A NOVEL APPROACH FOR VERIFIABLE SECRET SHARING IN PROACTIVE NETWORK USING RSA

We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that none of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed in the sharing phase. Gennaro, Ishai, Kushilevitz and Rabin showed that three rounds are necessary and sufficient when n > 3t. Sufficiency, however, was only demonstrated by means of an inefficient (i.e., exponential-time) protocol and the construction of inefficient three-round protocol were left as an open problem. In this paper, we present an efficient three-round protocol for VSS. The solution is based on a three-round solution of so-called weak verifiable secret sharing (WSS), for which we also prove that three rounds are a lower bound. Furthermore, we also demonstrate that one round is sufficient for WSS when n > 4t, and that VSS can be achieved in 1 + " amortized rounds (for any " > 0) when n > 3t

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.Comment: 20 pages, 7 figure

Asynchronous Proactive RSA

Nowadays, to model practical systems better, such as the Internet network and ad hoc networks, researchers usually regard these systems as asynchronous networks. Meanwhile, proactive secret sharing schemes are often employed to tolerate a mobile adversary. Considering both aspects, an asynchronous proactive threshold signature scheme is needed to keep computer systems secure. So far, two asynchronous proactive secret sharing schemes have been proposed. One is proposed by Zhou in 2001, which is for RSA schemes. The other scheme is proposed by Cachin in 2002, which is a proactive secret sharing scheme for discrete-log schemes. There exist several drawbacks in both schemes. In Zhou¡¯s scheme, the formal security proof of this scheme is missing. Furthermore, Zhou¡¯s scheme needs to resort to the system administrator as the trusted third party for further run when some Byzantine errors occur. In Cachin¡¯s scheme, the building block is based on the threshold RSA scheme proposed by Shoup. However, how to proactivize Shoup¡¯s scheme is omitted in Cachin¡¯s scheme, so this scheme is incomplete. In this paper, we present a complete provably secure asynchronous proactive RSA scheme (APRS). Our paper has four contributions. Firstly, we present a provably secure asynchronous verifiable secret sharing for RSA schemes (asynchronous verifiable additive secret sharing, AVASS), which is based on a verifiable additive secret sharing over integers. Secondly, we propose an asynchronous threshold RSA signature scheme that is based on the AVASS scheme and the random oracle model, and is capable of being proactivized. Thirdly, we present a provably secure threshold coin-tossing scheme on the basis of the above threshold RSA scheme. Fourthly, we propose an asynchronous proactive secret sharing based on the threshold RSA scheme and the coin-tossing scheme. Finally, combining the proactive secret sharing scheme and the threshold RSA scheme, we achieve a complete provably secure asynchronous proactive RSA scheme

Secret Sharing for Cloud Data Security

Cloud computing helps reduce costs, increase business agility and deploy solutions with a high return on investment for many types of applications. However, data security is of premium importance to many users and often restrains their adoption of cloud technologies. Various approaches, i.e., data encryption, anonymization, replication and verification, help enforce different facets of data security. Secret sharing is a particularly interesting cryptographic technique. Its most advanced variants indeed simultaneously enforce data privacy, availability and integrity, while allowing computation on encrypted data. The aim of this paper is thus to wholly survey secret sharing schemes with respect to data security, data access and costs in the pay-as-you-go paradigm

MPSS

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.MIT Barker Engineering Library copy: issued in leaves.Includes bibliographical references (p. 153-157).This thesis describes mobile proactive secret sharing (MPSS), an extension of proactive secret sharing. Mobile proactive secret sharing is much more flexible than proactive secret sharing in terms of group membership: instead of the group of shareholders being exactly the same from one epoch to the next, we allow the group to change arbitrarily. In addition, we allow for an increase or decrease of the threshold at each epoch. We give the first known efficient protocol for MPSS in the asynchronous network model. We present this protocol as a practical solution to the problem of long-term protection of a secret in a realistic network.by David Andrew Schultz.S.M

A New Strong Proactive Verifiable Secret Sharing Scheme with Unconditional Security

Title from PDF of title page, viewed on January 20, 2011.Thesis advisor: Lein Harn.Vita.Thesis (M.S.)--School of Computing and Engineering. University of Missouri--Kansas City, 2010.Includes bibliographic references (pages 55-58).In secret sharing scheme, the master secret and all the private shares (which are distributed by the dealer to the shareholders) are the two secrets which are to be maintained confidentially. In all the secret sharing schemes proposed till date, private shares are reused to reconstruct the master secret. But we proposed a new way of Proactive Secret Sharing Scheme in which, instead of renewing the private shares frequently at the beginning of each timeslot during the share renewal process, each time master secret is renewed. In this way private shares can be reused for a longer period of time and to construct different master secrets. In addition, after each renewing process, shareholders can work together to verify that their private shares are consistent without revealing private shares. We also proposed protocols to generate and renew master secret, authenticate public shares of the master secret, add or revoke shares and change threshold of the master secret. Thus an enhancement to Proactive Secret Sharing is proposed in this thesis and this unique feature simples the implementation of PSS as the change is to be made only to the master secret (central server) without effecting all private shares.Introduction -- Related Work -- Our Scheme -- Conclusion

Scalable Multi-domain Trust Infrastructures for Segmented Networks

Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Internet connection within an isolated or autonomously acting collection of devices? For this, a trusted entity can be elected to generate a key pair and then split the private key amongst trusted devices. Each node can then sign part of the transaction using their split of the shared secret. The aggregated signature can then define agreement on a consensus within the infrastructure. Unfortunately, this process has two significant problems. The first is when no trusted node can act as a dealer of the shares. The second is the difficulty of scaling the digital signature scheme. This paper outlines a method of creating a leaderless approach to defining trust domains to overcome weaknesses in the scaling of the elliptic curve digital signature algorithm. Instead, it proposes the usage of the Edwards curve digital signature algorithm for the definition of multiple trust zones. The paper shows that the computational overhead of the distributed key generation phase increases with the number of nodes in the trust domain but that the distributed signing has a relatively constant computational overhead