On Distributed Oblivious Transfer

The paper has been presented at the International Conference Pioneers of Bulgarian Mathematics, Dedicated to Nikola Obreshkoff and Lubomir Tschakaloff , Sofia, July, 2006. The material in this paper was presented in part at INDOCRYPT 2002This paper is about unconditionally secure distributed protocols for oblivious transfer, as proposed by Naor and Pinkas and generalized by Blundo et al. In this setting a Sender has ζ secrets and a Receiver is interested in one of them. The Sender distributes the information about the secrets to n servers, and a Receiver must contact a threshold of the servers in order to compute the secret. We present a non-existence result and a lower bound for the existence of one-round, threshold, distributed oblivious transfer protocols, generalizing the results of Blundo et al. A threshold based construction implementing 1-out-of-ζ distributed oblivious transfer achieving this lower bound is described. A condition for existence of distributed oblivious transfer schemes based on general access structures is proven. We also present a general access structure protocol implementing 1-out-of-ζ distributed oblivious transfer

Fourier-based Function Secret Sharing with General Access Structure

Function secret sharing (FSS) scheme is a mechanism that calculates a function f(x) for x in {0,1}^n which is shared among p parties, by using distributed functions f_i:{0,1}^n -> G, where G is an Abelian group, while the function f:{0,1}^n -> G is kept secret to the parties. Ohsawa et al. in 2017 observed that any function f can be described as a linear combination of the basis functions by regarding the function space as a vector space of dimension 2^n and gave new FSS schemes based on the Fourier basis. All existing FSS schemes are of (p,p)-threshold type. That is, to compute f(x), we have to collect f_i(x) for all the distributed functions. In this paper, as in the secret sharing schemes, we consider FSS schemes with any general access structure. To do this, we observe that Fourier-based FSS schemes by Ohsawa et al. are compatible with linear secret sharing scheme. By incorporating the techniques of linear secret sharing with any general access structure into the Fourier-based FSS schemes, we show Fourier-based FSS schemes with any general access structure.Comment: 12 page

Consensus Beyond Thresholds: Generalized Byzantine Quorums Made Live

Existing Byzantine fault-tolerant (BFT) consensus protocols address only threshold failures, where the participating nodes fail independently of each other, each one fails equally likely, and the protocol's guarantees follow from a simple bound on the number of faulty nodes. With the widespread deployment of Byzantine consensus in blockchains and distributed ledgers today, however, more sophisticated trust assumptions are needed. This paper presents the first implementation of BFT consensus with generalized quorums. It starts from a number of generalized trust structures motivated by practice and explores methods to specify and implement them efficiently. In particular, it expresses the trust assumption by a monotone Boolean formula (MBF) with threshold operators and by a monotone span program (MSP), a linear-algebraic model for computation. An implementation of HotStuff BFT consensus using these quorum systems is described as well and compared to the existing threshold model. Benchmarks with HotStuff running on up to 40 replicas demonstrate that the MBF specification incurs no significant slowdown, whereas the MSP expression affects latency and throughput noticeably due to the involved computations.Comment: To appear in the proceedings of SRDS 202

