7,903 research outputs found
On Polynomial Secret Sharing Schemes
Nearly all secret sharing schemes studied so far are linear or multi-linear schemes. Although these schemes allow to implement any monotone access structure, the share complexity, , may be suboptimal -- there are access structures for which the gap between the best known lower bounds and best known multi-linear schemes is exponential.
There is growing evidence in the literature, that non-linear schemes can improve share complexity for some access structures, with the work of Beimel and Ishai (CCC \u2701) being among the first to demonstrate it. This motivates further study of non linear schemes.
We initiate a systematic study of polynomial secret sharing schemes (PSSS), where shares are (multi-variate) polynomials of secret and randomness vectors respectively over some finite field \F_q.
Our main hope is that the algebraic structure of polynomials would help obtain better lower bounds than those known for the general secret sharing.
Some of the initial results we prove in this work are as follows.
\textbf{On share complexity of polynomial schemes.}\\
First we study degree (at most) 1 in randomness variables (where the degree of secret variables is unlimited).
We have shown that for a large subclass of these schemes, there exist equivalent multi-linear schemes with share complexity overhead.
Namely, PSSS where every polynomial misses monomials of exact degree in and 0 in ,
and PSSS where all polynomials miss monomials of exact degree in and 1 in .
This translates the known lower bound of for multi linear schemes
onto a class of schemes strictly larger than multi linear schemes, to contrast with the best bound known
for general schemes, with no progress since 94\u27.
An observation in the positive direction we make refers to the share complexity (per bit) of multi linear schemes (polynomial schemes of total degree 1). We observe that the scheme by Liu et. al obtaining share complexity
can be transformed into a multi-linear scheme with similar share complexity per bit, for sufficiently long secrets.
%
For the next natural degree to consider, 2 in , we have shown that PSSS where all share polynomials are of exact degree 2 in (without exact degree 1 in monomials) where \F_q has odd characteristic, can implement only trivial access structures where the minterms consist of single parties.
Obtaining improved lower bounds for degree-2 in PSSS, and even arbitrary degree-1 in PSSS is left as an interesting open question.
\textbf{On the randomness complexity of polynomial schemes.}\\
We prove that for every degree-2 polynomial secret sharing scheme, there exists an equivalent degree-2 scheme with identical share complexity with randomness complexity, , bounded by . For general PSSS, we obtain a similar bound on (preserving and \F_q but not degree). So far, bounds on randomness complexity were known only for multi linear schemes, demonstrating that is always achievable. Our bounds are not nearly as practical as those for multi-linear schemes, and should be viewed as a proof of concept. If a much better bound for some degree bound is obtained, it would lead directly to super-polynomial counting-based lower bounds for degree- PSSS over constant-sized fields.
Another application of low (say, polynomial) randomness complexity is transforming polynomial schemes with polynomial-sized (in ) algebraic formulas for each share , into a degree-3 scheme with only polynomial blowup in share complexity, using standard randomizing polynomials constructions
On Secret Sharing, Randomness, and Random-less Reductions for Secret Sharing
Secret-sharing is one of the most basic and oldest primitives in cryptography, introduced by Shamir and Blakely in the 70s. It allows to strike a meaningful balance between availability and confidentiality of secret information. It has a host of applications most notably in threshold cryptography and multi-party computation. All known constructions of secret sharing (with the exception of those with a pathological choice of parameters) require access to uniform randomness. In practice, it is extremely challenging to generate a source of uniform randomness. This has led to a large body of research devoted to designing randomized algorithms and cryptographic primitives from imperfect sources of randomness.
Motivated by this, 15 years ago, Bosley and Dodis asked whether it is even possible to build 2-out-of-2 secret sharing without access to uniform randomness. In this work, we make progress towards resolving this question.
We answer this question for secret sharing schemes with important additional properties, i.e., either leakage-resilience or non-malleability. We prove that, unfortunately, for not too small secrets, it is impossible to construct any of 2-out-of-2 leakage-resilient secret sharing or 2-out-of-2 non-malleable secret sharing without access to uniform randomness.
