Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals

We give a unified account of classical secret-sharing goals from a modern cryptographic vantage. Our treatment encompasses perfect, statistical, and computational secret sharing; static and dynamic adversaries; schemes with or without robustness; schemes where a participant recovers the secret and those where an external party does so. We then show that Krawczyk\u27s 1993 protocol for robust computational secret sharing (RCSS) need not be secure, even in the random-oracle model and for threshold schemes, if the encryption primitive it uses satisfies only one-query indistinguishability (ind1), the only notion Krawczyk defines. Nonetheless, we show that the protocol is secure (in the random-oracle model, for threshold schemes) if the encryption scheme also satisfies one-query key-unrecoverability (key1). Since practical encryption schemes are ind1+key1 secure, our result effectively shows that Krawczyk\u27s RCSS protocol is sound (in the random-oracle model, for threshold schemes). Finally, we prove the security for a variant of Krawczyk\u27s protocol, in the standard model and for arbitrary access structures, assuming ind1 encryption and a statistically-hiding, weakly-binding commitment scheme

Coordenação desacoplada tolerante a faltas bizantinas

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-graduação em Engenharia ElétricaSistemas distribuídos abertos são tipicamente compostos por um número desconhecido e variável de processos executando em um ambiente heterogêneo, onde as comunicações muitas vezes requerem desconexões temporárias e segurança contra ações maliciosas. A coordenação por espaço de tuplas é um modelo de comunicação bastante conhecido para estes ambientes pois provê comunicação desacoplada tanto no tempo (os processos não precisam estar ativos ao mesmo tempo para interagirem) quanto no espaço (os processos não necessitam saber os endereços uns dos outros). Vários trabalhos têm tentado melhorar a segurança de funcionamento dos espaços de tuplas através do uso de replicação e transações para tolerância a faltas ou controle de acesso e criptografia para segurança. Entretanto, muitas aplicações práticas na Internet requerem ambas estas dimensões. Nesta tese, o modelo de coordenação por espaços de tuplas é usado para resolver o problema da coordenação desacoplada em ambientes não confiáveis, i.e., onde os processos estão sujeitos a falhas bizantinas (podem desviar-se arbitrariamente de suas especificações). Os resultados aqui apresentados atacam dois problemas básicos: (1) como construir espaços de tuplas com segurança de funcionamento (seguros e tolerantes a faltas bizantinas), e (2) como usar estes espaços para resolução de problemas fundamentais em computação distribuída. Os resultados referentes a (1) são uma arquitetura para espaço de tuplas com segurança de funcionamento que integra mecanismos de segurança e tolerância a faltas, duas construções eficientes para espaços de tuplas tolerantes a faltas bizantinas baseadas em uma nova filosofia de replicação, e um esquema de confidencialidade para espaços de tuplas replicados. Com relação á (2), é mostrado que um espaço de tuplas aumentado protegido por políticas de granularidade fina pode ser usado para resolver eficientemente vários problemas em computação distribuída mesmo com processos sujeitos a falta

Responsive Security for Stored Data

We present the design of a distributed store that offers various levels of security guarantees while tolerating a limited number of nodes that are compromised by an adversary. The store uses secret sharing schemes to offer security guarantees namely availability, confidentiality and integrity. However, a pure secret sharing scheme could suffer from performance problems and high access costs. We integrate secret sharing with replication for better performance and to keep access costs low. The tradeoffs involved between availability and access cost on one hand and confidentiality and integrity on the other are analyzed. Our system differs from traditional approaches such as state machine or quorum based replication that have been developed to tolerate Byzantine failures. Unlike such systems, we augment replication with secret sharing and demonstrate that such a hybrid scheme offers additional flexibility that is not possible with current schemes

Responsive security for stored data

We present the design of a distributed store that offers various levels of security guarantees while tolerating a limited number of nodes that are compromised by an adversary. The store uses secret sharing schemes to offer security guarantees namely availability, confidentiality and integrity. However, a pure secret sharing scheme could suffer from performance problems and high access costs. We integrate secret sharing with replication for better performance and to keep access costs low. The tradeoffs involved between availability and access cost on one hand and confidentiality and integrity on the other are analyzed. Our system differs from traditional approaches such as state machine or quorum based replication that have been developed to tolerate Byzantine failures. Unlike such systems, we augment replication with secret sharing and offer weaker consistency guarantees. We demonstrate that such a hybrid scheme offers additional flexibility that is not possible with replication alone

Responsive Security for Stored Data

We present the design of a distributed store that offers various levels of security guarantees while tolerating a limited number of nodes that are compromised by an adversary. The store uses secret sharing schemes to offer security guarantees namely availability, confidentiality and integrity. However, a pure secret sharing scheme could suffer from performance problems and high access costs. We integrate secret sharing with replication for better performance and to keep access costs low. The tradeoffs involved between availability and access cost on one hand and confidentiality and integrity on the other are analyzed. Our system differs from traditional approaches such as state machine or quorum based replication that have been developed to tolerate Byzantine failures. Unlike such systems, we augment replication with secret sharing and demonstrate that such a hybrid scheme offers additional flexibility that is not possible with current schemes.