On the optimization of bipartite secret sharing schemes

Optimizing the ratio between the maximum length of the shares and the length of the secret value in secret sharing schemes for general access structures is an extremely difficult and long-standing open problem. In this paper, we study it for bipartite access structures, in which the set of participants is divided in two parts, and all participants in each part play an equivalent role. We focus on the search of lower bounds by using a special class of polymatroids that is introduced here, the tripartite ones. We present a method based on linear programming to compute, for every given bipartite access structure, the best lower bound that can be obtained by this combinatorial method. In addition, we obtain some general lower bounds that improve the previously known ones, and we construct optimal secret sharing schemes for a family of bipartite access structures.Peer ReviewedPostprint (author's final draft

On the information ratio of non-perfect secret sharing schemes

The final publication is available at Springer via http://dx.doi.org/10.1007/s00453-016-0217-9A secret sharing scheme is non-perfect if some subsets of players that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes and the construction of efficient linear non-perfect secret sharing schemes. To this end, we extend the known connections between matroids, polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information on the secret value that is obtained by each subset of players. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, access functions whose values depend only on the number of players, generalize the threshold access structures. The optimal information ratio of the uniform access functions with rational values has been determined by Yoshida, Fujiwara and Fossorier. By using the tools that are described in our work, we provide a much simpler proof of that result and we extend it to access functions with real values.Peer ReviewedPostprint (author's final draft

HLS-based HW/SW co-design of the post-quantum classic McEliece cryptosystem

While quantum computers are rapidly becoming more powerful, the current cryptographic infrastructure is imminently threatened. In a preventive manner, the U.S. National Institute of Standards and Technology (NIST) has initiated a process to evaluate quantum-resistant cryptosystems, to form the first post-quantum (PQ) cryptographic standard. Classic McEliece (CM) is one of the most prominent cryptosystems considered for standardization in NIST’s PQ cryptography contest. However, its computational cost poses notable challenges to a big fraction of existing computing devices. This work presents an HLS-based, HW/SW co-design acceleration of the CM Key Encapsulation Mechanism (CM KEM). We demonstrate significant maximum speedups of up to 55.2 ×, 3.3 ×, and 8.7 × in the CM KEM algorithms of key generation, encapsulation, and decapsulation respectively, comparing to a SW-only scalar implementation.This research was supported by the European Union Regional Development Fund within the framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of 50% of the total cost eligible, under the DRAC project [001- P-001723]. It was also supported by the Spanish goverment (grant RTI2018-095094-B-C21 “CONSENT”), by the Spanish Ministry of Science and Innovation (contracts PID2019- 107255GB-C21, PID2019-107255GB-C21) and by the Catalan Government (contracts 2017-SGR-1414, 2017-SGR-705). This work has also received funding from the European Union Horizon 2020 research and innovation programme under grant agreement No. 871467. V. Kostalabros has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under "Ajuts per a la contractació de personal investigador novell" fellowship No. 2019FI B01274. M. Moreto was also partially supported by the Spanish Ministry of Economy, Industry and Competitiveness under "Ramón y Cajal" fellowship No. RYC-2016-21104.Peer ReviewedPostprint (author's final draft

A security model for randomization-based protected caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.This research was supported by the European Union Regional Development Fund withinthe framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of50% of the total cost eligible, under the DRAC project [001-P-001723], and by the SpanishGovernment, under the CONSENT project [RTI2018-095094-B-C21]. Carles Hernándezis partially supported by Spanish Ministry of Science, Innovation and Universities under“Ramón y Cajal”, fellowship No. RYC2020-030685-I. Vatistas Kostalabros is partiallysupported by the Agency for Management of University and Research Grants (AGAUR) ofthe Government of Catalonia, under “Ajuts per a la contractació de personal investigadornovell”, fellowship No. 2019FI B01274. Miquel Moretó is partially supported by theSpanish Ministry of Economy, Industry and Competitiveness under “Ramón y Cajal”,fellowship No. RYC-2016-21104.Peer ReviewedPostprint (published version

