Jiahong Wu,Nan Liu,Wei Kang

DOI: https://doi.org/10.1109/tifs.2024.3484666

IF: 7.231

2024-11-06

IEEE Transactions on Information Forensics and Security

Abstract:We study the problem of distributed multi-user secret sharing (DMUSS), involving a main node, N storage nodes, and K users. Every user has access to the contents of a certain subset of storage nodes and wants to decode an independent secret message. With knowledge of K secret messages, the main node strategically places encoded shares in the storage nodes, ensuring two crucial conditions: (i) each user can recover its own secret message from the storage nodes that it has access to; (ii) each user is unable to acquire any information regarding the collection of secret messages for all the other users. The rate of each user is defined as the size of its secret message normalized by the size of a storage node. We characterize the capacity region of the DMUSS problem, which is the closure of the set of all achievable rate tuples that satisfy the correctness and perfect secrecy conditions. The converse proof relies on a bound from the traditional single-secret sharing regime. In the achievability proof, we firstly design the linear decoding functions, based on the fact that each secret message needs to be recovered from a single set of storage nodes. It turns out that the perfect secrecy condition holds if K matrices, whose entries are extracted from the decoding functions, are full rank. We prove that the decoding functions can be constructed explicitly if the rate tuple satisfies the converse and the field size is not less than K. At last, the encoding functions are obtained by solving the system of linear decoding functions, where some shares are equal to the randomness and the other shares are linear combinations of the secret messages and the randomness.

computer science, theory & methods,engineering, electrical & electronic

Hung-min Sun,Shiuh-pyng Shieh

1999-01-01

Journal of information science and engineering

Abstract:A perfect secret sharing scheme allows a secret K to be shared among a set of participants in such a way that only qualified subsets of participants can recover the secret, and unqualified subsets of participants obtain no information regarding the secret. In this paper, we propose a construction of perfect secret sharing schemes with uniform, generalized access structures of rank 3. Compared with other constructions, our construction has some improved lower bounds on the information rate. In addition, we also generalize the construction to perfect secret sharing schemes with uniform, generalized access structures of constant rank.

Qi Chen,Xiaojun Ren,Li Hu,Yongzhi Cao

DOI: https://doi.org/10.1016/j.ins.2023.119907

IF: 8.1

2024-01-01

Information Sciences

Abstract:Multipartite secret sharing schemes are those having a multipartite access structure, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. Secret sharing schemes for these access structures have gained attention, as they generalize threshold secret sharing. This work focuses on the construction of linear secret sharing schemes for ideal uniform multipartite access structures, while avoiding the inefficiencies and randomness of known constructions. To achieve this, we have developed two approaches. The first approach combines polymatroid-based techniques with Gabidulin codes, which efficiently realize a particular family of ideal uniform multipartite access structures. The efficiency of this method is derived from the unique properties of Gabidulin codes, which allow for polynomial share and secret sizes relative to the number of participants. Our second approach applies linear algebraic techniques and polymatroid-based techniques to explicitly design linear secret sharing schemes for arbitrary ideal uniform multipartite access structures. The efficiency of this method stems from the properties of polynomials over finite fields. The schemes from this method are efficient for smaller numbers of parts relative to the number of participants. In summary, we present explicit constructions of linear secret sharing schemes for ideal uniform multipartite access structures, which have important applications in cryptography.

Xing Xing Jia,Yi Xuan Song,Dao Shun Wang,Da Xin Nie,Jin Zhao Wu

DOI: https://doi.org/10.3934/mbe.2019062

2019-01-01

Mathematical Biosciences and Engineering

Abstract:Secret sharing (SS) can be used as an important group key management technique for distributed cloud storage and cloud computing. In a traditional threshold SS scheme, a secret is shared among a number of participants and each participant receives one share. In many real-world applications, some participants are involved in multiple SS schemes with group collaboration supports thus have more privileges than the others. To address this issue, we could assign multiple shares to such participants. However, this is not a bandwidth efficient solution. Therefore, a more sophisticated mechanism is required. In this paper, we propose an efficient collaborative secret sharing (CSS) scheme specially tailored for multi-privilege participants in group collaboration. The CSS scheme between two or among more SS schemes is constructed by rearranging multi-privilege participants in each participant set and then formulated into several independent SS schemes with multi-privilege shares that precludes information leakage. Our scheme is based on the Chinese Remainder Theorem with lower recovery complexity and it allows each multi-privilege participant to keep only one share. It can be formally proved that our scheme achieves asymptotically perfect security. The experimental results demonstrate that it is efficient to achieve group collaboration, and it has computational advantages, compared with the existing works in the literature.