Linear Secret-Sharing Schemes for Forbidden Graph Access Structures

A secret-sharing scheme realizes the forbidden graph access structure determined by a graph $G=(V,E)$ if the parties are the vertices of the graph and the subsets that can reconstruct the secret are the pairs of vertices in $E$ (i.e., the edges) and the subsets of at least three vertices. Secret-sharing schemes for forbidden graph access structures defined by bipartite graphs are equivalent to conditional disclosure of secrets protocols. We study the complexity of realizing a forbidden graph access structure by linear secret-sharing schemes. A secret-sharing scheme is linear if the secret can be reconstructed from the shares by a linear mapping. We provide efficient constructions and lower bounds on the share size of linear secret-sharing schemes for sparse and dense graphs, closing the gap between upper and lower bounds. Given a sparse (resp. dense) graph with $n$ vertices and at most $n^{1+\beta}$ edges (resp. at least $\binom{n}{2} - n^{1+\beta}$ edges), for some $0 \leq \beta < 1$, we construct a linear secret-sharing scheme realizing its forbidden graph access structure in which the total size of the shares is $\tilde{O} (n^{1+\beta/2})$. Furthermore, we construct linear secret-sharing schemes realizing these access structures in which the size of each share is $\tilde{O} (n^{1/4+\beta/4})$. We also provide constructions achieving different trade-offs between the size of each share and the total share size. We prove that almost all forbidden graph access structures require linear secret-sharing schemes with total share size $\Omega(n^{3/2})$; this shows that the construction of Gay, Kerenidis, and Wee [CRYPTO 2015] is optimal. Furthermore, we show that for every $0 \leq \beta < 1$ there exist a graph with at most $n^{1+\beta}$ edges and a graph with at least $\binom{n}{2}-n^{1+\beta}$ edges such that the total share size in any linear secret-sharing scheme realizing the associated forbidden graph access structures is $\Omega (n^{1+\beta/2})$. Finally, we show that for every $0 \leq \beta < 1$ there exist a graph with at most $n^{1+\beta}$ edges and a graph with at least $\binom{n}{2}-n^{1+\beta}$ edges such that the size of the share of at least one party in any linear secret-sharing scheme realizing these forbidden graph access structures is $\Omega (n^{1/4+\beta/4})$. This shows that our constructions are optimal (up to poly-logarithmic factors)

Secret Sharing and Network Coding

In this thesis, we consider secret sharing schemes and network coding. Both of these fields are vital in today\u27s age as secret sharing schemes are currently being implemented by government agencies and private companies, and as network coding is continuously being used for IP networks. We begin with a brief overview of linear codes. Next, we examine van Dijk\u27s approach to realize an access structure using a linear secret sharing scheme; then we focus on a much simpler approach by Tang, Gao, and Chen. We show how this method can be used to find an optimal linear secret sharing scheme for an access structure with six participants. In the last chapter, we examine network coding and point out some similarities between secret sharing schemes and network coding. We present results from a paper by Silva and Kschischang; in particular, we present the concept of universal security and their coset coding scheme to achieve universal security

Error-Detecting in Monotone Span Programs with Application to Communication Efficient Multi-Party Computation

Recent improvements in the state-of-the-art of MPC for non-full-threshold access structures introduced the idea of using a collision-resistant hash functions and redundancy in the secret-sharing scheme to construct a communication-efficient MPC protocol which is computationally-secure against malicious adversaries, with abort. The prior work is based on replicated secret-sharing; in this work we extend this methodology to {\em any} multiplicative LSSS implementing a $Q_2$ access structure. To do so we need to establish a folklore property of error detection for such LSSS and their associated Monotone Span Programs. In doing so we obtain communication-efficient online and offline protocols for MPC in the pre-processing model

Do Not Trust in Numbers: Practical Distributed Cryptography With General Trust

In distributed cryptography independent parties jointly perform some cryptographic task. In the last decade distributed cryptography has been receiving more attention than ever. Distributed systems power almost all applications, blockchains are becoming prominent, and, consequently, numerous practical and efficient distributed cryptographic primitives are being deployed. The failure models of current distributed cryptographic systems, however, lack expressibility. Assumptions are only stated through numbers of parties, thus reducing this to threshold cryptography, where all parties are treated as identical and correlations cannot be described. Distributed cryptography does not have to be threshold-based. With general distributed cryptography the authorized sets, the sets of parties that are sufficient to perform some task, can be arbitrary, and are usually modeled by the abstract notion of a general access structure. Although the necessity for general distributed cryptography has been recognized long ago and many schemes have been explored in theory, relevant practical aspects remain opaque. It is unclear how the user specifies a trust structure efficiently or how this is encoded within a scheme, for example. More importantly, implementations and benchmarks do not exist, hence the efficiency of the schemes is not known. Our work fills this gap. We show how an administrator can intuitively describe the access structure as a Boolean formula. This is then converted into encodings suitable for cryptographic primitives, specifically, into a tree data structure and a monotone span program. We focus on three general distributed cryptographic schemes: verifiable secret sharing, common coin, and distributed signatures. For each one we give the appropriate formalization and security definition in the general-trust setting. We implement the schemes and assess their efficiency against their threshold counterparts. Our results suggest that the general distributed schemes can offer richer expressibility at no or insignificant extra cost. Thus, they are appropriate and ready for practical deployment

