28 research outputs found
Efficient Threshold Secret Sharing Schemes Secure against Rushing Cheaters
In this paper, we consider three very important issues namely detection, identification and robustness of -out-of- secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares {\em after} observing shares of the honest users in the reconstruction phase. Towards this we present five different schemes. Among these, first we present two -out-of- secret sharing schemes, the first one being capable of detecting cheaters such that and the second one being capable of detecting cheaters such that , where denotes the set of all possible secrets, denotes the successful cheating probability of cheaters and denotes set all possible shares. Next we present two -out-of- secret sharing schemes, the first one being capable of identifying rushing cheaters with share size that satisfies . This is the first scheme whose size of shares does not grow linearly with but only with , where is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient -out-of- secret sharing scheme against rushing cheaters having the share size . The proposed scheme achieves {\em flexibility} in the sense that the security level (i.e. the cheater(s) success probability) is independent of the secret size. Finally, we design an efficient robust secret sharing secure against rushing adversary with optimal cheater resiliency.
Each of the five proposed schemes has the smallest share size having the mentioned properties among the existing schemes in the respective fields
Evolving Secret Sharing in Almost Semi-honest Model
Evolving secret sharing is a special kind of secret sharing where the number of shareholders is not known beforehand, i.e., at time t = 0. In classical secret sharing such a restriction was assumed inherently i.e., the the number of shareholders was given to the dealer’s algorithm as an input. Evolving secret sharing relaxes this condition. Pramanik and Adhikari left an open problem regarding malicious shareholders in the evolving setup, which we answer in this paper. We introduce a new cheating model, called the almost semi-honest model, where a shareholder who joins later can check the authenticity of share of previous ones. We use collision resistant hash function to construct such a secret sharing scheme with malicious node identification. Moreover, our scheme preserves the share size of Komargodski et al. (TCC 2016)
Evolving Secret Sharing with Essential Participants
Komargodski et.al. introduced {\em Evolving Secret Sharing} which allows an imaprtial participant, called \emph{dealer}, to share a secret among unbounded number of participants over any given access structure. In their construction for evolving secret sharing over general access structure, the size of share of the participant happens to be exponential . They also provided constructions for threshold secret sharing. We consider the problem of evolving secret sharing with essential participants, namely, over - access structure, a generalization of secret sharing . We further generalize this access structure to a possible case of unbounded number of essential participants and provide a construction for secret sharing on it. Both the constructions are information theoretically secure and reduce the share size of the construction due to Komargodski et.al. over general access structure, exponentially. Moreover, the essential participants receive ideal (and hence, optimal) shares in the first construction
Universal Construction of Cheater-Identifiable Secret Sharing Against Rushing Cheaters without Honest Majority
For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase, they can disturb the protocol and reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we propose the concepts of individual identification and agreed identification
Minimizing Setup in Broadcast-Optimal Two Round MPC
In this paper we consider two-round secure computation protocols which use different communication channels in different rounds: namely, protocols where broadcast is available in neither round, both rounds, only the first round, or only the second round. The prior works of Cohen, Garay and Zikas (Eurocrypt 2020) and Damgård, Magri, Ravi, Siniscalchi and Yakoubov (Crypto 2021) give tight characterizations of which security guarantees are achievable for various thresholds in each communication structure.
In this work, we introduce a new security notion, namely, selective identifiable abort, which guarantees that every honest party either obtains the output, or aborts identifying one corrupt party (where honest parties may potentially identify different corrupted parties). We investigate what broadcast patterns in two-round MPC allow achieving this guarantee across various settings (such as with or without PKI, with or without an honest majority).
Further, we determine what is possible in the honest majority setting without a PKI, closing a question left open by Damgård et al. We show that without a PKI, having an honest majority does not make it possible to achieve stronger security guarantees compared to the dishonest majority setting. However, if two-thirds of the parties are guaranteed to be honest, identifiable abort is additionally achievable using broadcast only in the second round.
We use fundamentally different techniques from the previous works to avoid relying on private communication in the first round when a PKI is not available, since assuming such private channels without the availability of public encryption keys is unrealistic. We also show that, somewhat surprisingly, the availability of private channels in the first round does not enable stronger security guarantees unless the corruption threshold is one
Broadcast-Optimal Two Round MPC with Asynchronous Peer-to-Peer Channels
In this paper we continue the study of two-round broadcast-optimal MPC, where broadcast is used in one of the two rounds, but not in both. We consider the realistic scenario where the round that does not use broadcast is asynchronous. Since a first asynchronous round (even when followed by a round of broadcast) does not admit any secure computation, we introduce a new notion of asynchrony which we call -asynchrony. In this new notion of asynchrony, an adversary can delay or drop up to of a given party\u27s incoming messages; we refer to as the deafness threshold. Similarly, the adversary can delay or drop up to of a given party\u27s outgoing messages; we refer to as the muteness threshold.
We determine which notions of secure two-round computation are achievable when the first round is -asynchronous, and the second round is over broadcast. Similarly, we determine which notions of secure two-round computation are achievable when the first round is over broadcast, and the second round is (fully) asynchronous. We consider the cases where a PKI is available, when only a CRS is available but private communication in the first round is possible, and the case when only a CRS is available and no private communication is possible before the parties have had a chance to exchange public keys
Secure Routing and Medium Access Protocols inWireless Multi-hop Networks
While the rapid proliferation of mobile devices along with the tremendous growth of various applications using
wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality
services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless
multi-hop networks has recently received considerable attention in the research community. These relevant security
issues are fundamentally different from those of wireline networks due to the special characteristics of
wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues
are extremely hard to cope with due to the absence of trust relationships between the nodes.
To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers
misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR,
and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows.
As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the
other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose
effective countermeasures.
As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless
Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters)
to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also
introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with
IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest
rather than punishing them
Round-Optimal Multi-party Computation with Identifiable Abort
Secure multi-party computation (MPC) protocols that are resilient to a dishonest majority allow the adversary to get the output of the computation while, at the same time, forcing the honest parties to abort. Aumann and Lindell introduced the enhanced notion of security with identifiable abort, which still allows the adversary to trigger an abort but, at the same time, it enables the honest parties to agree on the identity of the party that led to the abort. More recently, in Eurocrypt 2016, Garg et al. showed that, assuming access to a simultaneous message exchange channel for all the parties, at least four rounds of communication are required to securely realize non-trivial functionalities in the plain model.
Following Garg et al., a sequence of works has matched this lower bound, but none of them achieved security with identifiable abort. In this work, we close this gap and show that four rounds of communication are also sufficient to securely realize any functionality with identifiable abort using standard and generic polynomial-time assumptions. To achieve this result we introduce the new notion of bounded-rewind secure MPC that guarantees security even against an adversary that performs a mild form of reset attacks. We show how to instantiate this primitive starting from any MPC protocol and by assuming trapdoor-permutations.
The notion of bounded-rewind secure MPC allows for easier parallel composition of MPC protocols with other (interactive) cryptographic primitives. Therefore, we believe that this primitive can be useful in other contexts in which it is crucial to combine multiple primitives with MPC protocols while keeping the round complexity of the final protocol low