99 research outputs found
Certificate Transparency with Enhancements and Short Proofs
Browsers can detect malicious websites that are provisioned with forged or
fake TLS/SSL certificates. However, they are not so good at detecting malicious
websites if they are provisioned with mistakenly issued certificates or
certificates that have been issued by a compromised certificate authority.
Google proposed certificate transparency which is an open framework to monitor
and audit certificates in real time. Thereafter, a few other certificate
transparency schemes have been proposed which can even handle revocation. All
currently known constructions use Merkle hash trees and have proof size
logarithmic in the number of certificates/domain owners.
We present a new certificate transparency scheme with short (constant size)
proofs. Our construction makes use of dynamic bilinear-map accumulators. The
scheme has many desirable properties like efficient revocation, low
verification cost and update costs comparable to the existing schemes. We
provide proofs of security and evaluate the performance of our scheme.Comment: A preliminary version of the paper was published in ACISP 201
Quantum protocols for anonymous voting and surveying
We describe quantum protocols for voting and surveying. A key feature of our
schemes is the use of entangled states to ensure that the votes are anonymous
and to allow the votes to be tallied. The entanglement is distributed over
separated sites; the physical inaccessibility of any one site is sufficient to
guarantee the anonymity of the votes. The security of these protocols with
respect to various kinds of attack is discussed. We also discuss classical
schemes and show that our quantum voting protocol represents a N-fold reduction
in computational complexity, where N is the number of voters.Comment: 8 pages. V2 includes the modifications made for the published versio
Quantum secret sharing with qudit graph states
We present a unified formalism for threshold quantum secret sharing using
graph states of systems with prime dimension. We construct protocols for three
varieties of secret sharing: with classical and quantum secrets shared between
parties over both classical and quantum channels.Comment: 13 pages, 12 figures. v2: Corrected to reflect imperfections of (n,n)
QQ protocol. Also changed notation from to , corrected typos,
updated references, shortened introduction. v3: Updated acknowledgement
Matroids and Quantum Secret Sharing Schemes
A secret sharing scheme is a cryptographic protocol to distribute a secret
state in an encoded form among a group of players such that only authorized
subsets of the players can reconstruct the secret. Classically, efficient
secret sharing schemes have been shown to be induced by matroids. Furthermore,
access structures of such schemes can be characterized by an excluded minor
relation. No such relations are known for quantum secret sharing schemes. In
this paper we take the first steps toward a matroidal characterization of
quantum secret sharing schemes. In addition to providing a new perspective on
quantum secret sharing schemes, this characterization has important benefits.
While previous work has shown how to construct quantum secret sharing schemes
for general access structures, these schemes are not claimed to be efficient.
In this context the present results prove to be useful; they enable us to
construct efficient quantum secret sharing schemes for many general access
structures. More precisely, we show that an identically self-dual matroid that
is representable over a finite field induces a pure state quantum secret
sharing scheme with information rate one
Boomerang: Redundancy Improves Latency and Throughput in Payment-Channel Networks
In multi-path routing schemes for payment-channel networks, Alice transfers
funds to Bob by splitting them into partial payments and routing them along
multiple paths. Undisclosed channel balances and mismatched transaction fees
cause delays and failures on some payment paths. For atomic transfer schemes,
these straggling paths stall the whole transfer. We show that the latency of
transfers reduces when redundant payment paths are added. This frees up
liquidity in payment channels and hence increases the throughput of the
network. We devise Boomerang, a generic technique to be used on top of
multi-path routing schemes to construct redundant payment paths free of
counterparty risk. In our experiments, applying Boomerang to a baseline routing
scheme leads to 40% latency reduction and 2x throughput increase. We build on
ideas from publicly verifiable secret sharing, such that Alice learns a secret
of Bob iff Bob overdraws funds from the redundant paths. Funds are forwarded
using Boomerang contracts, which allow Alice to revert the transfer iff she has
learned Bob's secret. We implement the Boomerang contract in Bitcoin Script
Secret-Sharing for NP
A computational secret-sharing scheme is a method that enables a dealer, that
has a secret, to distribute this secret among a set of parties such that a
"qualified" subset of parties can efficiently reconstruct the secret while any
"unqualified" subset of parties cannot efficiently learn anything about the
secret. The collection of "qualified" subsets is defined by a Boolean function.
It has been a major open problem to understand which (monotone) functions can
be realized by a computational secret-sharing schemes. Yao suggested a method
for secret-sharing for any function that has a polynomial-size monotone circuit
(a class which is strictly smaller than the class of monotone functions in P).
Around 1990 Rudich raised the possibility of obtaining secret-sharing for all
monotone functions in NP: In order to reconstruct the secret a set of parties
must be "qualified" and provide a witness attesting to this fact.
