JI Yangyang,MIAO Fuyou,JIANG Huiwen

DOI: https://doi.org/10.3778/j.issn.1002-8331.1601-0053

2016-01-01

Abstract:Based on (t,n) threshold secret sharing, this paper proposes a simple asynchronous (t,m,n) group authenti-cation scheme to verify whether all participants belong to a pre-defined group at once. In the scheme, each user uses a sin-gle share as the token. Each participant constructs a component to bind the token with all m participants and recovers the secret with all components to check whether all participants are legal. Moreover, the scheme does not depend on any pub-lic key system. Analyses show the proposed scheme can resist up to t-1 insiders conspiring and outsiders with no more than m-1 components. Compared with Harn’s group authentication scheme, the proposed scheme is simpler, more effi-cient and flexible.

Miao Fuyou,Meng Keju,Yu Yue,Huang Wenchao,Xiong Yan,Wang Xingfu

2019-01-01

Abstract: Group oriented applications are getting more and more popular in today's mobile Internet and call for secure and efficient (t,n) threshold secret sharing scheme (or (t,n)-SS) to meet their requirements. A (t,n)-SS divides a secret into $n$ shares such that any $t$ or more than $t$ shares can recover the secret while less than $t$ shares cannot. However, an adversary, even without a valid share, may obtain the secret by mounting Illegal Participant (IP) attack or Half Threshold Channel Cracking (HTCC) attack. Therefore, 1) the paper presents the notion and generic framework of (t,m,n)-Tightly Coupled Secret Sharing ((t,m,n)-TCSS). Prior to recovering the secret, it requires $m$ ($m \ge t$) participants to form a tightly coupled group by each independently constructing a component with the share. All $m$ components have to be used to recover the secret and thus both attacks can be thwarted more directly and simply. Furthermore, following the framework, threshold changeable secret sharing can also be easily constructed. 2) As an implementation of the framework, a linear code based (t,m,n)-TCSS scheme is proposed. Analyses show that the scheme can prevent IP, HTCC and $(t-1)$-Insider conspiring attacks with asymptotically perfect security. Moreover, it doesn't depend on any computational assumption and is more secure and efficient in storage, communication and computation when compared with related schemes. 3) Based on (t,m,n)-TCSS, a group authentication scheme is constructed, which allows a group user to authenticate whether all users are legal group members at once and thus provides efficient and flexible m-to-m authentication for group oriented applications.

Xiao Qing-hua,Ping Ling-di,Chen Xiao-ping,Pan Xue-zeng

DOI: https://doi.org/10.1631/bf02842478

2004-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure, multiparty computation and electronic commerce. But up to now, study of signature based on general vector space secret sharing is very weak. Aiming at this drawback, the authors did some research on vector space secret sharing against cheaters, and proposed an efficient but secure vector space secret sharing based multi-signature scheme, which is implemented in two channels. In this scheme, the group signature can be easily produced if an authorized subset of participants pool their secret shadows and it is impossible for them to generate a group signature if an unauthorized subset of participants pool their secret shadows. The validity of the group signature can be verified by means of verification equations. A group signature of authorized subset of participants cannot be impersonated by any other set of participants. Moreover, the suspected forgery can be traced, and the malicious participants can be detected in the scheme. None of several possible attacks can successfully break this scheme.

Miao Fuyou,Fan Yuanyuan,Wang Xingfu,Xiong Yan,Moaman Badawy

DOI: https://doi.org/10.1049/cje.2016.01.026

IF: 1.019

2016-01-01

Chinese Journal of Electronics

Abstract:Basic (t, n)-Secret sharing (SS) schemes share a secret among n shareholders by allocating each a share. The secret can be reconstructed only if at least t shares are available. An adversary without a valid share may obtain the secret when more than t shareholders participate in the secret reconstruction. To address this problem, the paper introduces the notion and gives the formal definition of (t, m, n)-Group oriented secret sharing (GOSS); and proposes a (t, m, n)-GOSS scheme based on Chinese remainder theorem. Without any share verification or user authentication, the scheme uses Randomized components (RC) to bind all participants into a tightly coupled group, and ensures that the secret can be recovered only if all m (m≥t) participants in the group have valid shares and release valid RCs honestly. Analysis shows that the proposed scheme can guarantee the security of the secret even though up to m−1 RCs or t−1 shares are available for adversaries. Our scheme does not depend on any assumption of hard problems or one way functions.