Shaofeng Zou,Yingbin Liang,Lifeng Lai,Shlomo Shamai

DOI: https://doi.org/10.48550/arXiv.1404.6474

2014-04-26

Abstract:A novel information theoretic approach is proposed to solve the secret sharing problem, in which a dealer distributes one or multiple secrets among a set of participants that for each secret only qualified sets of users can recover it by pooling their shares together while non-qualified sets of users obtain no information about the secret even if they pool their shares together. While existing secret sharing systems (implicitly) assume that communications between the dealer and participants are noiseless, this paper takes a more practical assumption that the dealer delivers shares to the participants via a noisy broadcast channel. An information theoretic approach is proposed, which exploits the channel as additional resources to achieve secret sharing requirements. In this way, secret sharing problems can be reformulated as equivalent secure communication problems via wiretap channels, and can be solved by employing powerful information theoretic security techniques. This approach is first developed for the classic secret sharing problem, in which only one secret is to be shared. This classic problem is shown to be equivalent to a communication problem over a compound wiretap channel. The lower and upper bounds on the secrecy capacity of the compound channel provide the corresponding bounds on the secret sharing rate. The power of the approach is further demonstrated by a more general layered multi-secret sharing problem, which is shown to be equivalent to the degraded broadcast multiple-input multiple-output (MIMO) channel with layered decoding and secrecy constraints. The secrecy capacity region for the degraded MIMO broadcast channel is characterized, which provides the secret sharing capacity region. Furthermore, these secure encoding schemes that achieve the secrecy capacity region provide an information theoretic scheme for sharing the secrets.

Information Theory

Jinbao Zhu,Songze Li,Jie Li

DOI: https://doi.org/10.1109/tifs.2023.3249565

IF: 7.231

2023-03-08

IEEE Transactions on Information Forensics and Security

Abstract:We study two problems of private matrix multiplication, over a distributed computing system consisting of a master node, and multiple servers that collectively store a family of public matrices using Maximum-Distance-Separable (MDS) codes. In the first problem of Private and Secure Matrix Multiplication (PSMM) from colluding servers, the master intends to compute the product of its confidential matrix with a target matrix stored on the servers, without revealing any information about and the index of target matrix to some colluding servers. In the second problem of Fully Private Matrix Multiplication (FPMM) from colluding servers, the matrix is also selected from another family of public matrices stored at the servers in MDS form. In this case, the indices of the two target matrices should both be kept private from colluding servers. We develop novel strategies for the two PSMM and FPMM problems, which simultaneously guarantee information-theoretic data/index privacy and computation correctness. We compare the proposed PSMM strategy with a previous PSMM strategy with a weaker privacy guarantee (non-colluding servers), and demonstrate substantial improvements over the previous strategy in terms of communication and computation overheads. Moreover, compared with a baseline FPMM strategy that uses the idea of Private Information Retrieval (PIR) to directly retrieve the desired matrix multiplication, the proposed FPMM strategy significantly reduces storage overhead, but slightly incurs large communication and computation overheads.

computer science, theory & methods,engineering, electrical & electronic

Fangbiao Li,Zhi Xue,Pengze Guo

2014-01-01

Abstract:In this paper, we investigate the problem of secret communication over a Compound Multiple Access Channel (CMAC) with confidential messages and non-causal Channel State Information (CSI) at both the transmitter and the receivers. In this channel, one common message M-0 is sent to both of the receivers, the private messages M-1 and M-2 are sent to the corresponding receiver, while M-1 is only decoded by the first receiver and is kept confidential from the second receiver. We provide a theorem to give the outer bound to the secrecy capacity region of this channel model. The outer bound to the secrecy capacity region of this paper subsumes Csiszar and Korner's region of the broadcast channel with confidential messages and the region of CMAC with confidential messages and no side information as its special case. The proof of the theorem is presented in details.

