Linear Secret-Sharing Schemes for Forbidden Graph Access Structures

A secret-sharing scheme realizes the forbidden graph access structure determined by a graph $G=(V,E)$ if the parties are the vertices of the graph and the subsets that can reconstruct the secret are the pairs of vertices in $E$ (i.e., the edges) and the subsets of at least three vertices. Secret-sharing schemes for forbidden graph access structures defined by bipartite graphs are equivalent to conditional disclosure of secrets protocols. We study the complexity of realizing a forbidden graph access structure by linear secret-sharing schemes. A secret-sharing scheme is linear if the secret can be reconstructed from the shares by a linear mapping. We provide efficient constructions and lower bounds on the share size of linear secret-sharing schemes for sparse and dense graphs, closing the gap between upper and lower bounds. Given a sparse (resp. dense) graph with $n$ vertices and at most $n^{1+\beta}$ edges (resp. at least $\binom{n}{2} - n^{1+\beta}$ edges), for some $0 \leq \beta < 1$, we construct a linear secret-sharing scheme realizing its forbidden graph access structure in which the total size of the shares is $\tilde{O} (n^{1+\beta/2})$. Furthermore, we construct linear secret-sharing schemes realizing these access structures in which the size of each share is $\tilde{O} (n^{1/4+\beta/4})$. We also provide constructions achieving different trade-offs between the size of each share and the total share size. We prove that almost all forbidden graph access structures require linear secret-sharing schemes with total share size $\Omega(n^{3/2})$; this shows that the construction of Gay, Kerenidis, and Wee [CRYPTO 2015] is optimal. Furthermore, we show that for every $0 \leq \beta < 1$ there exist a graph with at most $n^{1+\beta}$ edges and a graph with at least $\binom{n}{2}-n^{1+\beta}$ edges such that the total share size in any linear secret-sharing scheme realizing the associated forbidden graph access structures is $\Omega (n^{1+\beta/2})$. Finally, we show that for every $0 \leq \beta < 1$ there exist a graph with at most $n^{1+\beta}$ edges and a graph with at least $\binom{n}{2}-n^{1+\beta}$ edges such that the size of the share of at least one party in any linear secret-sharing scheme realizing these forbidden graph access structures is $\Omega (n^{1/4+\beta/4})$. This shows that our constructions are optimal (up to poly-logarithmic factors)

Secret-Sharing from Robust Conditional Disclosure of Secrets

A secret-sharing scheme is a method by which a dealer, holding a secret string, distributes shares to parties such that only authorized subsets of parties can reconstruct the secret. The collection of authorized subsets is called an access structure. Secret-sharing schemes are an important tool in cryptography and they are used as a building box in many secure protocols. In the original constructions of secret-sharing schemes by Ito et al. [Globecom 1987], the share size of each party is $\tilde{O}(2^{n})$ (where $n$ is the number of parties in the access structure). New constructions of secret-sharing schemes followed; however, the share size in these schemes remains basically the same. Although much efforts have been devoted to this problem, no progress was made for more than 30 years. Recently, in a breakthrough paper, Liu and Vaikuntanathan [STOC 2018] constructed a secret-sharing scheme for a general access structure with share size $\tilde{O}(2^{0.994n})$. The construction is based on new protocols for conditional disclosure of secrets (CDS). This was improved by Applebaum et al. [EUROCRYPT 2019] to $\tilde{O}(2^{0.892n})$. In this work, we construct improved secret-sharing schemes for a general access structure with share size $\tilde{O}(2^{0.762n})$. Our schemes are linear, that is, the shares are a linear function of the secret and some random elements from a finite field. Previously, the best linear secret-sharing scheme had shares of size $\tilde{O}(2^{0.942n})$. Most applications of secret-sharing require linearity. Our scheme is conceptually simpler than previous schemes, using a new reduction to two-party CDS protocols (previous schemes used a reduction to multi-party CDS protocols). In a CDS protocol for a function $f$, there are $k$ parties and a referee; each party holds a private input and a common secret, and sends one message to the referee (without seeing the other messages). On one hand, if the function $f$ applied to the inputs returns $1$, then it is required that the referee, which knows the inputs, can reconstruct the secret from the messages. On the other hand, if the function $f$ applied to the inputs returns $0$, then the referee should get no information on the secret from the messages. However, if the referee gets two messages from a party, corresponding to two different inputs (as happens in our reduction from secret-sharing to CDS), then the referee might be able to reconstruct the secret although it should not. To overcome this problem, we define and construct $t$-robust CDS protocols, where the referee cannot get any information on the secret when it gets $t$ messages for a set of zero-inputs of $f$. We show that if a function $f$ has a two-party CDS protocol with message size $c_f$, then it has a two-party $t$-robust CDS protocol with normalized message size $\tilde{O}(t c_f)$. Furthermore, we show that every function $f:[N] \times [N]\rightarrow \{0,1\}$ has a multi-linear $t$-robust CDS protocol with normalized message size $\tilde{O}(t+\sqrt{N})$. We use a variant of this protocol (with $t$ slightly larger than $\sqrt{N}$) to construct our improved linear secret-sharing schemes. Finally, we construct robust $k$-party CDS protocols for $k>2$

