56,104 research outputs found
Automated Cryptographic Analysis of the Pedersen Commitment Scheme
Aiming for strong security assurance, recently there has been an increasing
interest in formal verification of cryptographic constructions. This paper
presents a mechanised formal verification of the popular Pedersen commitment
protocol, proving its security properties of correctness, perfect hiding, and
computational binding. To formally verify the protocol, we extended the theory
of EasyCrypt, a framework which allows for reasoning in the computational
model, to support the discrete logarithm and an abstraction of commitment
protocols. Commitments are building blocks of many cryptographic constructions,
for example, verifiable secret sharing, zero-knowledge proofs, and e-voting.
Our work paves the way for the verification of those more complex
constructions.Comment: 12 pages, conference MMM-ACNS 201
Randomness Recoverable Secret Sharing Schemes
It is well-known that randomness is essential for secure cryptography. The randomness used in cryptographic primitives is not necessarily recoverable even by the party who can, e.g., decrypt or recover the underlying secret/message. Several cryptographic primitives that support randomness recovery have turned out useful in various applications. In this paper, we study randomness recoverable secret sharing schemes (RR-SSS), in both information-theoretic and computational settings and provide two results. First, we show that while every access structure admits a perfect RR-SSS, there are very simple access structures (e.g., in monotone AC?) that do not admit efficient perfect (or even statistical) RR-SSS. Second, we show that the existence of efficient computational RR-SSS for certain access structures in monotone AC? implies the existence of one-way functions. This stands in sharp contrast to (non-RR) SSS schemes for which no such results are known.
RR-SSS plays a key role in making advanced attributed-based encryption schemes randomness recoverable, which in turn have applications in the context of designated-verifier non-interactive zero knowledge
Infinite Secret Sharing -- Examples
The motivation for extending secret sharing schemes to cases when either the
set of players is infinite or the domain from which the secret and/or the
shares are drawn is infinite or both, is similar to the case when switching to
abstract probability spaces from classical combinatorial probability. It might
shed new light on old problems, could connect seemingly unrelated problems, and
unify diverse phenomena.
Definitions equivalent in the finitary case could be very much different when
switching to infinity, signifying their difference. The standard requirement
that qualified subsets should be able to determine the secret has different
interpretations in spite of the fact that, by assumption, all participants have
infinite computing power. The requirement that unqualified subsets should have
no, or limited information on the secret suggests that we also need some
probability distribution. In the infinite case events with zero probability are
not necessarily impossible, and we should decide whether bad events with zero
probability are allowed or not.
In this paper, rather than giving precise definitions, we enlist an abundance
of hopefully interesting infinite secret sharing schemes. These schemes touch
quite diverse areas of mathematics such as projective geometry, stochastic
processes and Hilbert spaces. Nevertheless our main tools are from probability
theory. The examples discussed here serve as foundation and illustration to the
more theory oriented companion paper
Probabilistic Infinite Secret Sharing
The study of probabilistic secret sharing schemes using arbitrary probability
spaces and possibly infinite number of participants lets us investigate
abstract properties of such schemes. It highlights important properties,
explains why certain definitions work better than others, connects this topic
to other branches of mathematics, and might yield new design paradigms.
A probabilistic secret sharing scheme is a joint probability distribution of
the shares and the secret together with a collection of secret recovery
functions for qualified subsets. The scheme is measurable if the recovery
functions are measurable. Depending on how much information an unqualified
subset might have, we define four scheme types: perfect, almost perfect, ramp,
and almost ramp. Our main results characterize the access structures which can
be realized by schemes of these types.
We show that every access structure can be realized by a non-measurable
perfect probabilistic scheme. The construction is based on a paradoxical pair
of independent random variables which determine each other.
For measurable schemes we have the following complete characterization. An
access structure can be realized by a (measurable) perfect, or almost perfect
scheme if and only if the access structure, as a subset of the Sierpi\'nski
space , is open, if and only if it can be realized by a span
program. The access structure can be realized by a (measurable) ramp or almost
ramp scheme if and only if the access structure is a set
(intersection of countably many open sets) in the Sierpi\'nski topology, if and
only if it can be realized by a Hilbert-space program
Quantum secret sharing with qudit graph states
We present a unified formalism for threshold quantum secret sharing using
graph states of systems with prime dimension. We construct protocols for three
varieties of secret sharing: with classical and quantum secrets shared between
parties over both classical and quantum channels.Comment: 13 pages, 12 figures. v2: Corrected to reflect imperfections of (n,n)
QQ protocol. Also changed notation from to , corrected typos,
updated references, shortened introduction. v3: Updated acknowledgement
Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols
Code voting was introduced by Chaum as a solution for using a possibly
infected-by-malware device to cast a vote in an electronic voting application.
Chaum's work on code voting assumed voting codes are physically delivered to
voters using the mail system, implicitly requiring to trust the mail system.
This is not necessarily a valid assumption to make - especially if the mail
system cannot be trusted. When conspiring with the recipient of the cast
ballots, privacy is broken.
It is clear to the public that when it comes to privacy, computers and
"secure" communication over the Internet cannot fully be trusted. This
emphasizes the importance of using: (1) Unconditional security for secure
network communication. (2) Reduce reliance on untrusted computers.
In this paper we explore how to remove the mail system trust assumption in
code voting. We use PSMT protocols (SCN 2012) where with the help of visual
aids, humans can carry out addition correctly with a 99\% degree of
accuracy. We introduce an unconditionally secure MIX based on the combinatorics
of set systems.
Given that end users of our proposed voting scheme construction are humans we
\emph{cannot use} classical Secure Multi Party Computation protocols.
Our solutions are for both single and multi-seat elections achieving:
\begin{enumerate}[i)]
\item An anonymous and perfectly secure communication network secure against
a -bounded passive adversary used to deliver voting,
\item The end step of the protocol can be handled by a human to evade the
threat of malware. \end{enumerate} We do not focus on active adversaries
Fully leakage-resilient signatures revisited: Graceful degradation, noisy leakage, and construction in the bounded-retrieval model
We construct new leakage-resilient signature schemes. Our schemes remain unforgeable against an adversary leaking arbitrary (yet bounded) information on the entire state of the signer (sometimes known as fully leakage resilience), including the random coin tosses of the signing algorithm. The main feature of our constructions is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible
- …