Secret sharing schemes with detection of cheaters for a general access structure

Cabello, Sergio; Padrö, Carles; Sáez, Germán

doi:10.1007/3-540-48321-7_14

Cited by 21 publications

(36 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tompa and Woll first considered a secret sharing scheme capable of detecting the presence of cheating when invalid shares are submitted in the secret reconstruction phase [25]. For the problem of detecting cheating, the upper bound of the size of share and efficient constructions have been actively studied so far [1,2,6,9,16,19].…”

Section: Introductionmentioning

confidence: 99%

Almost Optimum t-Cheater Identifiable Secret Sharing Schemes

Obana¹

2011

Advances in Cryptology – EUROCRYPT 2011

View full text Add to dashboard Cite

Abstract. In Crypto'95, Kurosawa, Obana and Ogata proposed a kout-of-n secret sharing scheme capable of identifying up to t cheaters with probability 1 − under the condition t ≤ (k − 1)/3 . The size of share |Vi| of the scheme satisfies |Vi| = |S|/ t+2 , which was the most efficient scheme known so far. In this paper, we propose new k-out-ofn secret sharing schemes capable of identifying cheaters. The proposed scheme possesses the same security parameters t, as those of Kurosawa et al.. The scheme is surprisingly simple and its size of share is |Vi| = |S|/ , which is much smaller than that of Kurosawa et al. and is almost optimum with respect to the size of share; that is, the size of share is only one bit longer than the existing bound. Further, this is the first scheme which can identify cheaters, and whose size of share is independent of any of n, k and t. We also present schemes which can identify up to (k − 2)/2 , and (k−1)/2 cheaters whose sizes of share can be approximately written by |Vi| ≈ (n · (t + 1) · 2 3t−1 · |S|)/ and |Vi| ≈ ((n · t · 2 3t ) 2 · |S|)/ 2 , respectively. The number of cheaters that the latter two schemes can identify meet the theoretical upper bound.

show abstract

Section: Introductionmentioning

confidence: 99%

Almost Optimum t-Cheater Identifiable Secret Sharing Schemes

Obana¹

2011

Advances in Cryptology – EUROCRYPT 2011

View full text Add to dashboard Cite

show abstract

“…Although AMD codes were never formally defined in previous work, some constructions of AMD codes have appeared, mostly in connection with making secret sharing robust [20,7,21]. Although some of these constructions are essentially optimal, all of them are largely inflexible in that the error probability δ is dictated by the cardinality of the source space S: δ ≈ 1/|S|.…”

Section: Linear Secret Sharing Schemesmentioning

confidence: 99%

“…For example, Cabello, Padró and Sáez [7] (see also [23,22]) proposed an elegant construction of a robust secret sharing scheme which implicitly relies on the following AMD code. For any finite field F of order q, the encoding of the secret s ∈ F is a triple (s, x, x · s), where x ∈ R F. This code achieves security δ = 1/q and optimal message overhead 2 log(q) = 2 log(1/δ) for this value of δ.…”

Section: Linear Secret Sharing Schemesmentioning

confidence: 99%

“…Moreover, the CRS can be published publicly and we allow the attacker to observe (but not modify) it. 7 Our CRS is a random bitstring -it has no trapdoors and we do not require any ability to "program" it. Since most users do not create their own hardware/software but instead assume that a third party implementation is correct, the assumption that this implementation also contains an honestly generated random string does not significantly increase the amount of trust required from users.…”

Section: Relation To Prior Work On Fuzzy Extractorsmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors

Cramer

Dodis

Fehr

et al.

Advances in Cryptology – EUROCRYPT 2008

Self Cite

211

224

View full text Add to dashboard Cite

Abstract.Consider an abstract storage device Σ(G) that can hold a single element x from a fixed, publicly known finite group G. Storage is private in the sense that an adversary does not have read access to Σ(G) at all. However, Σ(G) is non-robust in the sense that the adversary can modify its contents by adding some offset ∆ ∈ G. Due to the privacy of the storage device, the value ∆ can only depend on an adversary's a priori knowledge of x. We introduce a new primitive called an algebraic manipulation detection (AMD) code, which encodes a source s into a value x stored on Σ(G) so that any tampering by an adversary will be detected, except with a small error probability δ. We give a nearly optimal construction of AMD codes, which can flexibly accommodate arbitrary choices for the length of the source s and security level δ. We use this construction in two applications:-We show how to efficiently convert any linear secret sharing scheme into a robust secret sharing scheme, which ensures that no unqualified subset of players can modify their shares and cause the reconstruction of some value s ′ = s. -We show how how to build nearly optimal robust fuzzy extractors for several natural metrics. Robust fuzzy extractors enable one to reliably extract and later recover random keys from noisy and non-uniform secrets, such as biometrics, by relying only on non-robust public storage. In the past, such constructions were known only in the random oracle model, or required the entropy rate of the secret to be greater than half. Our construction relies on a randomly chosen common reference string (CRS) available to all parties.

show abstract

“…Due to lack of space, the encoding and decoding algorithms, F and G, respectfully, are not repeated. For a less efficient algorithm that achieves a similar result, see [CPS02]. 2) (Privacy) The only information that can be learned through the protocol is for R to learn w. 3) (Oracle) If the oracle conditions are not satisfied (in the sense that more than one honest participant believes to be the sender or the receiver), the protocol will abort.…”

Section: Fixed Role Anonymous Message Transmissionmentioning

confidence: 99%

Information-Theoretic Security Without an Honest Majority

Broadbent

Tapp

Advances in Cryptology – ASIACRYPT 2007

View full text Add to dashboard Cite

Abstract. We present six multiparty protocols with informationtheoretic security that tolerate an arbitrary number of corrupt participants. All protocols assume pairwise authentic private channels and a broadcast channel (in a single case, we require a simultaneous broadcast channel). We give protocols for veto, vote, anonymous bit transmission, collision detection, notification and anonymous message transmission. Not assuming an honest majority, in most cases, a single corrupt participant can make the protocol abort. All protocols achieve functionality never obtained before without the use of either computational assumptions or of an honest majority.

show abstract

Secret sharing schemes with detection of cheaters for a general access structure

Cited by 21 publications

References 14 publications

Almost Optimum t-Cheater Identifiable Secret Sharing Schemes

Almost Optimum t-Cheater Identifiable Secret Sharing Schemes

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors

Information-Theoretic Security Without an Honest Majority

Contact Info

Product

Resources

About