Recently, Garg et al. (STOC 2013) put forward the concept of witness
encryption, where the goal is to encrypt a message relative to a statement "x
in L" for a language L in NP such that anyone holding a witness to the
statement can decrypt the message, however, if x is not in L, then it is
computationally hard to decrypt. Garg et al. showed how to construct several
cryptographic primitives from witness encryption and gave a candidate
construction.
One can show that computational secret-sharing implies witness encryption for
the same language. Our main result is the converse: we give a construction of a
computational secret-sharing scheme for any monotone function in NP assuming
witness encryption for NP and one-way functions. As a consequence we get a
completeness theorem for secret-sharing: computational secret-sharing scheme
for any single monotone NP-complete function implies a computational
secret-sharing scheme for every monotone function in NP
IoT Expunge: Implementing Verifiable Retention of IoT Data
The growing deployment of Internet of Things (IoT) systems aims to ease the
daily life of end-users by providing several value-added services. However, IoT
systems may capture and store sensitive, personal data about individuals in the
cloud, thereby jeopardizing user-privacy. Emerging legislation, such as
California's CalOPPA and GDPR in Europe, support strong privacy laws to protect
an individual's data in the cloud. One such law relates to strict enforcement
of data retention policies. This paper proposes a framework, entitled IoT
Expunge that allows sensor data providers to store the data in cloud platforms
that will ensure enforcement of retention policies. Additionally, the cloud
provider produces verifiable proofs of its adherence to the retention policies.
Experimental results on a real-world smart building testbed show that IoT
Expunge imposes minimal overheads to the user to verify the data against data
retention policies.Comment: This paper has been accepted in 10th ACM Conference on Data and
Application Security and Privacy (CODASPY), 202
Some Directions beyond Traditional Quantum Secret Sharing
We investigate two directions beyond the traditional quantum secret sharing
(QSS). First, a restriction on QSS that comes from the no-cloning theorem is
that any pair of authorized sets in an access structure should overlap. From
the viewpoint of application, this places an unnatural constraint on secret
sharing. We present a generalization, called assisted QSS (AQSS), where access
structures without pairwise overlap of authorized sets is permissible, provided
some shares are withheld by the share dealer. We show that no more than
withheld shares are required, where is the minimum number
of {\em partially linked classes} among the authorized sets for the QSS. Our
result means that such applications of QSS need not be thwarted by the
no-cloning theorem. Secondly, we point out a way of combining the features of
QSS and quantum key distribution (QKD) for applications where a classical
information is shared by quantum means. We observe that in such case, it is
often possible to reduce the security proof of QSS to that of QKD.Comment: To appear in Physica Scripta, 7 pages, 1 figure, subsumes
arXiv:quant-ph/040720
Ideal hierarchical secret sharing schemes
Hierarchical secret sharing is among the most natural generalizations of threshold secret sharing, and it has attracted a lot of attention from the invention of secret sharing until nowadays. Several constructions of ideal hierarchical secret sharing schemes have been proposed, but it was not known what access structures admit such a scheme. We solve this problem by providing a natural definition for the family of the hierarchical access structures and, more importantly, by presenting a complete characterization of the ideal hierarchical access structures, that is, the ones admitting an ideal secret sharing scheme. Our characterization deals with the properties of the hierarchically minimal sets of the access structure, which are the minimal qualified sets whose participants are in the lowest possible levels in the hierarchy. By using our characterization, it can be efficiently checked whether any given hierarchical access structure that is defined by its hierarchically minimal sets is ideal. We use the well known connection between ideal secret sharing and matroids and, in particular, the fact that every ideal access structure is a matroid port. In addition, we use recent results on ideal multipartite access structures and the connection between multipartite matroids and integer polymatroids. We prove that every ideal hierarchical access structure is the port of a representable matroid and, more specifically, we prove that every ideal structure in this family admits ideal linear secret sharing schemes over fields of all characteristics. In addition, methods to construct such ideal schemes can be derived from the results in this paper and the aforementioned ones on ideal multipartite secret sharing. Finally, we use our results to find a new proof for the characterization of the ideal weighted threshold access structures that is simpler than the existing one.Peer ReviewedPostprint (author's final draft
A roadmap to fully homomorphic elections: Stronger security, better verifiability
After the trials of remote internet voting for local elections in 2011 and parliamentary elections in 2013, a number of local referendums has renewed interest in internet voting in Norway.
The voting scheme used in Norway is not quantum-safe and it has limited voter verifiability. In this case study, we consider how we can use fully homomorphic encryption to construct a quantum-safe voting scheme with better voter verifiability.
While fully homomorphic cryptosystems are not efficient enough for the the system we sketch to be implemented and run today, we expect future improvements in fully homomorphic encryption which may eventually make these techniques practical
- …