Remi A. Chou,Joerg Kliewer

2024-03-16

Abstract:Consider the problem of storing data in a distributed manner over $T$ servers. Specifically, the data needs to (i) be recoverable from any $\tau$ servers, and (ii) remain private from any $z$ colluding servers, where privacy is quantified in terms of mutual information between the data and all the information available at any $z$ colluding servers. For this model, our main results are (i) the fundamental trade-off between storage size and the level of desired privacy, and (ii) the optimal amount of local randomness necessary at the encoder. As a byproduct, our results provide an optimal lower bound on the individual share size of ramp secret sharing schemes under a more general leakage symmetry condition than the ones previously considered in the literature.

Information Theory,Cryptography and Security

Runhua Shi,Liusheng Huang,Wei Yang,Hong Zhong

DOI: https://doi.org/10.1109/nswctc.2009.263

2009-01-01

Abstract:In real world, there are many important applications for the secret sharing with the quasi-threshold multipartite access structure. But there was still not a very efficient scheme proposed in the past. In this paper, we combine the multi-secret sharing and the quasi-threshold multipartite access structure, and present an efficient multi-secret sharing scheme with the quasi-threshold multipartite access structure based on Shamir's secret sharing scheme. In this scheme, the participants of any authorized subset can reconstruct multiple secrets by repeatedly using the Lagrange interpolation formula during a sharing process, but any non-authorized subset cannot recover any secret. In addition, the share is the same size of the single shared secret. Thus, it is an efficient and ideal multi-secret sharing scheme with the quasi-threshold multipartite access structure.

Xingxing Jia,Yusheng Guo,Xiangyang Luo,Daoshun Wang,Chaoyang Zhang

DOI: https://doi.org/10.1016/j.ins.2022.02.016

IF: 8.1

2022-01-01

Information Sciences

Abstract:The secret sharing (SS) scheme has been widely used as the de facto paradigm for group key management in cryptography and distributed computation. An SS scheme for a general access structure (GSS) has drawn more and more attention since it allows flexible access control. However, previous solutions to GSS need to either assign multiple shares to each participant or to solve a complex nonlinear integer programming. In this paper, we propose a novel strategy to address the two problems simultaneously based on the Chinese Remainder Theorem (CRT) for a polynomial ring over a finite field. We classify general access structures satisfying the monotone property into the two families of maximum forbidden subsets and minimum qualified subsets conforming to the security condition and the revealing condition. The moduli used in the scheme are pairwise coprime polynomials and can take the irreducible polynomials. To find the degrees of these polynomials, we only need to solve an integer linear programming (ILP) by minimizing the sum of the degrees of all the moduli. The proposed scheme is inherently a weighted SS scheme and may have no solution which commonly exists in all GSS schemes. To ensure a solution, we put forth a preprocessing algorithm which separates the original access structure into several subaccess structures based on graph theory. The proposed scheme only assigns a share for each participant and achieves perfect security. It has good generalization and provides a universal approach to program the scheme construction for SS schemes with general access structures, threshold access structures and weighted access structures.

Rawad Bitar,Maximilian Egger,Antonia Wachter-Zeh,Marvin Xhemrishi

DOI: https://doi.org/10.1109/tifs.2024.3394256

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:This work investigates the design of sparse secret sharing schemes that encode a sparse private matrix into sparse shares. This investigation is motivated by distributed computing, where the multiplication of sparse and private matrices is moved from a computationally weak main node to untrusted worker machines. Classical secret-sharing schemes produce dense shares. However, sparsity can help speed up the computation. We show that, for matrices with i.i.d. entries, sparsity in the shares comes at a fundamental cost of weaker privacy. We derive a fundamental tradeoff between sparsity and privacy and construct optimal sparse secret sharing schemes that produce shares that leak the minimum amount of information for a desired sparsity of the shares. We apply our schemes to distributed sparse and private matrix multiplication schemes with no colluding workers while tolerating stragglers. For the setting of two non-communicating clusters of workers, we design a sparse one-time pad so that no private information is leaked to a cluster of untrusted and colluding workers, and the shares with bounded but non-zero leakage are assigned to a cluster of partially trusted workers. We conclude by discussing the necessity of using permutations for matrices with correlated entries.

