37 research outputs found
Hypergraphs of Multiparty Secrets
The article considers interdependencies between secrets in a multiparty system. Each secret is assumed to be known only to a certain fixed set of parties. These sets can be viewed as edges of a hypergraph whose vertices are the parties of the system. The properties of interdependencies are expressed through a multi-argument relation called independence, which is a generalization of a binary relation also known as nondeducibility. The main result is a complete and decidable logical system that describes interdependencies that may exist on a fixed hypergraph. Additionally, the axioms and inference rules in this system are shown to be independent in the standard logical sense
On the Power of Amortization in Secret Sharing: -Uniform Secret Sharing and CDS with Constant Information Rate
Consider the following secret-sharing problem. Your goal is to distribute a long file between servers such that -subsets cannot recover the file, -subsets can recover the file, and -subsets should be able to recover if and only if they appear in some predefined list . How small can the information ratio (i.e., the number of bits stored on a server per each bit of the secret) be?
We initiate the study of such -uniform access structures, and view them as a useful scaled-down version of general access structures. Our main result shows that, for constant , any -uniform access structure admits a secret sharing scheme with a *constant* asymptotic information ratio of that does not grow with the number of servers . This result is based on a new construction of -party Conditional Disclosure of Secrets (Gertner et al., JCSS \u2700) for arbitrary predicates over -size domain in which each party communicates at most four bits per secret bit.
In both settings, previous results achieved non-constant information ratio which grows asymptotically with even for the simpler (and widely studied) special case of . Moreover, our results provide a unique example for a natural class of access structures that can be realized with information rate smaller than its bit-representation length (i.e., for -uniform access structures) showing that amortization can beat the representation size barrier.
Our main result applies to exponentially long secrets, and so it should be mainly viewed as a barrier against amortizable lower-bound techniques. We also show that in some natural simple cases (e.g., low-degree predicates), amortization kicks in even for quasi-polynomially long secrets. Finally, we prove some limited lower-bounds, point out some limitations of existing lower-bound techniques, and describe some applications to the setting of private simultaneous messages
Epistemic Logic for Communication Chains
The paper considers epistemic properties of linear communication chains. It
describes a sound and complete logical system that, in addition to the standard
axioms of S5 in a multi-modal language, contains two non-trivial axioms that
capture the linear structure of communication chains.Comment: 7 pages, Contributed talk at TARK 2013 (arXiv:1310.6382)
http://www.tark.or
Concurrency Semantics for the Geiger-Paz-Pearl Axioms of Independence
Independence between two sets of random variables is a well-known relation in probability theory. Its origins trace back to Abraham de Moivre\u27s work in the 18th century. The propositional theory of this relation was axiomatized by Geiger, Paz, and Pearl.
Sutherland introduced a relation in information flow theory that later became known as "nondeducibility." Subsequently, the first two authors generalized this relation from a relation between two arguments to a relation between two sets of arguments and proved that it is completely described by essentially the same axioms as independence in probability theory.
This paper considers a non-interference relation between two groups of concurrent processes sharing common resources. Two such groups are called non-interfering if, when executed concurrently, the only way for them to reach deadlock is for one of the groups to deadlock internally. The paper shows that a complete axiomatization of this relation is given by the same Geiger-Paz-Pearl axioms
Lower Bounds for Secret-Sharing Schemes for k-Hypergraphs
A secret-sharing scheme enables a dealer, holding a secret string, to distribute shares to parties such that only pre-defined authorized subsets of parties can reconstruct the secret. The collection of authorized sets is called an access structure. There is a huge gap between the best known upper bounds on the share size of a secret-sharing scheme realizing an arbitrary access structure and the best known lower bounds on the size of these shares. For an arbitrary -party access structure, the best known upper bound on the share size is . On the other hand, the best known lower bound on the total share size is much smaller, i.e., [Csirmaz, \emph{Studia Sci. Math. Hungar.}]. This lower bound was proved more than 25 years ago and no major progress has been made since.
In this paper, we study secret-sharing schemes for -hypergraphs, i.e., for access structures where all minimal authorized sets are of size exactly (however, unauthorized sets can be larger). We consider the case where is small, i.e., constant or at most . The trivial upper bound for these access structures is and this can be slightly improved. If there were efficient secret-sharing schemes for such -hypergraphs (e.g., -hypergraphs or -hypergraphs), then we would be able to construct secret-sharing schemes for arbitrary access structures that are better than the best known schemes. Thus, understanding the share size required for -hypergraphs is important. Prior to our work, the best known lower bound for these access structures was , which holds already for graphs (i.e., -hypergraphs). We improve this lower bound, proving a lower bound of on the total share size for some explicit -hypergraphs, where . For example, for -hypergraphs we prove a lower bound of . For -hypergraphs, we prove a lower bound of , i.e., we show that the lower bound of Csirmaz holds already when all minimal authorized sets are of size . Our proof is simple and shows that the lower bound of Csirmaz holds for a simple variant of the access structure considered by Csirmaz. Using our results, we prove a near quadratic separation between the required share size for realizing an explicit access structure and the monotone circuit size describing the access structure,i.e., the share size in and the monotone circuit size is (where the circuit has depth )
Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols
Code voting was introduced by Chaum as a solution for using a possibly
infected-by-malware device to cast a vote in an electronic voting application.