Yi Sun,Qiaoyan Wen,Hongxiang Sun,Wenmin Li,Zhengping Jin,Hua Zhang

DOI: https://doi.org/10.1016/j.proeng.2011.12.731

2012-01-01

Procedia Engineering

Abstract:In traditional group key transfer protocol, the key generation center randomly selects a session key and then transports it that has been encrypted by another secret key. Afterwards, scholars construct authenticated key transfer protocols based on secret sharing instead of encryption algorithm. One typical protocol of this style is built by using the secret sharing scheme based on Language's interpolation polynomial. In this paper, we utilize an optimized secret sharing scheme instead of Language's interpolation polynomial. We provide mutual authentication to ensure that only the authorized group members can recover the right session key. What's more, all participants only need to store one secret share for all sessions. Besides, the change of the group members has no effect on the validity of the existing shares, which means the existing shares possess the excellent characteristic “one time assign, many times apply”.

Miao Fuyou,Jiang Huiwen,Ji Yangyang,Xiong Yan

DOI: https://doi.org/10.1049/cje.2016.08.015

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Group authentication usually checks whether an individual user belongs to a pre-defined group each time but cannot authenticate all users at once without public key system. The paper proposes a Randomized component-based asynchronous（t, m, n） group authentication（（t, m, n）-RCAGA） scheme. In the scheme, each user employs the share of（t, n）-threshold secret sharing as the token, constructs a Randomized component（RC） with the share and verifies whether all users belong to a pre-defined group at once without requiring all users to release randomized components simultaneously. The proposed scheme is simple and flexible because each group member just uses a single share as the token and the scheme does not depend on any public key system. Analyses show the proposed scheme can resist up to t-1 group members conspiring to forge a token, and an adversary is unable to forge a valid token or derive a token from a RC.

Jing Li,Licheng Wang,Jianhua Yan,Xinxin Niu,Yixian Yang

DOI: https://doi.org/10.3837/tiis.2014.12.018

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:A (n,t,n) secret sharing scheme is to share a secret among n group members, where each member also plays a role of a dealer, and any t shares can be used to recover the secret. In this paper, we propose a strong (k,t,n) verifiable multi-secret sharing scheme, where any k out of n participants operate as dealers. The scheme realizes both threshold structure and adversary structure simultaneously, and removes a trusted third party. The secret reconstruction phase is performed using an additive homomorphism for decreasing the storage cost. Meanwhile, the scheme achieves the pre-verification property in the sense that any participant doesn't need to reveal any information about real master shares in the verification phase. We compare our proposal with the previous (n,t,n) secret sharing schemes from the perspectives of what kinds of access structures they achieve, what kinds of functionalities they support and whether heavy storage cost for secret share is required. Then it shows that our scheme takes the following advantages: (a) realizing the adversary structure, (b) allowing any k out of n participants to operate as dealers, (c) small sized secret share. Moreover, our proposed scheme is a favorable candidate to be used in many applications, such as secure multi-party computation and privacy preserving data mining, etc.

Liang FANG,Fengnian LIU,Fuyou MIAO

DOI: https://doi.org/10.3778/j.issn.1002-8331.1702-0144

2018-01-01

Abstract:The paper proposes a group key agreement scheme based on (t, n) secret sharing. The scheme needs not to secure the communication channel between users in the group in advance by symmetric polynomials. Each user constructs a Component with the share to evaluate and verify the group key. Moreover, the scheme enables a new user to negotiate a new group key with original group users by secret sharing without online Trusted Third Party(TTP), and thus allows the new user to join the existing group. It has the low computational cost in multicast and multi-hop communication due to the use of group key in communication encryption. Compared with traditional group key agreement scheme, the scheme is able to resist the coalition of up to t-1 internal attackers without online TTP, eliminates the dependence of pre-existing secure channels between users, and allows a new user to join the group dynamically. Thus, the proposed scheme is more secure and flexible.

