ABSTRACT
We give a unified account of classical secret-sharing goals from a modern cryptographic vantage. Our treatment encompasses perfect, statistical, and computational secret sharing; static and dynamic adversaries; schemes with or without robustness; schemes where a participant recovers the secret and those where an external party does so. We then show that Krawczyk's 1993 protocol for robust computational secret sharing (RCSS) need not be secure, even in the random-oracle model and for threshold schemes, if the encryption primitive it uses satisfies only one-query indistinguishability (ind1), the only notion Krawczyk defines. Nonetheless, we show that the protocol is secure (in the random-oracle model, for threshold schemes) if the encryption scheme also satisfies one-query key-unrecoverability (key1). Since practical encryption schemes are ind1+key1 secure, our result effectively shows that Krawczyk's RCSS protocol is sound (in the random-oracle model, for threshold schemes). Finally, we prove the security for a variant of Krawczyk's protocol, in the standard model and for arbitrary access structures, assuming ind1 encryption and a statistically-hiding, weakly-binding commitment scheme.
- P. Béguin and A. Cresti. General short computational secret sharing schemes. Eurocrypt '95.Google Scholar
- A. Beimel and B. Chor. Universally ideal secret sharing schemes. IEEE Trans. on Info. Theory, 40(3):786--794, 1994.Google ScholarDigital Library
- M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. FOCS '97. Google ScholarDigital Library
- M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. Eurocrypt '06.Google Scholar
- M. Bellare and P. Rogaway. Collision-resistant hashing: towards making UOWHFs practical. Crypto '97. Google ScholarDigital Library
- M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. ACM CCS, 1993. Google ScholarDigital Library
- M. Bellare and P. Rogaway. Robust computational secret sharing and a unified account of classical secret-sharing goals. Full version of this paper. Cryptology ePrint Report 2006/449, 2006.Google Scholar
- J. Benaloh and J. Leichter. Generalized secret sharing and monotone functions. Crypto '88. Google ScholarDigital Library
- G. Blakley. Safeguarding cryptographic keys. AFIPS National Computer Conference, vol. 48, pp. 313--317, 1979.Google ScholarCross Ref
- J. Boyar, S. Kurtz, and M. Krentel. A discrete logarithm implementation of perfect zero-knowledge blobs. J. of Cryptology, 2(2), pp. 63--76, 1990. Google ScholarDigital Library
- E. Brickell and D. Stinson. The detection of cheaters in threshold schemes. SIAM J. of Discrete Math, 4(4):502--510, 1991. Google ScholarDigital Library
- E. Brickell and D. Stinson. Some improved bounds on the information rate of perfect secret sharing schemes. J. of Crypt, 5:153--166, 1992. Google ScholarDigital Library
- C. Cachin. On-line secret sharing. IMA Conference on Cryptography and Coding, Springer, 1995. Google ScholarDigital Library
- R. Capocelli, A. DeSantis, L. Gargano, and U. Vaccaro. On the size of shares for secret sharing schemes. J. of Cryptology, 6:157--167, 1993.Google ScholarDigital Library
- M. Carpentieri, A. De Santis, and U. Vaccaro. Size of shares and probability of cheating in threshold schemes. Eurocrypt '93. Google ScholarDigital Library
- B. Chor, S. Goldwasser, S. Micali, and B. Awerbach. Verifiable secret sharing and achieving simultaneity in the presence of faults. FOCS '85.Google Scholar
- I. Damgård, T. Pedersen, and B. Pfitzmann. On the existence of statistically hiding bit commitment schemes and fail-stop signatures. J. of Cryptology, 10(3), pp. 163--194, 1997.Google ScholarDigital Library
- C. Dwork, M. Naor, O. Reingold, and L. Stockmeyer. Magic functions. JACM, 50(6), pp. 852--921, 2003. Google ScholarDigital Library
- P. Feldman. A practical scheme for non-interactive verifiable secret sharing. FOCS '87.Google Scholar
- G. Ganger, P. Khosla, M. Bakkaloglu, M. Bigrigg, G. Goodson, S. Oguz, V. Pandurangan, C. Soules, J. Strunk, and J. Wylie. Survivable storage systems. DARPA Information Survivability Conference and Exposition, vol. 2, IEEE Press, pp. 184--195, 2001.Google ScholarCross Ref
- S. Goldwasser and S. Micali. Probabilistic encryption. JCSS, 28(2):270--299, 1984.Google ScholarCross Ref
- S. Halevi and S. Micali. Practical and provably-secure commitment schemes from collision-free hashing. Crypto '96. Google ScholarDigital Library
- I. Haitner and O. Reingold. Statistically-hiding commitment from any one-way function. Cryptology ePrint report 2006/436, 2006.Google Scholar