Better Secret-Sharing via Robust Conditional Disclosure of Secrets

A secret-sharing scheme allows to distribute a secret $s$ among $n$ parties such that only some predefined ``authorized\u27\u27 sets of parties can reconstruct the secret, and all other ``unauthorized\u27\u27 sets learn nothing about $s$. For over 30 years, it was known that any (monotone) collection of authorized sets can be realized by a secret-sharing scheme whose shares are of size $2^{n-o(n)}$ and until recently no better scheme was known. In a recent breakthrough, Liu and Vaikuntanathan (STOC 2018) have reduced the share size to $2^{0.994n+o(n)}$, which was later improved to $2^{0.892n+o(n)}$ by Applebaum et al. (EUROCRYPT 2019). In this paper we improve the exponent of general secret-sharing schemes down to $0.637$. For the special case of linear secret-sharing schemes, we get an exponent of $0.762$ (compared to $0.942$ of Applebaum et al.). As our main building block, we introduce a new \emph{robust} variant of conditional disclosure of secrets (robust CDS) that achieves unconditional security even under bounded form of re-usability. We show that the problem of general secret-sharing schemes reduces to robust CDS protocols with sub-exponential overhead and derive our main result by implementing robust CDS with a non-trivial exponent. The latter construction follows by presenting a general immunization procedure that turns standard CDS into a robust CDS