A security model for randomization-based protected caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.This research was supported by the European Union Regional Development Fund withinthe framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of50% of the total cost eligible, under the DRAC project [001-P-001723], and by the SpanishGovernment, under the CONSENT project [RTI2018-095094-B-C21]. Carles Hernándezis partially supported by Spanish Ministry of Science, Innovation and Universities under“Ramón y Cajal”, fellowship No. RYC2020-030685-I. Vatistas Kostalabros is partiallysupported by the Agency for Management of University and Research Grants (AGAUR) ofthe Government of Catalonia, under “Ajuts per a la contractació de personal investigadornovell”, fellowship No. 2019FI B01274. Miquel Moretó is partially supported by theSpanish Ministry of Economy, Industry and Competitiveness under “Ramón y Cajal”,fellowship No. RYC-2016-21104.Peer ReviewedPostprint (published version

Multipartite secret sharing schemes

This thesis is dedicated to the study of secret sharing schemes, which are cryptographic methods to share information in a secure way. The topics that are considered in the thesis are two of the main open problems in secret sharing: the characterization of the ideal access structures and the optimization of the length of the shares for general access structures. These open problems are studied for multipartite secret sharing schemes. In these schemes the set of participants is divided into parts and the participants in each part have the same rights to obtain the secret. The results of the thesis are based on a new combinatorial property of secret sharing schemes, which is a connection between ideal multipartite secret sharing schemes and integer polymatroids. It provides new sufficient conditions and necessary conditions for an access structure to be ideal. Moreover, this connection is also used in the construction ideal linear multipartite secret sharing schemes. These results are useful for the study of multipartite access structures in which the number of parts is small in relation to the number of participants, and multipartite access structures in which the parts are related in a special way. This is the case of the family of hierarchical access structures, which are the ones in which the participants can be hierarchically ordered, and the family of tripartite access structures. Applying these results, the ideal access structures in these families are completely characterized. All the ideal multipartite secret sharing schemes presented in the literature are related to a particular family of integer polymatroids, the boolean ones. The analysis of these polymatroids leds to the find of new ideal multipartite secret sharing schemes. The optimization of the length of the shares is also studied for multipartite secret sharing schemes, in particular for the bipartite ones. The main results are a new method to find bound on the length of the shares that combines linearEl tema d'aquesta tesi són els esquemes de compartició de secrets, uns mètodes criptogràfics que permeten fragmentar missatges de manera segura. En particular s'aborden dos dels principals problemes oberts en aquest camp: la caracterització de les estructures d'accés que admeten esquemes de compartició de secrets ideals i l'optimització de la llargada dels fragments en construccions per estructures d'accés generals. Aquests problemes oberts s'estudien per estructures d'accés multipartides, que són estructures en què el conjunt de participants està dividit en diferents parts i a cada part tots els participants tenen el mateix rol. Aquest plantejament resulta útil per estudiar famílies d'estructures d'accés en què el nombre de parts és petit i estructures en què hi ha alguna relació especial entre les parts, com les jeràrquiques i les compartmentades. L'eina principal d'aquest estudi és una nova propietat de les estructures ideals que es presenta en aquesta tesi, una connexió entre les estructures ideals multipartides i els polimatroides enters. A partir d'aquesta connexió s'obté una condició suficient i una de necessària perquè una estructura d'accés multipartida sigui ideal. Així, aquesta connexió permet discutir la idealitat de les estructures d'accés i també, en el cas que el polimatoride sigui representable, construir esquemes ideals a partir de les representacions. Aplicant aquests resultats s'obté un nou marc per descriure i analitzar mètodes per construir esquemes multipartits ideals. Com a resultat d'aquest estudi s'obté una caracterització completa de les estructures d'accés tripartides ideals i de les jeràrquiques ideals. Una estructura és jeràrquica si el conjunt de participants es pot ordenar de tal manera que si en un conjunt autoritzat es canvia un participant per un de jeràrquicament superior, el nou conjunt també és autoritzat. A partir d'aquest resultat s'obté una nova caracterització de les estructures de llindar amb pesos ideals. Després d'analitzar tots els esquemes de compartició de secrets ideals multipartits presentats fins l'actualitat, es mostra que tots ells estan relacionats amb una família molt senzilla de polimatroides enters, els booleans. A partir d'aquests polimatroides s'obté una nova família d'estructures ideals, les compartmentades, que inclouen diverses famílies estudiades prèviament. L'altre problema obert considerat a la tesi, l'estudi de l'optimització de la llargada dels fragments, es centra en les estructures bipartides. Combinant tècniques de programació lineal i polimatroides, es presenta un mètode per calcular fites en la llargada dels fragments per estructures d'accés no ideals que és vàlid per qualsevol estructura multipartida. A partir de tècniques algebraiques es presenten noves fites i una família d'esquemes bipartits òptims

