d-Multiplicative Secret Sharing for Multipartite Adversary Structures

Secret sharing schemes are said to be d-multiplicative if the i-th shares of any d secrets s^(j), j?[d] can be converted into an additive share of the product ?_{j?[d]}s^(j). d-Multiplicative secret sharing is a central building block of multiparty computation protocols with minimum number of rounds which are unconditionally secure against possibly non-threshold adversaries. It is known that d-multiplicative secret sharing is possible if and only if no d forbidden subsets covers the set of all the n players or, equivalently, it is private with respect to an adversary structure of type Q_d. However, the only known method to achieve d-multiplicativity for any adversary structure of type Q_d is based on CNF secret sharing schemes, which are not efficient in general in that the information ratios are exponential in n. In this paper, we explicitly construct a d-multiplicative secret sharing scheme for any ?-partite adversary structure of type Q_d whose information ratio is O(n^{?+1}). Our schemes are applicable to the class of all the ?-partite adversary structures, which is much wider than that of the threshold ones. Furthermore, our schemes achieve information ratios which are polynomial in n if ? is constant and hence are more efficient than CNF schemes. In addition, based on the standard embedding of ?-partite adversary structures into ?^?, we introduce a class of ?-partite adversary structures of type Q_d with good geometric properties and show that there exist more efficient d-multiplicative secret sharing schemes for adversary structures in that family than the above general construction. The family of adversary structures is a natural generalization of that of the threshold ones and includes some adversary structures which arise in real-world scenarios

Function and secret sharing extensions for Blakley and Asmuth-Bloom secret sharing schemes

Ankara : The Department of Computer Engineering and the Institute of Engineering and Science of Bilkent University, 2009.Thesis (Master's) -- Bilkent University, 2009.Includes bibliographical references leaves 65-69.Threshold cryptography deals with situations where the authority to initiate or perform cryptographic operations is distributed amongst a group of individuals. Usually in these situations a secret sharing scheme is used to distribute shares of a highly sensitive secret, such as the private key of a bank, to the involved individuals so that only when a sufficient number of them can reconstruct the secret but smaller coalitions cannot. The secret sharing problem was introduced independently by Blakley and Shamir in 1979. They proposed two different solutions. Both secret sharing schemes (SSS) are examples of linear secret sharing. Many extensions and solutions based on these secret sharing schemes have appeared in the literature, most of them using Shamir SSS. In this thesis, we apply these ideas to Blakley secret sharing scheme. Many of the standard operations of single-user cryptography have counterparts in threshold cryptography. Function sharing deals with the problem of distribution of the computation of a function (such as decryption or signature) among several parties. The necessary values for the computation are distributed to the participants using a secret sharing scheme. Several function sharing schemes have been proposed in the literature with most of them using Shamir secret sharing as the underlying SSS. In this work, we investigate how function sharing can be achieved using linear secret sharing schemes in general and give solutions of threshold RSA signature, threshold Paillier decryption and threshold DSS signature operations. The threshold RSA scheme we propose is a generalization of Shoup’s Shamir-based scheme. It is similarly robust and provably secure under the static adversary model. In threshold cryptography the authorization of groups of people are decided simply according to their size. There are also general access structures in which any group can be designed as authorized. Multipartite access structures constitute an example of general access structures in which members of a subset are equivalent to each other and can be interchanged. Multipartite access structures can be used to represent any access structure since all access structures are multipartite. To investigate secret sharing schemes using these access structures, we used Mignotte and Asmuth-Bloom secret sharing schemes which are based on the Chinese remainder theorem (CRT). The question we tried to asnwer was whether one can find a Mignotte or Asmuth-Bloom sequence for an arbitrary access structure. For this purpose, we adapted an algorithm that appeared in the literature to generate these sequences. We also proposed a new SSS which solves the mentioned problem by generating more than one sequence.Bozkurt, İlker NadiM.S

Homomorphic Secret Sharing for Multipartite and General Adversary Structures Supporting Parallel Evaluation of Low-degree Polynomials

Homomorphic secret sharing (HSS) for a function $f$ allows input parties to distribute shares for their private inputs and then locally compute output shares from which the value of $f$ is recovered. HSS can be directly used to obtain a two-round multiparty computation (MPC) protocol for possibly non-threshold adversary structures whose communication complexity is independent of the size of $f$. In this paper, we propose two constructions of HSS schemes supporting parallel evaluation of a single low-degree polynomial and tolerating multipartite and general adversary structures. Our multipartite scheme tolerates a wider class of adversary structures than the previous multipartite one in the particular case of a single evaluation and has exponentially smaller share size than the general construction. While restricting the range of tolerable adversary structures (but still applicable to non-threshold ones), our schemes perform $\ell$ parallel evaluations with communication complexity approximately $\ell/\log\ell$ times smaller than simply using $\ell$ independent instances. We also formalize two classes of adversary structures taking into account real-world situations to which the previous threshold schemes are inapplicable. Our schemes then perform $O(m)$ parallel evaluations with almost the same communication cost as a single evaluation, where $m$ is the number of parties

