15,407 research outputs found
Succinct Computational Secret Sharing
A secret-sharing scheme enables a dealer to share a secret among parties such that only authorized subsets of parties, specified by a monotone access structure , can reconstruct from their shares. Other subsets of parties learn nothing about .
The question of minimizing the (largest) share size for a given has been the subject of a large body of work. However, in most existing constructions for general access structures , the share size is not much smaller than the size of some natural computational representation of , a fact that has often been referred to as the ``representation size barrier\u27\u27 in secret sharing.
In this work, we initiate a systematic study of succinct computational secret sharing (SCSS), where the secrecy requirement is computational and the goal is to substantially beat the representation size barrier. We obtain the following main results.
(1) SCSS via Projective PRGs. We introduce the notion of a *projective PRG*, a pseudorandom generator for which any subset of the output bits can be revealed while keeping the other output bits hidden, using a *short* projective seed. We construct projective PRGs with different levels of succinctness under a variety of computational assumptions, and apply them towards constructing SCSS for graph access structures, monotone CNF formulas, and (less succinctly) useful subclasses of monotone circuits and branching programs. Most notably, under the sub-exponential RSA assumption, we obtain a SCSS scheme that, given an arbitrary access structure , represented by a truth table of size , produces shares of size polylog(N)=\poly(n) in time . For comparison, the share size of the best known information-theoretic schemes is .
(2) SCSS via One-way Functions. Under the (minimal) assumption that one-way functions exist, we obtain a near-quadratic separation between the total share size of computational and information-theoretic secret sharing. This is the strongest separation one can hope for, given the state of the art in secret sharing lower bounds. We also construct SCSS schemes from one-way functions for useful classes of access structures, including forbidden graphs and monotone DNF formulas. This leads to constructions of fully-decomposable conditional disclosure of secrets (also known as privacy-free garbled circuits) for general functions, represented by a truth table of size , with share size polylog(N) and computation time , assuming sub-exponentially secure one-way functions
An Epitome of Multi Secret Sharing Schemes for General Access Structure
Secret sharing schemes are widely used now a days in various applications,
which need more security, trust and reliability. In secret sharing scheme, the
secret is divided among the participants and only authorized set of
participants can recover the secret by combining their shares. The authorized
set of participants are called access structure of the scheme. In Multi-Secret
Sharing Scheme (MSSS), k different secrets are distributed among the
participants, each one according to an access structure. Multi-secret sharing
schemes have been studied extensively by the cryptographic community. Number of
schemes are proposed for the threshold multi-secret sharing and multi-secret
sharing according to generalized access structure with various features. In
this survey we explore the important constructions of multi-secret sharing for
the generalized access structure with their merits and demerits. The features
like whether shares can be reused, participants can be enrolled or dis-enrolled
efficiently, whether shares have to modified in the renewal phase etc., are
considered for the evaluation
Secret-Sharing for NP
A computational secret-sharing scheme is a method that enables a dealer, that
has a secret, to distribute this secret among a set of parties such that a
"qualified" subset of parties can efficiently reconstruct the secret while any
"unqualified" subset of parties cannot efficiently learn anything about the
secret. The collection of "qualified" subsets is defined by a Boolean function.
It has been a major open problem to understand which (monotone) functions can
be realized by a computational secret-sharing schemes. Yao suggested a method
for secret-sharing for any function that has a polynomial-size monotone circuit
(a class which is strictly smaller than the class of monotone functions in P).
Around 1990 Rudich raised the possibility of obtaining secret-sharing for all
monotone functions in NP: In order to reconstruct the secret a set of parties
must be "qualified" and provide a witness attesting to this fact.
Recently, Garg et al. (STOC 2013) put forward the concept of witness
encryption, where the goal is to encrypt a message relative to a statement "x
in L" for a language L in NP such that anyone holding a witness to the
statement can decrypt the message, however, if x is not in L, then it is
computationally hard to decrypt. Garg et al. showed how to construct several
cryptographic primitives from witness encryption and gave a candidate
construction.
One can show that computational secret-sharing implies witness encryption for
the same language. Our main result is the converse: we give a construction of a
computational secret-sharing scheme for any monotone function in NP assuming
witness encryption for NP and one-way functions. As a consequence we get a
completeness theorem for secret-sharing: computational secret-sharing scheme
for any single monotone NP-complete function implies a computational
secret-sharing scheme for every monotone function in NP
Revisiting Shared Data Protection Against Key Exposure
This paper puts a new light on secure data storage inside distributed
systems. Specifically, it revisits computational secret sharing in a situation
where the encryption key is exposed to an attacker. It comes with several
contributions: First, it defines a security model for encryption schemes, where
we ask for additional resilience against exposure of the encryption key.
Precisely we ask for (1) indistinguishability of plaintexts under full
ciphertext knowledge, (2) indistinguishability for an adversary who learns: the
encryption key, plus all but one share of the ciphertext. (2) relaxes the
"all-or-nothing" property to a more realistic setting, where the ciphertext is
transformed into a number of shares, such that the adversary can't access one
of them. (1) asks that, unless the user's key is disclosed, noone else than the
user can retrieve information about the plaintext. Second, it introduces a new
computationally secure encryption-then-sharing scheme, that protects the data
in the previously defined attacker model. It consists in data encryption
followed by a linear transformation of the ciphertext, then its fragmentation
into shares, along with secret sharing of the randomness used for encryption.
The computational overhead in addition to data encryption is reduced by half
with respect to state of the art. Third, it provides for the first time
cryptographic proofs in this context of key exposure. It emphasizes that the
security of our scheme relies only on a simple cryptanalysis resilience
assumption for blockciphers in public key mode: indistinguishability from
random, of the sequence of diferentials of a random value. Fourth, it provides
an alternative scheme relying on the more theoretical random permutation model.
It consists in encrypting with sponge functions in duplex mode then, as before,
secret-sharing the randomness
Economical (k,m)-threshold controlled quantum teleportation
We study a (k,m)-threshold controlling scheme for controlled quantum
teleportation. A standard polynomial coding over GF(p) with prime p > m-1 needs
to distribute a d-dimensional qudit with d >= p to each controller for this
purpose. We propose a scheme using m qubits (two-dimensional qudits) for the
controllers' portion, following a discussion on the benefit of a quantum
control in comparison to a classical control of a quantum teleportation.Comment: 11 pages, 2 figures, v2: minor revision, discussions improved, an
equation corrected in procedure (A) of section 4.3, v3: major revision,
protocols extended, citations added, v4: minor grammatical revision, v5:
minor revision, discussions extende
- …