Given that the problem whether 2-out-of-2 secret sharing requires uniform randomness has been open for a long time, it is reasonable to consider intermediate problems towards resolving the open question. In a spirit similar to NP-completeness, we study how the existence of a t-out-of-n secret sharing without access to uniform randomness is related to the existence of a t\u27-out-of-n\u27 secret sharing without access to uniform randomness for a different choice of the parameters t,n,t\u27,n\u27
Nearly optimal robust secret sharing
Abstract: We prove that a known approach to improve Shamir's celebrated secret sharing scheme; i.e., adding an information-theoretic authentication tag to the secret, can make it robust for n parties against any collusion of size ÎŽn, for any constant ÎŽ â (0; 1/2). This result holds in the so-called ânonrushingâ model in which the n shares are submitted simultaneously for reconstruction. We thus finally obtain a simple, fully explicit, and robust secret sharing scheme in this model that is essentially optimal in all parameters including the share size which is k(1+o(1))+O(Îș), where k is the secret length and Îș is the security parameter. Like Shamir's scheme, in this modified scheme any set of more than ÎŽn honest parties can efficiently recover the secret. Using algebraic geometry codes instead of Reed-Solomon codes, the share length can be decreased to a constant (only depending on ÎŽ) while the number of shares n can grow independently. In this case, when n is large enough, the scheme satisfies the âthresholdâ requirement in an approximate sense; i.e., any set of ÎŽn(1 + Ï) honest parties, for arbitrarily small Ï > 0, can efficiently reconstruct the secret
A Randomized Kernel-Based Secret Image Sharing Scheme
This paper proposes a ()-threshold secret image sharing scheme that
offers flexibility in terms of meeting contrasting demands such as information
security and storage efficiency with the help of a randomized kernel (binary
matrix) operation. A secret image is split into shares such that any or
more shares () can be used to reconstruct the image. Each share has a
size less than or at most equal to the size of the secret image. Security and
share sizes are solely determined by the kernel of the scheme. The kernel
operation is optimized in terms of the security and computational requirements.
The storage overhead of the kernel can further be made independent of its size
by efficiently storing it as a sparse matrix. Moreover, the scheme is free from
any kind of single point of failure (SPOF).Comment: Accepted in IEEE International Workshop on Information Forensics and
Security (WIFS) 201
Fully leakage-resilient signatures revisited: Graceful degradation, noisy leakage, and construction in the bounded-retrieval model
We construct new leakage-resilient signature schemes. Our schemes remain unforgeable against an adversary leaking arbitrary (yet bounded) information on the entire state of the signer (sometimes known as fully leakage resilience), including the random coin tosses of the signing algorithm. The main feature of our constructions is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning
Federated learning is a distributed framework for training machine learning
models over the data residing at mobile devices, while protecting the privacy
of individual users. A major bottleneck in scaling federated learning to a
large number of users is the overhead of secure model aggregation across many
users. In particular, the overhead of the state-of-the-art protocols for secure
model aggregation grows quadratically with the number of users. In this paper,
we propose the first secure aggregation framework, named Turbo-Aggregate, that
in a network with users achieves a secure aggregation overhead of
, as opposed to , while tolerating up to a user dropout
rate of . Turbo-Aggregate employs a multi-group circular strategy for
efficient model aggregation, and leverages additive secret sharing and novel
coding techniques for injecting aggregation redundancy in order to handle user
dropouts while guaranteeing user privacy. We experimentally demonstrate that
Turbo-Aggregate achieves a total running time that grows almost linear in the
number of users, and provides up to speedup over the
state-of-the-art protocols with up to users. Our experiments also
demonstrate the impact of model size and bandwidth on the performance of
Turbo-Aggregate
Identity based proxy re-encryption scheme (IBPRE+) for secure cloud data sharing
(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.In proxy re-encryption (PRE), a proxy with re-encryption keys can transfer aciphertext computed under Alice's public key into a new one, which can be decrypted by Bob only with his secret key. Recently, Wang et al. introduced the concept of PRE plus (PRE+) scheme, which can be seen as the dual of PRE, and is almost the same as PRE scheme except that the re-encryption keys are generated by the encrypter. Compared to PRE, PRE+ scheme can easily achieve two important properties: first, the message-level based fine-grained delegation and, second, the non-transferable property. In this paper, we extend the concept of PRE+ to the identity based setting. We propose a concrete IBPRE+ scheme based on 3-linear map and roughly discuss its properties. We also demonstrate potential application of this new primitive to secure cloud data sharing.Peer ReviewedPostprint (author's final draft
- âŠ