Extended Access Structures and Their Cryptographic Applications

In secret sharing schemes a secret is distributed among a set of users $\mathcal{P}$ in such a way that only some sets, the authorized sets, can recover it. The family $\Gamma$ of authorized sets is called access structure. Given such a monotone family $\Gamma \subset 2^\P$, we introduce the concept of \emph{extended access structures}, defined over a larger set $\P\u27 = \P \cup \tilde{\P}$, satisfying these two properties: (1) the set $\P$ is a minimal subset of $\Gamma\u27$, i.e. $\P - \{R_i\} \notin \Gamma\u27$ for every $R_i \in \P$, (2) a subset $A \subset \P$ is in $\Gamma$ if and only if the subset $A \cup \tilde{\P}$ is in $\Gamma\u27$. As our first contribution, we give an explicit construction of an extended access structure $\Gamma\u27$ starting from a vector space access structure $\Gamma$, and we prove that $\Gamma\u27$ is also vector space. Our second contribution is to show that the concept of extended access structure can be used to design encryption schemes which involve access structures that are chosen ad-hoc at the time of encryption. Specifically, we design and analyze a dynamic distributed encryption scheme and a ciphertext-policy attribute-based encryption scheme. In some cases, the new schemes enjoy better properties than the existing ones

Theory and Practice of Cryptography and Network Security Protocols and Technologies

In an age of explosive worldwide growth of electronic data storage and communications, effective protection of information has become a critical requirement. When used in coordination with other tools for ensuring information security, cryptography in all of its applications, including data confidentiality, data integrity, and user authentication, is a most powerful tool for protecting information. This book presents a collection of research work in the field of cryptography. It discusses some of the critical challenges that are being faced by the current computing world and also describes some mechanisms to defend against these challenges. It is a valuable source of knowledge for researchers, engineers, graduate and doctoral students working in the field of cryptography. It will also be useful for faculty members of graduate schools and universities

Cryptographic Techniques for Securing Data in the Cloud

El paradigma de la computació al núvol proporciona accés remot a potents infraestructures a cost reduït. Tot i que l’adopció del núvol ofereix nombrosos beneficis, la migració de dades sol requerir un alt nivell de confiança en el proveïdor de serveis i introdueix problemes de privacitat. En aquesta tesi es dissenyen tècniques per a permetre a usuaris del núvol protegir un conjunt de dades externalitzades. Les solucions proposades emanen del projecte H2020 de la Comissió Europea “CLARUS: User-Centered Privacy and Security in the Cloud”. Els problemes explorats són la cerca sobre dades xifrades, la delegació de càlculs d’interpolació, els esquemes de compartició de secrets i la partició de dades. Primerament, s’estudia el problema de la cerca sobre dades xifrades mitjançant els esquemes de xifrat cercable simètric (SSE), i es desenvolupen tècniques que permeten consultes per rangs dos-dimensionals a SSE. També es tracta el mateix problema utilitzant esquemes de xifrat cercable de clau pública (PEKS), i es presenten esquemes PEKS que permeten consultes conjuntives i de subconjunt. En aquesta tesi també s’aborda la delegació privada de computacions Kriging. Kriging és un algoritme d’interpolació espaial dissenyat per a aplicacions geo-estadístiques. Es descriu un mètode per a delegar interpolacions Kriging de forma privada utilitzant xifrat homomòrfic. Els esquemes de compartició de secrets són una primitiva fonamental en criptografia, utilitzada a diverses solucions orientades al núvol. Una de les mesures d’eficiència relacionades més importants és la taxa d’informació òptima. Atès que calcular aquesta taxa és generalment difícil, s’obtenen propietats que faciliten la seva descripció. Finalment, es tracta el camp de la partició de dades per a la protecció de la privacitat. Aquesta tècnica protegeix la privacitat de les dades emmagatzemant diversos fragments a diferents ubicacions. Aquí s’analitza aquest problema des d’un punt de vista combinatori, fitant el nombre de fragments i proposant diversos algoritmes.El paradigma de la computación en la nube proporciona acceso remoto a potentes infraestructuras a coste reducido. Aunque la adopción de la nube ofrece numerosos beneficios, la migración de datos suele requerir un alto nivel de confianza en el proveedor de servicios e introduce problemas de privacidad. En esta tesis se diseñan técnicas para permitir a usuarios de la nube proteger un conjunto de datos externalizados. Las soluciones propuestas emanan del proyecto H2020 de la Comisión Europea “CLARUS: User-Centered Privacy and Security in the Cloud”. Los problemas explorados son la búsqueda sobre datos cifrados, la delegación de cálculos de interpolación, los esquemas de compartición de secretos y la partición de datos. Primeramente, se estudia el problema de la búsqueda sobre datos cifrados mediante los esquemas de cifrado simétrico buscable (SSE), y se desarrollan técnicas para permitir consultas por rangos dos-dimensionales en SSE. También se trata el mismo problema utilizando esquemas de cifrado buscable de llave pública (PEKS), y se presentan esquemas que permiten consultas conyuntivas y de subconjunto. Adicionalmente, se aborda la delegación privada de computaciones Kriging. Kriging es un algoritmo de interpolación espacial diseñado para aplicaciones geo-estadísticas. Se describe un método para delegar interpolaciones Kriging privadamente utilizando técnicas de cifrado homomórfico. Los esquemas de compartición de secretos son una primitiva fundamental en criptografía, utilizada en varias soluciones orientadas a la nube. Una de las medidas de eficiencia más importantes es la tasa de información óptima. Dado que calcular esta tasa es generalmente difícil, se obtienen propiedades que facilitan su descripción. Por último, se trata el campo de la partición de datos para la protección de la privacidad. Esta técnica protege la privacidad de los datos almacenando varios fragmentos en distintas ubicaciones. Analizamos este problema desde un punto de vista combinatorio, acotando el número de fragmentos y proponiendo varios algoritmos.The cloud computing paradigm provides users with remote access to scalable and powerful infrastructures at a very low cost. While the adoption of cloud computing yields a wide array of benefits, the act of migrating to the cloud usually requires a high level of trust in the cloud service provider and introduces several security and privacy concerns. This thesis aims at designing user-centered techniques to secure an outsourced data set in cloud computing. The proposed solutions stem from the European Commission H2020 project “CLARUS: User-Centered Privacy and Security in the Cloud”. The explored problems are searching over encrypted data, outsourcing Kriging interpolation computations, secret sharing and data splitting. Firstly, the problem of searching over encrypted data is studied using symmetric searchable encryption (SSE) schemes, and techniques are developed to enable efficient two-dimensional range queries in SSE. This problem is also studied through public key encryption with keyword search (PEKS) schemes, efficient PEKS schemes achieving conjunctive and subset queries are proposed. This thesis also aims at securely outsourcing Kriging computations. Kriging is a spatial interpolation algorithm designed for geo-statistical applications. A method to privately outsource Kriging interpolation is presented, based in homomorphic encryption. Secret sharing is a fundamental primitive in cryptography, used in many cloud-oriented techniques. One of the most important efficiency measures in secret sharing is the optimal information ratio. Since computing the optimal information ratio of an access structure is generally hard, properties are obtained to facilitate its description. Finally, this thesis tackles the privacy-preserving data splitting technique, which aims at protecting data privacy by storing different fragments of data at different locations. Here, the data splitting problem is analyzed from a combinatorial point of view, bounding the number of fragments and proposing various algorithms to split the data

