Message Randomization and Strong Security in Quantum Stabilizer-Based Secret Sharing for Classical Secrets

We improve the flexibility in designing access structures of quantum stabilizer-based secret sharing schemes for classical secrets, by introducing message randomization in their encoding procedures. We generalize the Gilbert-Varshamov bound for deterministic encoding to randomized encoding of classical secrets. We also provide an explicit example of a ramp secret sharing scheme with which multiple symbols in its classical secret are revealed to an intermediate set, and justify the necessity of incorporating strong security criterion of conventional secret sharing. Finally, we propose an explicit construction of strongly secure ramp secret sharing scheme by quantum stabilizers, which can support twice as large classical secrets as the McEliece-Sarwate strongly secure ramp secret sharing scheme of the same share size and the access structure.Comment: Publisher's Open Access PDF. arXiv admin note: text overlap with arXiv:1811.0521

Algebraic Techniques for Low Communication Secure Protocols

Internet communication is often encrypted with the aid of mathematical problems that are hard to solve. Another method to secure electronic communication is the use of a digital lock of which the digital key must be exchanged first. PhD student Robbert de Haan (CWI) researched models for a guaranteed safe communication between two people without the exchange of a digital key and without assumptions concerning the practical difficulty of solving certain mathematical problems. In ancient times Julius Caesar used secret codes to make his messages illegible for spies. He upped every letter of the alphabet with three positions: A became D, Z became C, and so on. Usually, cryptographers research secure communication between two people through one channel that can be monitored by malevolent people. De Haan studied the use of multiple channels. A minority of these channels may be in the hands of adversaries that can intercept, replace or block the message. He proved the most efficient way to securely communicate along these channels and thus solved a fundamental cryptography problem that was introduced almost 20 years ago by Dole, Dwork, Naor and Yung

Quantum Strongly Secure Ramp Secret Sharing

Quantum secret sharing is a scheme for encoding a quantum state (the secret) into multiple shares and distributing them among several participants. If a sufficient number of shares are put together, then the secret can be fully reconstructed. If an insufficient number of shares are put together however, no information about the secret can be revealed. In quantum ramp secret sharing, partial information about the secret is allowed to leak to a set of participants, called an unqualified set, that cannot fully reconstruct the secret. By allowing this, the size of a share can be drastically reduced. This paper introduces a quantum analog of classical strong security in ramp secret sharing schemes. While the ramp secret sharing scheme still leaks partial information about the secret to unqualified sets of participants, the strong security condition ensures that qudits with critical information can no longer be leaked.Comment: svjour3.cls, 14 pages, 1 figure. Versions 1&2 were wrong. V3 is mathematically correct. The first author was moved to the secon

Enabling Private Real-Time Applications by Exploiting the Links Between Erasure Coding and Secret Sharing Mechanisms

A huge amount of personal data is shared in real time by online users, increasingly using mobile devices and (unreliable) wireless channels. There is a large industry effort in aggregation and analysis of this data to provide personalised services, and a corresponding research effort to enable processing of such data in a secure and privacy preserving way. Secret sharing is a mechanism that allows private data sharing, revealing the information only to a select group. A parallel research effort has been invested in addressing the performance of real time mobile communication on lossy wireless channel, commonly improved by using erasure codes. In this thesis, we bring together the theoretically related fields of secret sharing and erasure coding, to provide a rich source of solutions to the two problem areas. Our aim is to enable solutions that deliver the required performance level while being efficient and implementable. The thesis has the following contributions. We evaluate the applicability of a new class of Maximum Distance Separable (MDS) erasure codes to transmission of real time content to mobile devices and demonstrate that the systematic code outperforms the non-systematic variant in regards to computation complexity and buffer size requirements, making it practical for mobile devices. We propose a new Layered secret sharing scheme for real time data sharing in Online Social Networks (OSNs). The proposed scheme enables automated profile sharing in OSN groups with fine-grained privacy control, via a multi-secret sharing scheme comprising of layered shares. The scheme does not require reliance on a trusted third party. Compared to independent sharing of specific profile attributes (e.g. text, images or video), the scheme does not leak any information about what is shared, including the number of attributes and it introduces a relatively small computation and communications overhead. Finally, we investigate the links between MDS codes and secret sharing schemes, motivated by the inefficiency of the commonly used Shamir scheme. We derive the theoretical links between MDS codes and secret sharing schemes and propose a novel MDS code based construction method for strong ramp schemes. This allows the use of existing efficient implementations of MDS codes for secret sharing and secure computing applications. We demonstrate that strong ramp schemes deliver a significant reduction of processing time and communication overhead, compared to Shamir scheme

