret sharing technique and traditional symmetric key management. In the proposed scheme, key distribution is online, which means key management is conducted whenever a message needs to be communicated.The cost and security analyses of the proposed scheme showed that its use enhances communication security among the nodes in networks that operate in hostile environments compared to related work. Another aspect of security is the storage and retrieval of data in energy-sensitive networks. The proposed scheme aims to provide an energy-efficient and secure in-network storage and retrieval protocol that could be applied to Wireless Sensor Networks. A predictive method is also proposed to adaptively instantiate the appropriate parameters for the threshold secret sharing technique. Simulations were utilized to illustrate the effect of several network parameters on energy consumption and to come up with optimal value recommendations for the parameters of the proposed secret sharing scheme. Analysis and experimentation showed that, by using the proposed technique, the confidentiality, dependability, and integrity of the sensed data are enhanced with fairly low communicational and computational overhead.Collaborating for in-network processing is another issue (along with security) that is a concern for energy-sensitive networks. This part of the proposed framework concerns introducing a new clustering algorithm to enhance the efficiency of resource assignment for the purpose of assigning just enough components to each service-requesting application while minimizing the overall distances among the cooperating components. The proposed algorithm groups the components of a network into different-size clusters and results in a clustered network in which most of the components in a cluster, which provides service to an application, are busy.Computer Scienc

Almost-perfect secret sharing

Splitting a secret s between several participants, we generate (for each value of s) shares for all participants. The goal: authorized groups of participants should be able to reconstruct the secret but forbidden ones get no information about it. In this paper we introduce several notions of non- perfect secret sharing, where some small information leak is permitted. We study its relation to the Kolmogorov complexity version of secret sharing (establishing some connection in both directions) and the effects of changing the secret size (showing that we can decrease the size of the secret and the information leak at the same time).Comment: Acknowledgments adde