Almost-perfect secret sharing

Splitting a secret s between several participants, we generate (for each value of s) shares for all participants. The goal: authorized groups of participants should be able to reconstruct the secret but forbidden ones get no information about it. In this paper we introduce several notions of non- perfect secret sharing, where some small information leak is permitted. We study its relation to the Kolmogorov complexity version of secret sharing (establishing some connection in both directions) and the effects of changing the secret size (showing that we can decrease the size of the secret and the information leak at the same time).Comment: Acknowledgments adde

How to Share a Secret, Infinitely

Secret sharing schemes allow a dealer to distribute a secret piece of information among several parties such that only qualified subsets of parties can reconstruct the secret. The collection of qualified subsets is called an access structure. The best known example is the $k$-threshold access structure, where the qualified subsets are those of size at least $k$. When $k=2$ and there are $n$ parties, there are schemes for sharing an $\ell$-bit secret in which the share size of each party is roughly $\max\{\ell,\log n\}$ bits, and this is tight even for secrets of 1 bit. In these schemes, the number of parties $n$ must be given in advance to the dealer. In this work we consider the case where the set of parties is not known in advance and could potentially be infinite. Our goal is to give the $t$-th party arriving the smallest possible share as a function of $t$. Our main result is such a scheme for the $k$-threshold access structure and 1-bit secrets where the share size of party $t$ is $(k-1)\cdot \log t + \mathsf{poly}(k)\cdot o(\log t)$. For $k=2$ we observe an equivalence to prefix codes and present matching upper and lower bounds of the form $\log t + \log\log t + \log\log\log t + O(1)$. Finally, we show that for any access structure there exists such a secret sharing scheme with shares of size $2^{t-1}$

FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs

FLAIM (Framework for Log Anonymization and Information Management) addresses two important needs not well addressed by current log anonymizers. First, it is extremely modular and not tied to the specific log being anonymized. Second, it supports multi-level anonymization, allowing system administrators to make fine-grained trade-offs between information loss and privacy/security concerns. In this paper, we examine anonymization solutions to date and note the above limitations in each. We further describe how FLAIM addresses these problems, and we describe FLAIM's architecture and features in detail.Comment: 16 pages, 4 figures, in submission to USENIX Lis

Combining Shamir & Additive Secret Sharing to Improve Efficiency of SMC Primitives Against Malicious Adversaries

Secure multi-party computation provides a wide array of protocols for mutually distrustful parties be able to securely evaluate functions of private inputs. Within recent years, many such protocols have been proposed representing a plethora of strategies to securely and efficiently handle such computation. These protocols have become increasingly efficient, but their performance still is impractical in many settings. We propose new approaches to some of these problems which are either more efficient than previous works within the same security models or offer better security guarantees with comparable efficiency. The goals of this research are to improve efficiency and security of secure multi-party protocols and explore the application of such approaches to novel threat scenarios. Some of the novel optimizations employed are dynamically switching domains of shared secrets, asymmetric computations, and advantageous functional transformations, among others. Specifically, this work presents a novel combination of Shamir and Additive secret sharing to be used in parallel which allows for the transformation of efficient protocols secure against passive adversaries to be secure against active adversaries. From this set of primitives we propose the construction of a comparison protocol which can be implemented under that approach with a complexity which is more efficient than other recent works for common domains of interest. Finally, we present a system which addresses a critical security threat for the protection and obfuscation of information which may be of high consequence.Comment: arXiv admin note: text overlap with arXiv:1810.0157

Algebraic Techniques for Low Communication Secure Protocols

Internet communication is often encrypted with the aid of mathematical problems that are hard to solve. Another method to secure electronic communication is the use of a digital lock of which the digital key must be exchanged first. PhD student Robbert de Haan (CWI) researched models for a guaranteed safe communication between two people without the exchange of a digital key and without assumptions concerning the practical difficulty of solving certain mathematical problems. In ancient times Julius Caesar used secret codes to make his messages illegible for spies. He upped every letter of the alphabet with three positions: A became D, Z became C, and so on. Usually, cryptographers research secure communication between two people through one channel that can be monitored by malevolent people. De Haan studied the use of multiple channels. A minority of these channels may be in the hands of adversaries that can intercept, replace or block the message. He proved the most efficient way to securely communicate along these channels and thus solved a fundamental cryptography problem that was introduced almost 20 years ago by Dole, Dwork, Naor and Yung