Generalizations of All-or-Nothing Transforms and their Application in Secure Distributed Storage

An all-or-nothing transform is an invertible function that maps s inputs to s outputs such that, in the calculation of the inverse, the absence of only one output makes it impossible for an adversary to obtain any information about any single input. In this thesis, we generalize this structure in several ways motivated by different applications, and for each generalization, we provide some constructions. For a particular generalization, where we consider the security of t input blocks in the absence of t output blocks, namely, t-all-or-nothing transforms, we provide two applications. We also define a closeness measure and study structures that are close to t-all-or-nothing transforms. Other generalizations consider the situations where: i) t covers a range of values and the structure maintains its t-all-or-nothingness property for all values of t in that range; ii) the transform provides security for a smaller, yet fixed, number of inputs than the number of absent outputs; iii) the missing output blocks are only from a fixed subset of the output blocks; and iv) the transform generates n outputs so that it can still reconstruct the inputs as long as s outputs are available. In the last case, the absence of n-s+t outputs can protect the security of any t inputs. For each of these transforms, various existence and non-existence results, as well as bounds and equivalence results are presented. We finish with proposing an application of generalization (iv) in secure distributed storage

Secret Sharing Schemes Based on Error-Correcting Codes

In this thesis we present a new secret sharing scheme based on binary error-correcting codes, which can realize arbitrary (monotone or non-monotone) access structures. In this secret sharing scheme the secret is a codeword in a binary error-correcting code and the shares are binary words of the same length. When a group of participants wants to reconstruct the secret, the participants calculate the sum of their shares and apply Hamming decoding to that sum. The shares have the property that, when the group is authorized, the secret is the codeword which is closest to the sum of the shares. Otherwise, the sum differs strongly enough from the secret such that Hamming decoding yields another codeword. The shares can be described by the solutions of a system of linear equations which is closely related to first order Reed-Muller codes. We consider the case that there are only two different Hamming distances from the sums of the shares to the secret: one small distance k for the authorized sets and one large distance g for unauthorized sets. For this case a method of how to find suitable shares for arbitrary access structures is presented. In the resulting secret sharing scheme large code lengths are needed and the security distance g is rather small. In order to find classes of access structures which have more efficient and secure realizations, we classify the access structures such that all access structures of one class allow the same parameters g and k. Furthermore we study several changes in the access structure and their impact on the possible realizations. This gives rise to special classes of access structures defined by veto sets and necessary sets, which are particularly suitable for our approach

Localised multisecret sharing

localised multisecret sharing scheme is a multisecret sharing scheme for an ordered set of players in which players in the smallest sets who are authorised to access secrets are close together in the underlying ordering. We define threshold versions of localised multisecret sharing schemes, we provide lower bounds on the share size of perfect localised multisecret sharing schemes in an information theoretic setting, and we give explicit constructions of schemes to show that these bounds are tight. We then analyse a range of approaches to relaxing the model that provide trade-offs between the share size and the level of security guarantees provided by the scheme, in order to permit the construction of schemes with smaller shares. We show how these techniques can be used in the context of an application to key distribution for RFID-based supply-chain management motivated by the proposal of Juels, Pappu and Parno from USENIX 2008