Secret sharing with reusable polynomials

Abstract. We present a threshold secret sharing scheme based on poly-nomial interpolation and the Die-Hellman problem. In this scheme shares can be used for the reconstruction of multiple secrets, sharehold-ers can dynamically join or leave without distributing new shares to the existing shareholders, and shares can be individually veried during both share distribution and secret recovery.

A Survey on Confidential Cloud Data under Secure Key Exposure

Latest records display a effective attacker which breaks facts confidentiality with the resource of obtaining cryptographic keys, by using the usage of way of coercion or backdoors in cryptographic software program. As soon as the encryption secrets uncovered, the only possible diploma to maintain information confidentiality is to restrict the attacker’s access to the ciphertext. This can be finished, as an instance, with the resource of spreading ciphertext blocks in the course of servers in a couple of administrative domain names, therefore assuming that the adversary cannot compromise them all. However, if data is encrypted with present schemes, an adversary prepared with the encryption key, can nevertheless compromise an unmarried server and decrypt the ciphertext blocks saved therein. On this paper, we observe records confidentiality in opposition to an adversary which knows the encryption key and has get admission to a massive fraction of the ciphertext blocks. To this quit, we advise Bastion, a singular and green scheme that ensures data confidentiality notwithstanding the reality that the encryption secrets leaked and the adversary has access to nearly all ciphertext blocks. We analyze the security of Bastion, and we examine its standard overall performance via manner of a prototype implementation. We also talk realistic insights with admire to the combination of Bastion in business dispersed garage structures. Our evaluation results endorse that Bastion is well-applicable for integration in existing structures since it incurs less than 5% overhead compared to existing semantically relaxed encryption modes

Securing Cloud Data in the New Attacker Model

The world just witnessed the surge of a new and powerful attacker, which was able to coerce operators and acquire the necessary keys to break the privacy of users. Once the encryption key is exposed, the only viable measure to preserve data confidentiality is to limit the adversary’s access to the ciphertext. This may be achieved, for example, using multi-cloud storage systems. These systems spread data across multiple servers in different administrative domains, to cater for availability and fault tolerance. If the adversary can only compromise a subset of these domains, multi-cloud storage systems may prevent the adversary from accessing the entire ciphertext. However, if data is encrypted using existing encryption schemes, spreading the ciphertext on multiple servers does not entirely solve the problem since an adversary which has the encryption key, can still compromise single servers and decrypt the ciphertext stored therein. In this paper, we leverage multi-cloud storage systems to provide data confidentiality against an adversary which has access to the encryption key, and can compromise a large fraction of the storage servers. For this purpose, we first introduce a novel security definition that captures data confidentiality in the new adversarial model. We then propose Bastion, a primitive that is secure according to our definition and, therefore, guarantees data confidentiality even when the encryption key is exposed, as long as the adversary cannot compromise all storage servers. We analyze the security of Bastion, and we evaluate its performance by means of a prototype implementation. Our results show that Bastion incurs less than 5% overhead compared to existing semantically secure encryption modes. We also discuss practical insights with respect to the integration of Bastion in commercial multi-cloud storage systems

Contextualizing Alternative Models of Secret Sharing

A secret sharing scheme is a means of distributing information to a set of players such that any authorized subset of players can recover a secret and any unauthorized subset does not learn any information about the secret. In over forty years of research in secret sharing, there has been an emergence of new models and extended capabilities of secret sharing schemes. In this thesis, we study various models of secret sharing and present them in a consistent manner to provide context for each definition. We discuss extended capabilities of secret sharing schemes, including a comparison of methods for updating secrets via local computations on shares and an analysis of approaches to reproducing/repairing shares. We present an analysis of alternative adversarial settings which have been considered in the area of secret sharing. In this work, we present a formalization of a deniability property which is inherent to some classical secret sharing schemes. We provide new, game-based definitions for different notions of verifiability and robustness. By using consistent terminology and similar game-based definitions, we are able to demystify the subtle differences in each notion raised in the literature

Towards Shared Ownership in the Cloud

Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to the notion of shared ownership. This can be a significant limitation in many collaborations because, for example, one owner can delete files and revoke access without consulting the other collaborators. In this paper, we first formally define a notion of shared ownership within a file access control model. We then propose two possible instantiations of our proposed shared ownership model. Our first solution, called Commune, relies on secure file dispersal and collusion-resistant secret sharing to ensure that all access grants in the cloud require the support of an agreed threshold of owners. As such, Commune can be used in existing clouds without modifications to the platforms. Our second solution, dubbed Comrade, leverages the blockchain technology in order to reach consensus on access control decision. Unlike Commune, Comrade requires that the cloud is able to translate access control decisions that reach consensus in the blockchain into storage access control rules, thus requiring minor modifications to existing clouds. We analyze the security of our proposals and compare/evaluate their performance through implementation integrated with Amazon S3

Secret sharing using artificial neural network

Secret sharing is a fundamental notion for secure cryptographic design. In a secret sharing scheme, a set of participants shares a secret among them such that only pre-specified subsets of these shares can get together to recover the secret. This dissertation introduces a neural network approach to solve the problem of secret sharing for any given access structure. Other approaches have been used to solve this problem. However, the yet known approaches result in exponential increase in the amount of data that every participant need to keep. This amount is measured by the secret sharing scheme information rate. This work is intended to solve the problem with better information rate

Conditionally Secure Secret Sharing Schemes with Disenrollment Capability

The paper describes an implementation of Shamir secret sharing schemes based on exponentiation in Galois fields. It is shown how to generate shares so the scheme has the disenrollment capability. Next a family of conditionally secure Shamir schemes is defined and the disenrollment capability is investigated for the family. The paper also examines a problem of covert channels which are present in any secret sharing scheme. Keywords: Computer Security, Cryptography, Group Oriented Cryptography, Secret Sharing, Threshold Schemes. 1 Introduction A secret sharing scheme allows authorized groups of users to recreate a secret key by pooling their shares (shadows) of the key, but single users or unauthorized groups are unable to recreate the key. The first secret sharing schemes (called threshold schemes) were invented independently by Shamir [17] and Blakley[2]). Secret sharing schemes should be designed so that if some of the shares of the key are lost or stolen -- invalidated, the remaini..

Federal Register

Daily publication of the U.S. Office of the Federal Register contains rules and regulations, proposed legislation and rule changes, and other notices, including "Presidential proclamations and Executive Orders, Federal agency documents having general applicability and legal effect, documents required to be published by act of Congress, and other Federal agency documents of public interest" (p. ii). Table of Contents starts on page iii

Federal Register

Daily publication of the U.S. Office of the Federal Register contains rules and regulations, proposed legislation and rule changes, and other notices, including "Presidential proclamations and Executive Orders, Federal agency documents having general applicability and legal effect, documents required to be published by act of Congress, and other Federal agency documents of public interest" (p. ii). Table of Contents starts on page iii