The biosynthesis and further metabolism of xenobiotic diacylglycerols, and their activation of protein kinase C

Available from British Library Document Supply Centre- DSC:DXN054303 / BLDSC - British Library Document Supply CentreSIGLEGBUnited Kingdo

Ideal hierarchical secret sharing schemes

Hierarchical secret sharing is among the most natural generalizations of threshold secret sharing, and it has attracted a lot of attention from the invention of secret sharing until nowadays. Several constructions of ideal hierarchical secret sharing schemes have been proposed, but it was not known what access structures admit such a scheme. We solve this problem by providing a natural definition for the family of the hierarchical access structures and, more importantly, by presenting a complete characterization of the ideal hierarchical access structures, that is, the ones admitting an ideal secret sharing scheme. Our characterization deals with the properties of the hierarchically minimal sets of the access structure, which are the minimal qualified sets whose participants are in the lowest possible levels in the hierarchy. By using our characterization, it can be efficiently checked whether any given hierarchical access structure that is defined by its hierarchically minimal sets is ideal. We use the well known connection between ideal secret sharing and matroids and, in particular, the fact that every ideal access structure is a matroid port. In addition, we use recent results on ideal multipartite access structures and the connection between multipartite matroids and integer polymatroids. We prove that every ideal hierarchical access structure is the port of a representable matroid and, more specifically, we prove that every ideal structure in this family admits ideal linear secret sharing schemes over fields of all characteristics. In addition, methods to construct such ideal schemes can be derived from the results in this paper and the aforementioned ones on ideal multipartite secret sharing. Finally, we use our results to find a new proof for the characterization of the ideal weighted threshold access structures that is simpler than the existing one.Peer Reviewe

Ideal hierarchical secret sharing schemes

Hierarchical secret sharing is among the most natural generalizations of threshold secret sharing, and it has attracted a lot of attention since the invention of secret sharing until nowadays. Several constructions of ideal hierarchical secret sharing schemes have been proposed, but it was not known what access structures admit such a scheme. We solve this problem by providing a natural definition for the family of the hierarchical access structures and, more importantly, by presenting a complete characterization of the ideal hierarchical access structures, that is, the ones admitting an ideal secret sharing scheme. Our characterization is based on the well known connection between ideal secret sharing schemes and matroids and, more specifically, on the connection between ideal multipartite secret sharing schemes and integer polymatroids. In particular, we prove that every hierarchical matroid port admits an ideal linear secret sharing scheme over every large enough finite field. Finally, we use our results to present a new proof for the existing characterization of the ideal weighted threshold access structures.Peer Reviewe

Extending Brickell-Davenport theorem to non-perfect secret sharing schemes

One important result in secret sharing is the Brickell-Davenport Theorem: every ideal perfect secret sharing scheme de nes a matroid that is uniquely determined by the access structure. Even though a few attempts have been made, there is no satisfactory de nition of ideal secret sharing scheme for the general case, in which non-perfect schemes are considered as well. Without providing another unsatisfactory de nition of ideal non-perfect secret sharing scheme, we present a generalization of the Brickell-Davenport Theorem to the general case. After analyzing that result under a new point of view and identifying its combinatorial nature, we present a characterization of the (not necessarily perfect) secret sharing schemes that are associated to matroids. Some optimality properties of such schemes are discussed.Peer Reviewe