Cryptographic Techniques for Securing Data in the Cloud

El paradigma de la computació al núvol proporciona accés remot a potents infraestructures a cost reduït. Tot i que l’adopció del núvol ofereix nombrosos beneficis, la migració de dades sol requerir un alt nivell de confiança en el proveïdor de serveis i introdueix problemes de privacitat. En aquesta tesi es dissenyen tècniques per a permetre a usuaris del núvol protegir un conjunt de dades externalitzades. Les solucions proposades emanen del projecte H2020 de la Comissió Europea “CLARUS: User-Centered Privacy and Security in the Cloud”. Els problemes explorats són la cerca sobre dades xifrades, la delegació de càlculs d’interpolació, els esquemes de compartició de secrets i la partició de dades. Primerament, s’estudia el problema de la cerca sobre dades xifrades mitjançant els esquemes de xifrat cercable simètric (SSE), i es desenvolupen tècniques que permeten consultes per rangs dos-dimensionals a SSE. També es tracta el mateix problema utilitzant esquemes de xifrat cercable de clau pública (PEKS), i es presenten esquemes PEKS que permeten consultes conjuntives i de subconjunt. En aquesta tesi també s’aborda la delegació privada de computacions Kriging. Kriging és un algoritme d’interpolació espaial dissenyat per a aplicacions geo-estadístiques. Es descriu un mètode per a delegar interpolacions Kriging de forma privada utilitzant xifrat homomòrfic. Els esquemes de compartició de secrets són una primitiva fonamental en criptografia, utilitzada a diverses solucions orientades al núvol. Una de les mesures d’eficiència relacionades més importants és la taxa d’informació òptima. Atès que calcular aquesta taxa és generalment difícil, s’obtenen propietats que faciliten la seva descripció. Finalment, es tracta el camp de la partició de dades per a la protecció de la privacitat. Aquesta tècnica protegeix la privacitat de les dades emmagatzemant diversos fragments a diferents ubicacions. Aquí s’analitza aquest problema des d’un punt de vista combinatori, fitant el nombre de fragments i proposant diversos algoritmes.El paradigma de la computación en la nube proporciona acceso remoto a potentes infraestructuras a coste reducido. Aunque la adopción de la nube ofrece numerosos beneficios, la migración de datos suele requerir un alto nivel de confianza en el proveedor de servicios e introduce problemas de privacidad. En esta tesis se diseñan técnicas para permitir a usuarios de la nube proteger un conjunto de datos externalizados. Las soluciones propuestas emanan del proyecto H2020 de la Comisión Europea “CLARUS: User-Centered Privacy and Security in the Cloud”. Los problemas explorados son la búsqueda sobre datos cifrados, la delegación de cálculos de interpolación, los esquemas de compartición de secretos y la partición de datos. Primeramente, se estudia el problema de la búsqueda sobre datos cifrados mediante los esquemas de cifrado simétrico buscable (SSE), y se desarrollan técnicas para permitir consultas por rangos dos-dimensionales en SSE. También se trata el mismo problema utilizando esquemas de cifrado buscable de llave pública (PEKS), y se presentan esquemas que permiten consultas conyuntivas y de subconjunto. Adicionalmente, se aborda la delegación privada de computaciones Kriging. Kriging es un algoritmo de interpolación espacial diseñado para aplicaciones geo-estadísticas. Se describe un método para delegar interpolaciones Kriging privadamente utilizando técnicas de cifrado homomórfico. Los esquemas de compartición de secretos son una primitiva fundamental en criptografía, utilizada en varias soluciones orientadas a la nube. Una de las medidas de eficiencia más importantes es la tasa de información óptima. Dado que calcular esta tasa es generalmente difícil, se obtienen propiedades que facilitan su descripción. Por último, se trata el campo de la partición de datos para la protección de la privacidad. Esta técnica protege la privacidad de los datos almacenando varios fragmentos en distintas ubicaciones. Analizamos este problema desde un punto de vista combinatorio, acotando el número de fragmentos y proponiendo varios algoritmos.The cloud computing paradigm provides users with remote access to scalable and powerful infrastructures at a very low cost. While the adoption of cloud computing yields a wide array of benefits, the act of migrating to the cloud usually requires a high level of trust in the cloud service provider and introduces several security and privacy concerns. This thesis aims at designing user-centered techniques to secure an outsourced data set in cloud computing. The proposed solutions stem from the European Commission H2020 project “CLARUS: User-Centered Privacy and Security in the Cloud”. The explored problems are searching over encrypted data, outsourcing Kriging interpolation computations, secret sharing and data splitting. Firstly, the problem of searching over encrypted data is studied using symmetric searchable encryption (SSE) schemes, and techniques are developed to enable efficient two-dimensional range queries in SSE. This problem is also studied through public key encryption with keyword search (PEKS) schemes, efficient PEKS schemes achieving conjunctive and subset queries are proposed. This thesis also aims at securely outsourcing Kriging computations. Kriging is a spatial interpolation algorithm designed for geo-statistical applications. A method to privately outsource Kriging interpolation is presented, based in homomorphic encryption. Secret sharing is a fundamental primitive in cryptography, used in many cloud-oriented techniques. One of the most important efficiency measures in secret sharing is the optimal information ratio. Since computing the optimal information ratio of an access structure is generally hard, properties are obtained to facilitate its description. Finally, this thesis tackles the privacy-preserving data splitting technique, which aims at protecting data privacy by storing different fragments of data at different locations. Here, the data splitting problem is analyzed from a combinatorial point of view, bounding the number of fragments and proposing various algorithms to split the data