Revisiting Non-Malleable Secret Sharing

A threshold secret sharing scheme (with threshold $t$) allows a dealer to share a secret among a set of parties such that any group of $t$ or more parties can recover the secret and no group of at most $t-1$ parties learn any information about the secret. A non-malleable threshold secret sharing scheme, introduced in the recent work of Goyal and Kumar (STOC\u2718), additionally protects a threshold secret sharing scheme when its shares are subject to tampering attacks. Specifically, it guarantees that the reconstructed secret from the tampered shares is either the original secret or something that is unrelated to the original secret. In this work, we continue the study of threshold non-malleable secret sharing against the class of tampering functions that tamper each share independently. We focus on achieving greater efficiency and guaranteeing a stronger security property. We obtain the following results: - Rate Improvement. We give the first construction of a threshold non-malleable secret sharing scheme that has rate $> 0$. Specifically, for every $n,t \geq 4$, we give a construction of a $t$-out-of-$n$ non-malleable secret sharing scheme with rate $\Theta(\frac{1}{t\log ^2 n})$. In the prior constructions, the rate was $\Theta(\frac{1}{n\log m})$ where $m$ is the length of the secret and thus, the rate tends to 0 as $m \rightarrow \infty$. Furthermore, we also optimize the parameters of our construction and give a concretely efficient scheme. - Multiple Tampering. We give the first construction of a threshold non-malleable secret sharing scheme secure in the stronger setting of bounded tampering wherein the shares are tampered by multiple (but bounded in number) possibly different tampering functions. The rate of such a scheme is $\Theta(\frac{1}{k^3t\log^2 n})$ where $k$ is an apriori bound on the number of tamperings. We complement this positive result by proving that it is impossible to have a threshold non-malleable secret sharing scheme that is secure in the presence of an apriori unbounded number of tamperings. - General Access Structures. We extend our results beyond threshold secret sharing and give constructions of rate-efficient, non-malleable secret sharing schemes for more general monotone access structures that are secure against multiple (bounded) tampering attacks

Digital rights management

Digital rights management allows information owners to control the use and dissemination of electronic documents via a machine-readable licence. Documents are distributed in a protected form such that they may only be used with trusted environments, and only in accordance with terms and conditions stated in the licence. Digital rights management has found uses in protecting copyrighted audio-visual productions, private personal information, and companies' trade secrets and intellectual property. This chapter describes a general model of digital rights management together with the technologies used to implement each component of a digital rights management system, and desribes how digital rights management can be applied to secure the distribution of electronic information in a variety of contexts

Linear code implies publicf-key traitor tracing with revocation

In this paper, we show that the linear-coded Kurosawa–Desmedt scheme can be modified to allow revocation of users, that is to show a revocation scheme can be derived from a linear code

Design and implementation of a content filtering firewall

A firewall is a system for enforcing access control policy between two networks and is one of the most important measures to protect against network attacks. Firewalls traditionally protect the internal network from outside threats. But there has been increasing need for preventing the misuses of the network by the internal users which most previous firewalls overlook. In this paper, we propose a method of adding content filtering functionality to the firewall and describe its implementation. We also show a new attack that combines JAVA Applet and XML to get around the content filtering firewall, hence showing the need for clear usage policy for software and systems

A new identity-based key exchange protocol minimizing computation and communication

We propose a new identity-based key exchange protocol that minimizes the computation and communication required by participants in the protocol, and show that its security is closely related to some wellknown difficult problems. More specifically, we will argue that forging a key linked to a given identity is related to the difficulty of RSA inversion while finding the key established by the protocol is equivalent to breaking the Diffie-Hellman problem with composite modulus.SCOPUS: cp.kinfo:eu-repo/semantics/publishe

Construction of deletion correting codes using generalized Reed-Solomon codes and their subcodes

A code is n-deletion correcting if it is possible to correct any n deletion of symbols having occurred in transmission of codewords. In this paper, we present explicit constructions of n-deletion correcting codes for arbitrary values of n using generalized Reed-Solomon codes and their subcodes

On the security of girault’s identification scheme

Abstract. In this paper, we describe two serious weaknesses of an identity-based identification scheme proposed by Girault (presented at Eurocrypt ’90) that enables adversaries to forge identity, key pairs for a large group of users. We also show how to modify the scheme to make the attacks ineffective.