5 research outputs found
Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model
Secret sharing enables a dealer to split a secret into a set of shares, in such a way that certain authorized subsets of share holders can reconstruct the secret, whereas all unauthorized subsets cannot.
Non-malleable secret sharing (Goyal and Kumar, STOC 2018) additionally requires that, even if the shares have been tampered with, the reconstructed secret is either the original or a completely unrelated one.
In this work, we construct non-malleable secret sharing tolerating -time {\em joint-tampering} attacks in the plain model (in the computational setting), where the latter means that, for any fixed {\em a priori}, the attacker can tamper with the same target secret sharing up to times. In particular, assuming one-to-one one-way functions, we obtain:
- A secret sharing scheme for threshold access structures which tolerates joint -time tampering with subsets of the shares of maximal size ({\em i.e.}, matching the privacy threshold of the scheme). This holds in a model where the attacker commits to a partition of the shares into non-overlapping subsets, and keeps tampering jointly with the shares within such a partition (so-called {\em selective partitioning}).
- A secret sharing scheme for general access structures which tolerates joint -time tampering with subsets of the shares of size , where is the number of parties. This holds in a stronger model where the attacker is allowed to adaptively change the partition within each tampering query, under the restriction that once a subset of the shares has been tampered with jointly, that subset is always either tampered jointly or not modified by other tampering queries (so-called {\em semi-adaptive partitioning}).
At the heart of our result for selective partitioning lies a new technique showing that every one-time {\em statistically} non-malleable secret sharing against joint tampering is in fact {\em leakage-resilient} non-malleable ({\em i.e.},\ the attacker can leak jointly from the shares prior to tampering).
We believe this may be of independent interest, and in fact we show it implies lower bounds on the share size and randomness complexity of statistically non-malleable secret sharing against {\em independent} tampering
Locally Reconstructable Non-Malleable Secret Sharing
Non-malleable secret sharing (NMSS) schemes, introduced by Goyal and Kumar (STOC 2018), ensure that a secret can be distributed into shares (for some ), such that any (a parameter ) shares can be reconstructed to recover the secret , any shares doesn\u27t leak information about and even if the shares that are used for reconstruction are tampered, it is guaranteed that the reconstruction of these tampered shares will either result in the original or something independent of . Since their introduction, non-malleable secret sharing schemes sparked a very impressive line of research.
In this work, we introduce a feature of local reconstructability in NMSS, which allows reconstruction of any portion of a secret by reading just a few locations of the shares. This is a useful feature, especially when the secret is long or when the shares are stored in a distributed manner on a communication network. In this work, we give a compiler that takes in any non-malleable secret sharing scheme and compiles it into a locally reconstructable non-malleable secret sharing scheme. To secret share a message consisting of blocks of length each, our scheme would only require reading bits (in addition to a few more bits, whose quantity is independent of and ) from each party\u27s share (of a reconstruction set) to locally reconstruct a single block of the message.