Chaum's work on code voting assumed voting codes are physically delivered to
voters using the mail system, implicitly requiring to trust the mail system.
This is not necessarily a valid assumption to make - especially if the mail
system cannot be trusted. When conspiring with the recipient of the cast
ballots, privacy is broken.
It is clear to the public that when it comes to privacy, computers and
"secure" communication over the Internet cannot fully be trusted. This
emphasizes the importance of using: (1) Unconditional security for secure
network communication. (2) Reduce reliance on untrusted computers.
In this paper we explore how to remove the mail system trust assumption in
code voting. We use PSMT protocols (SCN 2012) where with the help of visual
aids, humans can carry out addition correctly with a 99\% degree of
accuracy. We introduce an unconditionally secure MIX based on the combinatorics
of set systems.
Given that end users of our proposed voting scheme construction are humans we
\emph{cannot use} classical Secure Multi Party Computation protocols.
Our solutions are for both single and multi-seat elections achieving:
\begin{enumerate}[i)]
\item An anonymous and perfectly secure communication network secure against
a -bounded passive adversary used to deliver voting,
\item The end step of the protocol can be handled by a human to evade the
threat of malware. \end{enumerate} We do not focus on active adversaries
The Share Size of Secret-Sharing Schemes for Almost All Access Structures and Graphs
The share size of general secret-sharing schemes is poorly understood. The gap between the best known upper bound on the total share size per party of (Applebaum and Nir, CRYPTO 2021) and the best known lower bound of (Csirmaz, J. of Cryptology 1997) is huge (where is the number of parties in the scheme). To gain some understanding on this problem, we study the share size of secret-sharing schemes of almost all access structures, i.e., of almost all collections of authorized sets. This is motivated by the fact that in complexity, many times almost all objects are hardest (e.g., most Boolean functions require exponential size circuits). All previous constructions of secret-sharing schemes were for the worst access structures (i.e., all access structures) or for specific families of access structures.
We prove upper bounds on the share size for almost all access structures. We combine results on almost all monotone Boolean functions (Korshunov, Probl. Kibern. 1981) and a construction of (Liu and Vaikuntanathan, STOC 2018) and conclude that almost all access structures have a secret-sharing scheme with share size .
We also study graph secret-sharing schemes. In these schemes, the parties are vertices of a graph and a set can reconstruct the secret if and only if it contains an edge. Again, for this family there is a huge gap between the upper bounds - (Erdös and Pyber, Discrete Mathematics 1997) - and the lower bounds - (van Dijk, Des. Codes Crypto. 1995). We show that for almost all graphs, the share size of each party is . This result is achieved by using robust 2-server conditional disclosure of secrets protocols, a new primitive introduced and constructed in (Applebaum et al., STOC 2020), and the fact that the size of the maximal independent set in a random graph is small. Finally, using robust conditional disclosure of secrets protocols, we improve the total share size for all very dense graphs
Access Structure Hiding Secret Sharing from Novel Set Systems and Vector Families
Secret sharing provides a means to distribute shares of a secret such that
any authorized subset of shares, specified by an access structure, can be
pooled together to recompute the secret. The standard secret sharing model
requires public access structures, which violates privacy and facilitates the
adversary by revealing high-value targets. In this paper, we address this
shortcoming by introducing \emph{hidden access structures}, which remain secret
until some authorized subset of parties collaborate. The central piece of this
work is the construction of a set-system with strictly greater
than subsets of a set
of elements. Our set-system is defined over ,
where is a non-prime-power, such that the size of each set in
is divisible by but the sizes of their pairwise intersections are not
divisible by , unless one set is a subset of another. We derive a vector
family from such that superset-subset relationships
in are represented by inner products in . We use
to "encode" the access structures and thereby develop the first
\emph{access structure hiding} secret sharing scheme. For a setting with
parties, our scheme supports out of the
total monotone access structures, and its maximum
share size for any access structures is . The scheme assumes semi-honest polynomial-time parties, and its
security relies on the Generalized Diffie-Hellman assumption.Comment: This is the full version of the paper that appears in D. Kim et al.
(Eds.): COCOON 2020 (The 26th International Computing and Combinatorics
Conference), LNCS 12273, pp. 246-261. This version contains tighter bounds on
the maximum share size, and the total number of access structures supporte