Fuyou Miao,Yan Xiong,Xingfu Wang,Moaman Badawy

DOI: https://doi.org/10.1109/tifs.2014.2384393

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:A basic (t,n)-secret sharing (SS) scheme allows a secret s to be divided into n shares and shared among n shareholders. In the scheme, any t or more than t shareholders can recover the secret while fewer than t shareholders cannot obtain the secret s. But an adversary without any valid share may obtain the secret if there are over t participants in the secret reconstruction. To address this type of attack, we first introduce the notion of randomized component (RC), which binds a share with all participants and protects the share from being exposed to outside without any computational assumption; at the same time, RCs can be used to reconstruct the secret. As one of the applications of RCs, a (t,m,n)-group oriented SS scheme is proposed to cope with the attack in basic (t,n)-SSs, in which once m (m ≥ t) participants form a tightly couple group by generating RCs, the secret can be recovered only if all m RCs are correct, which requires each participant to have a valid share in advance. Moreover, the scheme can secure the secret without any user authentication or share verification. Analyses show the proposed (t,m,n)-group oriented SS is asymptotically perfect and unconditionally secure. RCs can also be applied to build other schemes in a simple way, such as multi-SS, group authentication, and so on.

Miao Fuyou,Wang Li,Ji Yangyang,Xiong Yan

DOI: https://doi.org/10.1049/cje.2016.08.014

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:In most (t, n)-Multi-secret sharing ((t, n) MSS) schemes, an illegal participant, even without any valid share, may recover secrets when there are over t participants in secret reconstructions. To address this problem, the paper presents the notion of Group oriented (t, m, n)-multi-secret sharing (or (t, m, n)-GOMSS), in which recovering each secret requires all m (n > m > t) participants to have valid shares and actually participate in secret reconstruction. As an example, the paper then proposes a simple (t, m, n)-GOMSS scheme. In the scheme, every shareholder has only one share; to recover a secret, m shareholders construct a Polynomial-based randomized component (PRC) each with the share to form a tightly coupled group, which forces the secret to be recovered only with all m valid PRCs. As a result, the scheme can thwart the above illegal participant attack. The scheme is simple as well as flexible and does not depend on conventional hard problems or one way functions.

Miao Fuyou,Xiong Yan,Wang Xingfu,M. Badawy

DOI: https://doi.org/10.1109/tifs.2014.2384393

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:A basic (t,n)-secret sharing (SS) scheme allows a secret s to be divided into n shares and shared among n shareholders. In the scheme, any t or more than t shareholders can recover the secret while fewer than t shareholders cannot obtain the secret s. But an adversary without any valid share may obtain the secret if there are over t participants in the secret reconstruction. To address this type of attack, we first introduce the notion of randomized component (RC), which binds a share with all participants and protects the share from being exposed to outside without any computational assumption; at the same time, RCs can be used to reconstruct the secret. As one of the applications of RCs, a (t,m,n)-group oriented SS scheme is proposed to cope with the attack in basic (t,n)-SSs, in which once m (m ≥ t) participants form a tightly couple group by generating RCs, the secret can be recovered only if all m RCs are correct, which requires each participant to have a valid share in advance. Moreover, the scheme can secure the secret without any user authentication or share verification. Analyses show the proposed (t,m,n)-group oriented SS is asymptotically perfect and unconditionally secure. RCs can also be applied to build other schemes in a simple way, such as multi-SS, group authentication, and so on.

Rui Xu,Xu Wang,Kirill Morozov,Chi Cheng,Jintai Ding

DOI: https://doi.org/10.1016/j.ins.2021.12.053

IF: 8.1

2022-04-01

Information Sciences

Abstract:In a ( t , n ) threshold scheme any t or more shares can reconstruct the secret s, but less than t shares reveal no information about s. However, an unauthenticated adversary can pretend to be the shareholder at the reconstruction stage. If there were more than t honest shareholders, the unauthenticated adversary without valid share can obtain the secret. To deal with this type of attacks, a model of ( t , m , n ) group oriented secret sharing (GOSS) scheme was proposed by Miao et al. in 2015. Here the group oriented property means that if m > t parties try to reconstruct the secret, they should all have the authentic shares in advance. It was claimed by Miao et al. that the group oriented property in their GOSS schemes holds in the information-theoretic sense. In this paper, we revisit two instantiations of ( t , m , n ) group oriented secret sharing schemes and show that these constructions cannot provide the so-called “group oriented property”. Specifically, we develop concrete attacks which allow an unauthenticated adversary with no valid share to participate in the reconstruction phase and obtain the secret provided that there are at least t honest shares presented at the reconstruction phase.

