Efficient Threshold Secret Sharing Schemes Secure against Rushing Cheaters

In this paper, we consider three very important issues namely detection, identification and robustness of $k$-out-of-$n$ secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares {\em after} observing shares of the honest users in the reconstruction phase. Towards this we present five different schemes. Among these, first we present two $k$-out-of-$n$ secret sharing schemes, the first one being capable of detecting $(k-1)/3$ cheaters such that $|V_i|=|S|/\epsilon^3$ and the second one being capable of detecting $n-1$ cheaters such that $|V_i|=|S|/\epsilon^{k+1}$, where $S$ denotes the set of all possible secrets, $\epsilon$ denotes the successful cheating probability of cheaters and $V_i$ denotes set all possible shares. Next we present two $k$-out-of-$n$ secret sharing schemes, the first one being capable of identifying $(k-1)/3$ rushing cheaters with share size $|V_i|$ that satisfies $|V_i|=|S|/\epsilon^k$. This is the first scheme whose size of shares does not grow linearly with $n$ but only with $k$, where $n$ is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient $k$-out-of-$n$ secret sharing scheme against rushing cheaters having the share size $|V_i|= (n-t)^{n+2t}|S|/\epsilon^{n+2t}$. The proposed scheme achieves {\em flexibility} in the sense that the security level (i.e. the cheater(s) success probability) is independent of the secret size. Finally, we design an efficient $(k, \delta)$ robust secret sharing secure against rushing adversary with optimal cheater resiliency. Each of the five proposed schemes has the smallest share size having the mentioned properties among the existing schemes in the respective fields

Nearly optimal robust secret sharing

Abstract: We prove that a known approach to improve Shamir's celebrated secret sharing scheme; i.e., adding an information-theoretic authentication tag to the secret, can make it robust for n parties against any collusion of size δn, for any constant δ ∈ (0; 1/2). This result holds in the so-called “nonrushing” model in which the n shares are submitted simultaneously for reconstruction. We thus finally obtain a simple, fully explicit, and robust secret sharing scheme in this model that is essentially optimal in all parameters including the share size which is k(1+o(1))+O(κ), where k is the secret length and κ is the security parameter. Like Shamir's scheme, in this modified scheme any set of more than δn honest parties can efficiently recover the secret. Using algebraic geometry codes instead of Reed-Solomon codes, the share length can be decreased to a constant (only depending on δ) while the number of shares n can grow independently. In this case, when n is large enough, the scheme satisfies the “threshold” requirement in an approximate sense; i.e., any set of δn(1 + ρ) honest parties, for arbitrarily small ρ > 0, can efficiently reconstruct the secret

An Efficient tt-Cheater Identifiable Secret Sharing Scheme with Optimal Cheater Resiliency

In this paper, we present an efficient $k$-out-of-$n$ secret sharing scheme, which can identify up to $t$ rushing cheaters, with probability at least $1 - \epsilon$, where $0<\epsilon<1/2$, provided $t < k/2$. This is the optimal number of cheaters that can be tolerated in the setting of public cheater identification, on which we focus in this work. In our scheme, the set of all possible shares $V_i$ satisfies the condition that $|V_i|= \frac{(t+1)^{2n+k-3}|S|}{\epsilon^{2n+k-3}}$, where $S$ denotes the set of all possible secrets. In PODC-2012, Ashish Choudhury came up with an efficient $t$-cheater identifiable $k$-out-of-$n$ secret sharing scheme, which was a solution of an open problem proposed by Satoshi Obana in EUROCRYPT-2011. The share size, with respect to a secret consisting of one field element, of Choudhury\u27s proposal in PODC-2012 is $|V_i|=\frac{(t+1)^{3n}|S|}{\epsilon^{3n}}$. Therefore, our scheme presents an improvement in share size over the above construction. Hence, to the best of our knowledge, our proposal currently has the minimal share size among existing efficient schemes with optimal cheater resilience, in the case of a single secret

Universal Construction of Cheater-Identifiable Secret Sharing Against Rushing Cheaters without Honest Majority

For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase, they can disturb the protocol and reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we propose the concepts of individual identification and agreed identification

Simple and Asymptotically Optimal tt-Cheater Identifiable Secret Sharing Scheme

In this paper, we consider the problem of k-out-of-n secret sharing scheme, capable of identifying t cheaters. We design a very simple k-out-of-n secret sharing scheme, which can identify up to t cheaters, with probability at least 1 - \epsilon, where 0 < \epsilon < 1/2, provided t < k / 2. This is the maximum number of cheaters, which can be identified by any k-out-of-n secret sharing scheme, capable of identifying t cheaters (we call these schemes as Secret Sharing with Cheater Identification (SSCI)). In our scheme, the set of all possible i^{th} share V_i satisfies the condition that |V_i| = |S| / \epsilon^{3n}, where S denotes the set of all possible secrets. Moreover, our scheme requires polynomial computation. In EUROCRYPT 2011, Satoshi Obana presented two SSCI schemes, which can identify up to t < k / 2 cheaters. However, the schemes require |V_i| \approx (n (t+1) 2^{3t-1} |S|) / \epsilon and |V_i| \approx ((n t 2^{3t})^2 |S|) / (\epsilon^2)$ respectively. Moreover, both the schemes are computationally inefficient, as they require to perform exponential computation in general. So comparing our scheme with the schemes of Obana, we find that not only our scheme is computationally efficient, but in our scheme the share size is significantly smaller than that of Obana. Thus our scheme solves one of the open problems left by Obana, urging to design efficient SSCI scheme with t < k/2. In CRYPT0 1995, Kurosawa, Obana and Ogata have shown that in any SSCI scheme, |V_i| \geq (|S| - 1) / (\epsilon) + 1. Though our proposed scheme does not exactly matches this bound, we show that our scheme {\it asymptotically} satisfies the above bound. To the best of our knowledge, our scheme is the best SSCI scheme, capable of identifying the maximum number of cheaters

Evolving Secret Sharing in Almost Semi-honest Model

Evolving secret sharing is a special kind of secret sharing where the number of shareholders is not known beforehand, i.e., at time t = 0. In classical secret sharing such a restriction was assumed inherently i.e., the the number of shareholders was given to the dealer’s algorithm as an input. Evolving secret sharing relaxes this condition. Pramanik and Adhikari left an open problem regarding malicious shareholders in the evolving setup, which we answer in this paper. We introduce a new cheating model, called the almost semi-honest model, where a shareholder who joins later can check the authenticity of share of previous ones. We use collision resistant hash function to construct such a secret sharing scheme with malicious node identification. Moreover, our scheme preserves the share size of Komargodski et al. (TCC 2016)

Evolving Secret Sharing with Essential Participants

Komargodski et.al. introduced {\em Evolving Secret Sharing} which allows an imaprtial participant, called \emph{dealer}, to share a secret among unbounded number of participants over any given access structure. In their construction for evolving secret sharing over general access structure, the size of share of the $i^{th}$ participant happens to be exponential $(\mathcal{O}(2^{i-1}))$. They also provided constructions for $(k,\infty)$ threshold secret sharing. We consider the problem of evolving secret sharing with $t$ essential participants, namely, over $t$-$(k,\infty)$ access structure, a generalization of $(k,\infty)$ secret sharing $(t=0)$. We further generalize this access structure to a possible case of unbounded number of essential participants and provide a construction for secret sharing on it. Both the constructions are information theoretically secure and reduce the share size of the construction due to Komargodski et.al. over general access structure, exponentially. Moreover, the essential participants receive ideal (and hence, optimal) shares in the first construction