- A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing or: how to cope with perpetual leakage. Crypto '95. Google ScholarDigital Library
- Y. Ishai. Personal communication, February 2007.Google Scholar
- M. Ito, A. Saito, and T. Nishizeki. Secret sharing schemes realizing general access structure. IEEE Globecom 87, pp. 99--102, 1987.Google Scholar
- A. Iyengar, R. Cahn, C. Jutla, and J. Garay. Design and implementation of a secure distributed data repository. 14th IFIP International Information Security Conference, pp. 123--135, 1998.Google Scholar
- W. Jackson and K. Martin. Combinatorial models for perfect secret-sharing schemes. J. of Comb. Mathematics and Comb. Computing, vol. 28, pp. 249--265, 1998.Google Scholar
- E. Karnin, J. Greene, and M. Hellman. On secret sharing systems. IEEE Trans. on Inf. Theory, 29(1):35--51, 1983.Google ScholarDigital Library
- H. Krawczyk. Secret sharing made short. CRYPTO '93. Google ScholarDigital Library
- H. Krawczyk. Distributed fingerprints and secure information dispersal. PODC 1993. Google ScholarDigital Library
- S. Lakshmanan, M. Ahamad, and H. Venkateswaran. Responsive security for stored data. IEEE Trans. on Parallel and Distributed Systems, 14(9):818--828, 2003.Google ScholarDigital Library
- A. Mayer and M. Yung. Generalized secret sharing and group-key distribution using short keys. Compression and Complexity of Sequences 1997, IEEE Press, pp. 30--44, 1997. Google ScholarDigital Library
- R. McEliece and D. Sarwate. On sharing secrets and Reed-Solomon codes. CACM 24:583--584, 1981. Google ScholarDigital Library
- M. Naor, R. Ostrovsky, R. Venkatesan, and M. Yung. Perfect zero-knowledge arguments for NP using any one-way permutation. J. of Crypt. 11(2):87--108, 1998.Google ScholarDigital Library
- M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. STOC 1989. Google ScholarDigital Library
- A. Paul, S. Adhikari, and U. Ramachandran. Design of a secure and fault tolerant environment for distributed storage. Tech. Report GIT-CERCS-04-02, Georgia Tech, 2004.Google Scholar
- M. Rabin. Efficient dispersal of information for security, load balancing, and fault tolerance. JACM 36(2):335--348, 1989. Google ScholarDigital Library
- T. Rabin and M. Ben-Or. Verifiable secret sharing and multiparty protocols with honest majority. STOC 89. Google ScholarDigital Library
- J. Rompel. One-way functions are necessary and sufficient for secure signatures. STOC '90. Google ScholarDigital Library
- A. Shamir. How to share a secret. CACM 22(11):612--613,1979. Google ScholarDigital Library
- C. Shannon. A mathematical theory of communication. Bell System Technical Journal, vol. 27, pp. 379--423 and pp. 623--656, July and October, 1948.Google ScholarCross Ref
- D. Stinson. An explication of secret sharing schemes. Designs, Codes and Cryptography, 2:357--390, Kluwer, 1992. Google ScholarDigital Library
- M. Tompa and H. Woll. How to share a secret with cheaters. J. of Crypt. 1:133--138, 1988. Google ScholarDigital Library
- V. Vinod, A. Narayanan, K. Srinathan, C. Rangan, and K. Kim. On the power of computational secret sharing. Indocrypt '03.Google Scholar
- M. Waldman, A. Rubin, and L. Cranor. The architecture of robust publishing systems. ACM Trans. on Internet Technology, 1(2):199--230, 2001. Google ScholarDigital Library
- H. Witsenhausen. The zero-error side information problem and chromatic numbers. IEEE Transactions on Information Theory, vol. 22, no. 5, pp. 592--593, 1976.Google ScholarDigital Library
- J. Wylie, M. Bigrigg, J. Strunk, G. Ganger, H. Kiliççöte, and P. Khosla. Survivable information storage systems. IEEE Computer 33(8):61--68, 2000. Google ScholarDigital Library
Index Terms
- Robust computational secret sharing and a unified account of classical secret-sharing goals
Recommendations
Timed-release computational secret sharing and threshold encryption
In modern cryptography, a secret sharing scheme is an important cryptographic primitive. In particular, Krawczyk proposed a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme. In this paper, we focus on a CSS ...
Paillier-based publicly verifiable (non-interactive) secret sharing
A verifiable secret sharing is a secret sharing scheme with an untrusted dealer that allows participants to verify validity of their own shares. A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme that allows a third ...
Cryptanalysis on a Secret-Sharing Based Conditional Proxy Re-Encryption Scheme
Condition proxy re-encryption is a promising security primitive for pervasive data sharing in such settings as cloud-based social networks and collaborations. However, it is challenging to create a secure condition proxy re-encryption scheme that is ...
Comments