Secure aggregation of distributed information: How a team of agents can safely share secrets in front of a spy

We consider the generic problem of Secure Aggregation of Distributed Information (SADI), where several agents acting as a team have information distributed among them, modeled by means of a publicly known deck of cards distributed among the agents, so that each of them knows only her cards. The agents have to exchange and aggregate the information about how the cards are distributed among them by means of public announcements over insecure communication channels, intercepted by an adversary "eavesdropper", in such a way that the adversary does not learn who holds any of the cards. We present a combinatorial construction of protocols that provides a direct solution of a class of SADI problems and develop a technique of iterated reduction of SADI problems to smaller ones which are eventually solvable directly. We show that our methods provide a solution to a large class of SADI problems, including all SADI problems with sufficiently large size and sufficiently balanced card distributions

Perfectly secure data aggregation via shifted projections

We study a general scenario where confidential information is distributed among a group of agents who wish to share it in such a way that the data becomes common knowledge among them but an eavesdropper intercepting their communications would be unable to obtain any of said data. The information is modelled as a deck of cards dealt among the agents, so that after the information is exchanged, all of the communicating agents must know the entire deal, but the eavesdropper must remain ignorant about who holds each card. Valentin Goranko and the author previously set up this scenario as the secure aggregation of distributed information problem and constructed weakly safe protocols, where given any card $c$, the eavesdropper does not know with certainty which agent holds $c$. Here we present a perfectly safe protocol, which does not alter the eavesdropper's perceived probability that any given agent holds $c$. In our protocol, one of the communicating agents holds a larger portion of the cards than the rest, but we show how for infinitely many values of $a$, the number of cards may be chosen so that each of the $m$ agents holds more than $a$ cards and less than $2m^2a$

Unconditionally Secure Cryptography: Signature Schemes, User-Private Information Retrieval, and the Generalized Russian Cards Problem

We focus on three different types of multi-party cryptographic protocols. The first is in the area of unconditionally secure signature schemes, the goal of which is to provide users the ability to electronically sign documents without the reliance on computational assumptions needed in traditional digital signatures. The second is on cooperative protocols in which users help each other maintain privacy while querying a database, called user-private information retrieval protocols. The third is concerned with the generalized Russian cards problem, in which two card players wish to communicate their hands to each other via public announcements without the third player learning the card deal. The latter two problems have close ties to the field of combinatorial designs, and properly fit within the field of combinatorial cryptography. All of these problems have a common thread, in that they are grounded in the information-theoretically secure or unconditionally secure setting

Crossing Hands in the Russian Cards Problem

When communicating using an unconditionally secure protocol, a sender and receiver is able to transmit secret information over a public, insecure channel without fear of the secret being intercepted by a third party. The Russian cards problem is an example of an unconditionally secure protocol where the communication is fully understandable for everyone listening in. Even though everyone can understand what is being said, only the sender and receiver are able to uncover the secrets being transmitted. In this thesis we investigate the interaction among the communicating parties. By extending existing problem-specific software we are able to more efficiently analyze protocols, and we are therefore able to provide an answer to an open problem in the literature. We provide a completely new solution to the Russian cards protocol and show that it fulfills all requirements by the problem. Discovering this new solution provides the person initiating the protocol two new strategies to choose from when constructing the initial announcement of the protocol.Masteroppgave i informasjonsvitenskapINFO39

Hash Families and Cover-Free Families with Cryptographic Applications

This thesis is focused on hash families and cover-free families and their application to problems in cryptography. We present new necessary conditions for generalized separating hash families, and provide new explicit constructions. We then consider three cryptographic applications of hash families and cover-free families. We provide a stronger de nition of anonymity in the context of shared symmetric key primitives and give a new scheme with improved anonymity properties. Second, we observe that nding the invalid signatures in a set of digital signatures that fails batch veri cation is a group testing problem, then apply and compare many group testing algorithms to solve this problem e ciently. In particular, we apply group testing algorithms based on cover-free families. Finally, we construct a one-time signature scheme based on cover-free families with short signatures