computer science, theory & methods,engineering, electrical & electronic

Hon-Fah Chong,Ying-Chang Liang

DOI: https://doi.org/10.1109/isit.2013.6620578

2013-01-01

Abstract:We consider a two-user broadcast channel (BC) with two-degraded message sets where a common message M2 is intended for both receivers and a private message M1 is intended for receiver one. There is an eavesdropper whose channel is stochastically degraded with respect to both receivers and both messages must be kept confidential from the eavesdropper. However, we do not assume any form of degradedness between the two receivers. We first characterize the capacity region of this class of discrete memoryless BC. Next, we consider the two-user Gaussian MIMO BC with two-degraded message sets and an eavesdropper. We characterize the capacity region for the case where the eavesdropper is only required to be stochastically degraded with respect to receiver one. We make use of the channel enhancement technique as well as an extremal entropy inequality of Liu et al. that was derived using the generalized Costa's entropy power inequality (EPI).

ZiKai Gao,Tao Li,ZhenHua Li

DOI: https://doi.org/10.1007/s11433-020-1603-7

2020-10-21

Abstract:<p class="a-plus-plus">Multiparty quantum communication ensures information-theoretic security for transmitting private information among multiuser networks. In principle, measurement-device-independent (MDI) techniques can close all detection loopholes while usually utilizing large amounts of quantum resources in basis reconciliation. We propose a three-party MDI quantum secret sharing (QSS) protocol that is secure against all detection attacks and does not require any basis reconciliation, avoiding the corresponding waste arising from it. The proposed protocol allows a sender to divide a private message into two parts and send those parts to different receivers in a deterministic way. The message can only be read through cooperation between the two receivers. Finally, we discuss the generalized extension of a multiparty QSS protocol.</p>

physics, multidisciplinary

SHI Run-hua,ZHONG Hong,HUANG Liu-sheng

DOI: https://doi.org/10.3969/j.issn.1003-5060.2008.05.008

2008-01-01

Abstract:This paper proposes a multi-secret sharing scheme in common access structure.The scheme can dynamically add or delete the participants and dynamically renew multiple secrets.The theoretic analysis shows that the scheme can guarantee the security of the secret sharing and it is computationally secure,and the experiment results prove that it is very easy and efficient to realize it.Furthermore,to detect cheating and identify the cheater,a verified scheme is presented accordingly.In the verified scheme,the respective participants receiving the shares can verify their validity based on the discrete logarithm problem(DLP).

Fangbiao Li,Zhi Xue

DOI: https://doi.org/10.1049/cp.2014.1265

2014-01-01

Abstract:In this paper, we study the discrete memory Multiple Access Wiretap Channel (DM-MAWC) with one common message and non-causal side information. In this channel, two transmitters send a common message to the receivers, meanwhile they both transmit an individual confidential message, which must be kept secret from the second receiver (viewed as a wiretapper) to the first receiver. As the side information is non-causally available at the transmitters, we derive the achievable perfect secrecy capacity region for the MAWC with one common message and non-casual side information available at the transmitters by using Cover's superposition coding and Gelfand-Pinsker random binning coding schemes. The achievable secrecy capacity region of this paper subsumes the region of multiple access wiretap channel with or without common message and without side information as its special cases.

Hung-Min Sun

DOI: https://doi.org/10.1142/s0129054100000168

2000-01-01

International Journal of Foundations of Computer Science

Abstract:A secret sharing scheme is a method which allows a dealer to share a secret among a set of participants in such a way that only qualified subsets of participants can recover the secret. The collection of subsets of participants that can reconstruct the secret in this way is called access structure. The rank of an access structure is the maximum cardinality of a minimal qualified subset. A secret sharing scheme is perfect if unqualified subsets of participants obtain no information regarding the secret. The dealer's randomness is the number of random bits required by the dealer to setup a secret sharing scheme. The efficiency of the dealer's randomness is the ratio between the amount of the dealer's randomness and the length of the secret. Because random bits are a natural computational resource, it is important to reduce the amount of randomness used by the dealer to setup a secret sharing scheme. In this paper, we propose some decomposition constructions for perfect secret sharing schemes with access structures of constant rank. Compared with the best previous results, our constructions have some improved upper bounds on the dealer's randomness and on the efficiency of the dealer's randomness.