Uniting the nation through transcending menstrual blood : The Period Products Act in historical perspective

The research for this work was funded by the Royal Society of Edinburgh’s Arts and Humanities Research Network Grant 64992.This article sets the Period Products (Free Provision) (Scotland) (2021) Act in the context of historical imaginations both of menstruation and of the nation. It shows that despite the law-makers’ stated intentions, traditional menstrual stigma still underlies the Act and its parliamentary debates. This allows politicians speaking about menstruation to distance themselves from those who menstruate, claiming a position as part of a privileged, authoritative community, and associating menstruation further with being underprivileged. The article shows how deep and pervasive the roots of this stigmatising pattern are, tracing it back to premodern and early modern humoral medicine, specifically to Pseudo-Albertus Magnus’ Secreta mulierum (The Secrets of Women), and to modern fiction directly discussed in the Scottish parliament: the film I, Daniel Blake and Alasdair Gray’s novel Poor Things. The parliamentarians, moreover, imagine the bonds created by speaking about menstrual blood as extending to the whole nation. They implicitly understand the nation to be united by a shared blood and at the same time as transcending blood, in this case menstrual blood. This tacit conception is part of a historical pattern of similar imaginations of the Scottish nation in relation to blood, as this article will show in a sample of Scottish historical, fictional and political writing and thought from the Middle Ages to today. Menstruation in this way turns out to be central to historical and contemporary understandings of citizenship.Publisher PDFPeer reviewe

Towards Secure Identity-Based Cryptosystems for Cloud Computing

The convenience provided by cloud computing has led to an increasing trend of many business organizations, government agencies and individual customers to migrate their services and data into cloud environments. However, once clients’ data is migrated to the cloud, the overall security control will be immediately shifted from data owners to the hands of service providers. When data owners decide to use the cloud environment, they rely entirely on third parties to make decisions about their data and, therefore, the main challenge is how to guarantee that the data is accessible by data owners and authorized users only. Remote user authentication to cloud services is traditionally achieved using a combination of ID cards and passwords/PINs while public key infrastructure and symmetric key encryptions are still the most common techniques for enforcing data security despite the missing link between the identity of data owners and the cryptographic keys. Furthermore, the key management in terms of the generation, distribution, and storage are still open challenges to traditional public-key systems. Identity-Based Cryptosystems (IBCs) are new generations of public key encryptions that can potentially solve the problems associated with key distribution in public key infrastructure in addition to providing a clear link between encryption keys and the identities of data owners. In IBCs, the need for pre-distributed keys before any encryption/decryption will be illuminated, which gives a great deal of flexibility required in an environment such as the cloud. Fuzzy identity-based cryptosystems are promising extensions of IBCs that rely on biometric modalities in generating the encryption and decryption keys instead of traditional identities such as email addresses. This thesis argues that the adoption of fuzzy identity-based cryptosystems seems an ideal option to secure cloud computing after addressing a number of vulnerabilities related to user verification, key generation, and key validation stages. The thesis is mainly concerned with enhancing the security and the privacy of fuzzy identity-based cryptosystems by proposing a framework with multiple security layers. The main contributions of the thesis can be summarised as follows. 1. Improving user verification based on using a Challenge-Response Multifactor Biometric Authentication (CR-MFBA) in fuzzy identity-based cryptosystems that reduce the impacts of impersonators attacks. 2. Reducing the dominance of the “trusted authority” in traditional fuzzy identity-based cryptosystems by making the process of generating the decryption keys a cooperative process between the trusted authority server and data owners. This leads to shifting control over the stored encrypted data from the trusted authority to the data owners. 3. Proposing a key-validity method that relies on employing the Shamir Secret Sharing, which also contributes to giving data owners more control over their data. 4. Further improving the control of data owners in fuzzy identity-based cryptosystems by linking the decryption keys parameters with their biometric modalities. 5. Proposing a new asymmetric key exchange protocol based on utilizing the scheme of fuzzy identity-based cryptosystems to shared encrypted data stored on cloud computing