We show an application of our locally reconstructable non-malleable secret sharing scheme to a computational non-malleable secure message transmission scheme in the pre-processing model, with an improved communication complexity, when transmitting multiple messages
Non-malleable secret sharing against bounded joint-tampering attacks in the plain model
Secret sharing enables a dealer to split a secret into a set of shares, in such a way that certain authorized subsets of share holders can reconstruct the secret, whereas all unauthorized subsets cannot. Non-malleable secret sharing (Goyal and Kumar, STOC 2018) additionally requires that, even if the shares have been tampered with, the reconstructed secret is either the original or a completely unrelated one. In this work, we construct non-malleable secret sharing tolerating p-time joint-tampering attacks in the plain model (in the computational setting), where the latter means that, for any p>0 fixed a priori, the attacker can tamper with the same target secret sharing up to p times. In particular, assuming one-to-one one-way functions, we obtain:A secret sharing scheme for threshold access structures which tolerates joint p-time tampering with subsets of the shares of maximal size (i.e., matching the privacy threshold of the scheme). This holds in a model where the attacker commits to a partition of the shares into non-overlapping subsets, and keeps tampering jointly with the shares within such a partition (so-called selective partitioning).A secret sharing scheme for general access structures which tolerates joint p-time tampering with subsets of the shares of size O(√log n), where n is the number of parties. This holds in a stronger model where the attacker is allowed to adaptively change the partition within each tampering query, under the restriction that once a subset of the shares has been tampered with jointly, that subset is always either tampered jointly or not modified by other tampering queries (so-called semi-adaptive partitioning). At the heart of our result for selective partitioning lies a new technique showing that every one-time statistically non-malleable secret sharing against joint tampering is in fact leakage-resilient non-malleable (i.e., the attacker can leak jointly from the shares prior to tampering). We believe this may be of independent interest, and in fact we show it implies lower bounds on the share size and randomness complexity of statistically non-malleable secret sharing against independent tampering
Non-malleable secret sharing against joint tampering attacks
Since thousands of years ago, the goal of cryptography has been to hide messages from prying eyes. In recent times, cryptography two important changes: first, cryptography itself evolved from just being about encryption to a broader class of situations coming from the digital era; second, the way of studying cryptography evolved from creating ``seemingly hard'' cryptographic schemes to constructing schemes which are provably secure.
However, once the mathematical abstraction of cryptographic primitives started to be too hard to break, attackers found another way to defeat security. Side channel attacks have been proved to be very effective in this task, breaking the security of otherwise provably secure schemes. Because of this, recent trends in cryptography aim to capture this situation and construct schemes that are secure even against such powerful attacks.
In this setting, this thesis specializes in the study of secret sharing, an important cryptographic primitive that allows to balance privacy and integrity of data and also has applications to multi-party protocols. Namely, continuing the trend which aims to protect against side channel attacks, this thesis brings some contributions to the state of the art of the so-called leakage-resilient and non-malleable secret sharing schemes, which have stronger guarantees against attackers that are able to learn information from possibly all the shares and even tamper with the shares and see the effects of the tampering.
The main contributions of this thesis are twofold. First, we construct secret sharing schemes that are secure against a very powerful class of attacks which, informally, allows the attacker to jointly leak some information and tamper with the shares in a continuous fashion. Second, we study the capacity of continuously non-malleable secret sharing schemes, that is, the maximum achievable information rate. Roughly speaking, we find some lower bounds to the size that the shares must have in order to achieve some forms of non-malleability
On Split-State Quantum Tamper Detection and Non-Malleability
Tamper-detection codes (TDCs) and non-malleable codes (NMCs) are now
fundamental objects at the intersection of cryptography and coding theory. Both
of these primitives represent natural relaxations of error-correcting codes and
offer related security guarantees in adversarial settings where error
correction is impossible. While in a TDC, the decoder is tasked with either
recovering the original message or rejecting it, in an NMC, the decoder is
additionally allowed to output a completely unrelated message.
In this work, we study quantum analogs of one of the most well-studied
adversarial tampering models: the so-called split-state tampering model. In the
-split-state model, the codeword (or code-state) is divided into shares,
and each share is tampered with "locally". Previous research has primarily
focused on settings where the adversaries' local quantum operations are
assisted by an unbounded amount of pre-shared entanglement, while the code
remains unentangled, either classical or separable.
We construct quantum TDCs and NMCs in several
analogs of the split-state model, which are provably impossible using just
classical codes. In particular, against split-state adversaries restricted to
local (unentangled) operations, local operations and classical communication,
as well as a "bounded storage model" where they are limited to a finite amount
of pre-shared entanglement. We complement our code constructions in two
directions. First, we present applications to designing secret sharing schemes,
which inherit similar non-malleable and tamper-detection guarantees. Second, we
discuss connections between our codes and quantum encryption schemes, which we
leverage to prove singleton-type bounds on the capacity of certain families of
quantum NMCs in the split-state model