Shaowei Wang,Ruilin Yang,Sufen Zeng,Kaiqi Yu,Rundong Mei,Shaozheng Huang,Wei Yang

2024-07-29

Abstract:The shuffle model of differential privacy (DP) offers compelling privacy-utility trade-offs in decentralized settings (e.g., internet of things, mobile edge networks). Particularly, the multi-message shuffle model, where each user may contribute multiple messages, has shown that accuracy can approach that of the central model of DP. However, existing studies typically assume a uniform privacy protection level for all users, which may deter conservative users from participating and prevent liberal users from contributing more information, thereby reducing the overall data utility, such as the accuracy of aggregated statistics. In this work, we pioneer the study of segmented private data aggregation within the multi-message shuffle model of DP, introducing flexible privacy protection for users and enhanced utility for the aggregation server. Our framework not only protects users' data but also anonymizes their privacy level choices to prevent potential data leakage from these choices. To optimize the privacy-utility-communication trade-offs, we explore approximately optimal configurations for the number of blanket messages and conduct almost tight privacy amplification analyses within the shuffle model. Through extensive experiments, we demonstrate that our segmented multi-message shuffle framework achieves a reduction of about 50\% in estimation error compared to existing approaches, significantly enhancing both privacy and utility.

Cryptography and Security

Jiahong Wu,Nan Liu,Wei Kang

2023-12-10

Abstract:In this paper, we consider the case that sharing many secrets among a set of participants using the threshold schemes. All secrets are assumed to be statistically independent and the weak secure condition is focused on. Under such circumstances we investigate the infimum of the (average) information ratio and the (average) randomness ratio for any structure pair which consists of the number of the participants and the threshold values of all secrets. For two structure pairs such that the two numbers of the participants are the same and the two arrays of threshold values have the subset relationship, two leading corollaries are proved following two directions. More specifically, the bound related to the lengths of shares, secrets and randomness for the complex structure pair can be truncated for the simple one; and the linear schemes for the simple structure pair can be combined independently to be a multiple threshold scheme for the complex one. The former corollary is useful for the converse part and the latter one is helpful for the achievability part. Three new bounds special for the case that the number of secrets corresponding to the same threshold value $ t $ is lager than $ t $ and two novel linear schemes modified from the Vandermonde matrix for two similar cases are presented. Then come the optimal results for the average information ratio, the average randomness ratio and the randomness ratio. We introduce a tiny example to show that there exists another type of bound that may be crucial for the information ratio, to which we only give optimal results in three cases.

Information Theory

Lei Miao,Dingde Jiang

DOI: https://doi.org/10.1007/s00779-019-01226-z

2019-01-01

Personal and Ubiquitous Computing

Abstract:Secret sharing is crucial to information security in wireless communications in the era of Internet of Things. In this paper, we study how to optimally share secrets between two and more users using the effect of wireless channel dynamics on the data link layer. For the two-user case, we formulate an optimization problem whose objective is to minimize the expectation of the probability that an eavesdropper receives all secret sharing packets. Our contributions are as follows: (i) we come up with the secret sharing mechanism that minimizes the aforementioned objective function and (ii) we perform analysis on our approach and derive the worst-case probability of the eavesdropper receiving all secret sharing packets. For the multi-user case, we focus on the scenario that three users within each other’s communication range try to establish a common secret. A novel multi-user secret sharing mechanism that allows all three users to contribute toward the common secret is developed and analyzed. Our approach has two nice properties: (i) it is able to reset itself in case of packet transmission error and (ii) its secret sharing efficiency is high when the probability of packet transmission success is not low. Our results are validated via simulations.

SP SHIEH,HM SUN

DOI: https://doi.org/10.1109/infcom.1994.337565

1994-01-01

Abstract:A secret sharing scheme is a method which allows a secret to be shared among a finite set of participants in such a way that only qualified subsets of participants can recover it. A secret sharing scheme is called perfect if unqualified subsets of participants obtain no information about the secret. The authors propose an efficient construction of perfect secret sharing schemes for the access structures consisting of the closure of a graph where a vertex denotes a participant and an edge denotes a minimal qualified pairs of participants. The information rate of the scheme is at least 1/(2|P|), where P denotes the set of the participants, which is better than O(1/|P|/sup 2/) of existing schemes used for graph-based access structures. The authors also present an application of the scheme to the reduction of storage and computation loads on the key distribution server in a secure network.<>