Revisiting and Extending the AONT-RS Scheme: A Robust Computationally Secure Secret Sharing Scheme

Chen, Liqun; Laing, Thalia M.; Martin, Keith M.

doi:10.1007/978-3-319-57339-7_3

Cited by 11 publications

(6 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the cryptanalysis side, see e.g. the studies of differential patterns of public permutations in 9 8 At least the efficient generation of r should not depend solely on the plaintext nor the key (so not a hash of the ciphertext, as in AONT-RS [11,3]), since they are known/chosen by the adversary. Anyway here, as in the PSS scheme or any standard encryption scheme, we are only asking for local generation of randomness.…”

Section: Ssake : Secret Sharing Against Key Exposurementioning

confidence: 99%

“…Anyway here, as in the PSS scheme or any standard encryption scheme, we are only asking for local generation of randomness. This is a less demanding hypothesis than [9,11]'s random oracle, which, by contrast, is a public function (see e.g. [21,7]) of arbitrary long input ( [13]).…”

Section: Ssake : Secret Sharing Against Key Exposurementioning

confidence: 99%

“…C j = P j + BC(C 1 + j) (11) The winning strategy of A is now clear: compute BC −1 ( C i −P i )−BC −1 ( C i −P i ) and compare with i−j: if equal then return "CTR", otherwise return "random".…”

Section: Non Pseudorandomness Of Any Two Fragments Of Ctr Output When...mentioning

confidence: 99%

See 2 more Smart Citations

Revisiting Shared Data Protection Against Key Exposure

Kapusta,

Memmi,

Rambaud

2019

Preprint

View full text Add to dashboard Cite

This paper puts a new light on secure data storage inside distributed systems, such as data centers composed of multiple independent storage servers or multi-cloud architectures. Specifically, it revisits computational secret sharing based on symmetric encryption in a situation where the encryption key is exposed to an attacker. It comes with several contributions:First, it defines a security model for encryption schemes, where we ask for additional resilience against exposure of the encryption key. Precisely we ask for (1) indistinguishability of plaintexts under full ciphertext knowledge, (2) indistinguishability for an adversary who learns: the encryption key, plus all but one share of the ciphertext. (2) relaxes the "all-or-nothing" (AONT) property to a more realistic secret sharing setting, where the ciphertext is transformed into a constant number of shares (typically storage locations), such that the adversary can't access one of them. (1) asks that, unless the user's key is disclosed, noone else (including the cloud provider) than the user can retrieve information about the plaintext.Second, it introduces a new computationally secure encryption-thensharing scheme, that protects the data in the previously defined attacker model. It consists in standard data encryption followed by a linear transformation of the ciphertext, then its fragmentation into shares, along with secret sharing of the randomness used for encryption. The computational overhead in addition to data encryption is reduced by half with respect to state of the art. The storage overhead is negligible for large data (one additional ciphertext block by share). Performance results confirm the complexity analysis.Third, it provides for the first time cryptographic proofs -and discusses the security analysis of a previous scheme-in this context of key exposure. It emphasizes that the security of our scheme relies only on a simple cryptanalysis resilience assumption for blockciphers in public key mode: indistinguishability from random, of the sequence of differentials of a random value. By contrast, virtually all existing schemes rely on the unimplementable models of random oracle (RO) or of Shannon's ideal blockcipher -which is furthermore recently threatened for AES.Fourth, it provides an alternative scheme with no linear overhead, but relying on the more theoretical random permutation model (RPM). It

show abstract

Section: Ssake : Secret Sharing Against Key Exposurementioning

confidence: 99%

Section: Ssake : Secret Sharing Against Key Exposurementioning

confidence: 99%

See 1 more Smart Citation

Revisiting Shared Data Protection Against Key Exposure

Kapusta,

Memmi,

Rambaud

2019

Preprint

View full text Add to dashboard Cite

show abstract

“…Alike SSMS, the AONT-RS method [3,12] combines symmetric encryption with data dispersal. The difference between those two methodologies lies in the key management.…”

Section: Encryption and Straightforward Fragmentationmentioning

confidence: 99%

PE-AONT: Partial Encryption combined with an All-or-Nothing Transform

Kapusta¹,

Memmi²

2018

Preprint

View full text Add to dashboard Cite

In this paper, we introduce PE-AONT: a novel algorithm for fast and secure data fragmentation. Initial data are fragmented and only a selected subset of the fragments is encrypted. Further, fragments are transformed using a variation of an all-or-nothing transform that blends encrypted and non-encrypted fragments. By encrypting data only partially, we achieve better performance than relevant techniques including data encryption and straightforward fragmentation. Moreover, when the ratio between the number of encrypted and non-encrypted fragments is wisely chosen, data inside fragments are protected against exposure of the encryption key unless all fragments are gathered by an attacker.

show abstract

“…It has found many applications in fields such as secure multiparty computation [4,8,12], distributed authorities [6,33], fair exchange [3], electronic voting [33,39] and threshold cryptography [13,14,26,41,42]. There are also different variants of secret sharing schemes that provide different functionalities such as proactive secret sharing scheme [25,46,47], verifiable secret sharing [18,37,36,44] and computationally secure secret sharing scheme [30,38,10].…”

Section: Introductionmentioning

confidence: 99%

Leakage-Resilient Secret Sharing with Constant Share Size

Tjuawinata¹,

Xing²

2021

Preprint

View full text Add to dashboard Cite

In this work, we consider the leakage resilience of algebraic-geometric (AG for short) codes based ramp secret sharing schemes extending the analysis on the leakage resilience of linear threshold secret sharing schemes over prime fields that is done by Benhamouda et al. Since there does not exist any explicit efficient construction of AG codes over prime fields, we consider constructions over prime fields with the help of concatenation method and constructions of codes over field extensions. Extending the Fourier analysis done by Benhamouda et al., one can show that concatenated algebraic geometric codes over prime fields do produce some nice leakage-resilient secret sharing schemes. One natural and curious question is whether AG codes over extension fields produce better leakage-resilient secret sharing schemes than the construction based on concatenated AG codes. Such construction provides another advantage compared to the construction over prime fields using concatenation method. It is clear that AG codes over extension fields give secret sharing schemes with smaller reconstruction for a fixed privacy parameter t. In this work, it is also confirmed that indeed AG codes over extension fields have stronger leakage-resilience under some reasonable assumptions. These advantages strongly motivate the study of secret sharing schemes from AG codes over extension fields. The current paper has two main contributions: (i) we obtain leakage-resilient secret sharing schemes with constant share sizes and unbounded numbers of players. (ii) via a sophisticated Fourier Analysis, we analyze the leakage-resilience of secret sharing schemes from codes over extension fields. This is of its own theoretical interest independent of its application to secret sharing schemes from algebraic geometric codes over extension fields.

show abstract

Revisiting and Extending the AONT-RS Scheme: A Robust Computationally Secure Secret Sharing Scheme

Cited by 11 publications

References 14 publications

Revisiting Shared Data Protection Against Key Exposure

Revisiting Shared Data Protection Against Key Exposure

PE-AONT: Partial Encryption combined with an All-or-Nothing Transform

Leakage-Resilient Secret Sharing with Constant Share Size

Contact Info

Product

Resources

About