Abstract:{ amir , st asio .huge, moti}0oatson. ibm. t o m Abstract. Secret sharing schemes protect secrets by distributing them over different locations (share holders). In particular, in k out of R threshold schemes, security is assured if throughout the entire lifetime of the secret the adversary is restricted to compromise less than k of the n locations. For long-lived and sensitive secrets this protection may be insufficient. We propose an efficient proactive secret sharing scheme, where shares are periodically ren… Show more
“…For example, verifiable secret-sharing (VSS) scheme [15][16][17] not only allows the shareholders to verify the validity of their received shares in the share generation and distribution phase but also allows the verification of the revealed shares in the secret reconstruction phase. In proactive secret-sharing schemes [29][30][31], shareholders can refresh their shares periodically without the dealer being involved, so that the shares obtained by the adversaries will become obsolete after the shares are updated. Moreover, the threshold can be dynamically adjusted when some shareholders join in or leave.…”
In a secret-sharing scheme, the secret is shared among a set of shareholders, and it can be reconstructed if a quorum of these shareholders work together by releasing their secret shares. However, in many applications, it is undesirable for nonshareholders to learn the secret. In these cases, pairwise secure channels are needed among shareholders to exchange the shares. In other words, a shared key needs to be established between every pair of shareholders. But employing an additional key establishment protocol may make the secret-sharing schemes significantly more complicated. To solve this problem, we introduce a new type of secret-sharing, called protected secret-sharing (PSS), in which the shares possessed by shareholders not only can be used to reconstruct the original secret but also can be used to establish the shared keys between every pair of shareholders. Therefore, in the secret reconstruction phase, the recovered secret is only available to shareholders but not to nonshareholders. In this paper, an information theoretically secure PSS scheme is proposed, its security properties are analyzed, and its computational complexity is evaluated. Moreover, our proposed PSS scheme also can be applied to threshold cryptosystems to prevent nonshareholders from learning the output of the protocols.
“…For example, verifiable secret-sharing (VSS) scheme [15][16][17] not only allows the shareholders to verify the validity of their received shares in the share generation and distribution phase but also allows the verification of the revealed shares in the secret reconstruction phase. In proactive secret-sharing schemes [29][30][31], shareholders can refresh their shares periodically without the dealer being involved, so that the shares obtained by the adversaries will become obsolete after the shares are updated. Moreover, the threshold can be dynamically adjusted when some shareholders join in or leave.…”
In a secret-sharing scheme, the secret is shared among a set of shareholders, and it can be reconstructed if a quorum of these shareholders work together by releasing their secret shares. However, in many applications, it is undesirable for nonshareholders to learn the secret. In these cases, pairwise secure channels are needed among shareholders to exchange the shares. In other words, a shared key needs to be established between every pair of shareholders. But employing an additional key establishment protocol may make the secret-sharing schemes significantly more complicated. To solve this problem, we introduce a new type of secret-sharing, called protected secret-sharing (PSS), in which the shares possessed by shareholders not only can be used to reconstruct the original secret but also can be used to establish the shared keys between every pair of shareholders. Therefore, in the secret reconstruction phase, the recovered secret is only available to shareholders but not to nonshareholders. In this paper, an information theoretically secure PSS scheme is proposed, its security properties are analyzed, and its computational complexity is evaluated. Moreover, our proposed PSS scheme also can be applied to threshold cryptosystems to prevent nonshareholders from learning the output of the protocols.
“…Periodic proactive refresh make it harder for an adversary to recover k shares of the secret key, since he must recover all k shares within one time period. The standard proactive refresh techniques of [30,24,17] used for ElGamal encryption also apply to our Threshold PKE.…”
Section: Extensionsmentioning
confidence: 99%
“…This approach was outlined in the full versions of [3] and [10] and here we flesh out the full details. In Section 6 we briefly discuss several extensions such as proactive refresh [30,24,17] and distributed key generation [31,21].…”
Abstract. We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses the recent identity based encryption system of Boneh and Boyen and the chosen ciphertext secure construction of Canetti, Halevi, and Katz.
“…We propose a distributed certification authority based on threshold cryptography and proactive secret sharing [15], [16]. The traditional public key cryptosystem employed in [15], [16] is impractical for MANETs, as it imposes high computational and communication overhead.…”
“…The traditional public key cryptosystem employed in [15], [16] is impractical for MANETs, as it imposes high computational and communication overhead. Therefore, we propose the use of ECC [17] to reduce this overhead for the mobile devices.…”
Abstract. The implementation of a standard PKI in a mobile ad hoc network (MANET) is not practical for several reasons: (1) lack of a fixed infrastructure; (2) a centralized certification authority (CA) represents a single point of failure in the network; (3) the relative locations and logical assignments of nodes vary in time; (4) nodes often have limited transmission and computational power, storage, and battery life. We propose a practical distributed CA-based PKI scheme for MANETs based on Elliptic Curve Cryptography (ECC) that overcomes these challenges. In this scheme, a relatively small number of mobile CA servers provide distributed service for the mobile nodes. The key elements of our approach include the use of threshold cryptography, clusterbased key management with mobile CA servers, and ECC. We show that the proposed scheme is resistant to a wide range of security attacks and can scale easily to networks of large size.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.