From Information Theory Puzzles in Deletion Channels to Deniability in Quantum Cryptography

Research questions, originally rooted in quantum key exchange (QKE), have branched off into independent lines of inquiry ranging from information theory to fundamental physics. In a similar vein, the first part of this thesis is dedicated to information theory problems in deletion channels that arose in the context of QKE. From the output produced by a memoryless deletion channel with a uniformly random input of known length n, one obtains a posterior distribution on the channel input. The difference between the Shannon entropy of this distribution and that of the uniform prior measures the amount of information about the channel input which is conveyed by the output of length m. We first conjecture on the basis of experimental data that the entropy of the posterior is minimized by the constant strings 000..., 111... and maximized by the alternating strings 0101..., 1010.... Among other things, we derive analytic expressions for minimal entropy and propose alternative approaches for tackling the entropy extremization problem. We address a series of closely related combinatorial problems involving binary (sub/super)-sequences and prove the original minimal entropy conjecture for the special cases of single and double deletions using clustering techniques and a run-length encoding of strings. The entropy analysis culminates in a fundamental characterization of the extremal entropic cases in terms of the distribution of embeddings. We confirm the minimization conjecture in the asymptotic limit using results from hidden word statistics by showing how the analytic-combinatorial methods of Flajolet, Szpankowski and Vallée, relying on generating functions, can be applied to resolve the case of fixed output length and n → ∞. In the second part, we revisit the notion of deniability in QKE, a topic that remains largely unexplored. In a work by Donald Beaver it is argued that QKE protocols are not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and discuss how it extends to other prepare-and-measure QKE schemes such as QKE obtained from uncloneable encryption. We adopt the framework for quantum authenticated key exchange developed by Mosca et al. and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. We also elaborate on the differences between our model and the standard simulation-based definition of deniable key exchange in the classical setting. We establish a connection between the concept of covert communication and deniability by applying results from a work by Arrazola and Scarani on obtaining covert quantum communication and covert QKE to propose a simple construction for coercer-deniable QKE. We prove the deniability of this scheme via a reduction to the security of covert QKE. We relate deniability to fundamental concepts in quantum information theory and suggest a generic approach based on entanglement distillation for achieving information-theoretic deniability, followed by an analysis of other closely related results such as the relation between the impossibility of unconditionally secure quantum bit commitment and deniability. Finally, we present an efficient coercion-resistant and quantum-secure voting scheme, based on fully homomorphic encryption (FHE) and recent advances in various FHE primitives such as hashing, zero-knowledge proofs of correct decryption, verifiable shuffles and threshold FHE