computer science, information systems

SHI Run-hua,ZHONG Hong,HUANG Liu-sheng

DOI: https://doi.org/10.3969/j.issn.1003-5060.2008.05.008

2008-01-01

Abstract:This paper proposes a multi-secret sharing scheme in common access structure.The scheme can dynamically add or delete the participants and dynamically renew multiple secrets.The theoretic analysis shows that the scheme can guarantee the security of the secret sharing and it is computationally secure,and the experiment results prove that it is very easy and efficient to realize it.Furthermore,to detect cheating and identify the cheater,a verified scheme is presented accordingly.In the verified scheme,the respective participants receiving the shares can verify their validity based on the discrete logarithm problem(DLP).

Keju Meng,Fuyou Miao,Wenchao Huang,Yan Xiong

DOI: https://doi.org/10.1016/j.dam.2019.05.011

IF: 1.254

2019-01-01

Discrete Applied Mathematics

Abstract:(t,n)-Threshold secret sharing ((t,n)-SS) scheme is a fundamental cryptographic primitive. As a special (t,n)-SS, a Multi-Level threshold Secret Sharing scheme (MLSS) divides shares into different levels. Shares at higher levels can be used at lower ones but shares of lower levels are invalid at higher ones. However, MLSS is limited in applications and vulnerable to Illegal Participant (IP) attack and t-Share Capture (SC) attack. Therefore, the paper first extends the notion of MLSS to multi-group threshold secret sharing (MGSS) to accommodate wider application scenarios. In order to cope with the 2 attacks, the paper then proposes a tightly coupled MGSS scheme based on Chinese Remainder Theorem. In the scheme, a shareholder, with only one private share, is allowed to participate in secret reconstruction of different groups. Moreover, when sufficient shareholders collaborate to recover the secret in a group, they first form a tightly coupled subgroup by constructing a randomized component each so that the secret can be recovered only if each participant has valid share and actually participates in secret reconstruction. Analyses show that the proposed scheme is capable of thwarting IP and SC attacks. Besides, the scheme is more flexible and popular in applications compared with MLSS scheme.

James Smith

DOI: https://doi.org/10.48550/arXiv.2211.01658

2022-11-03

Abstract:Sharing a secret efficiently amongst a group of participants is not easy since there is always an adversary / eavesdropper trying to retrieve the secret. In secret sharing schemes, every participant is given a unique share. When the desired group of participants come together and provide their shares, the secret is obtained. For other combinations of shares, a garbage value is returned. A threshold secret sharing scheme was proposed by Shamir and Blakley independently. In this (n,t) threshold secret sharing scheme, the secret can be obtained when at least t out of n participants contribute their shares. This paper proposes a novel algorithm to reveal the secret only to the subsets of participants belonging to the access structure. This scheme implements totally generalized ideal secret sharing. Unlike threshold secret sharing schemes, this scheme reveals the secret only to the authorized sets of participants, not any arbitrary set of users with cardinality more than or equal to t. Since any access structure can be realized with this scheme, this scheme can be exploited to implement various access priorities and access control mechanisms. A major advantage of this scheme over the existing ones is that the shares being distributed to the participants is totally independent of the secret being shared. Hence, no restrictions are imposed on the scheme and it finds a wider use in real world applications.

Cryptography and Security,Information Theory

Runhua Shi,Hong Zhong,Liusheng Huang

DOI: https://doi.org/10.1109/snpd.2007.416

2007-01-01

Abstract:In this article, we propose a (t,n) threshold verifiable multi-secret sharing scheme, in which to reconstruct t secrets needs to solve t simultaneous equations. The analysis results show that our scheme is as easy as Yang's scheme [8] in the secret reconstruction and requires less public values than Chien's [7] and Yang's schemes. Furthermore, the shares in our scheme can be verified their validity with t public values based on ECDLP, and there are two verified forms: one is computationally secure as Feldman's scheme [12] and other is unconditionally secure as Pedersen's scheme [13]. In addition, for the main computation: a(i,1) P-1 + a(i,2) P-2 +... + a(i,)t P-t in our scheme, we present a new method based on the signed factorial expansion and implement it, the results show that it is more efficient than the current public methods. Thus our scheme is a secure and efficient (t,n) threshold verified multi-secret sharing scheme.

LI Xiong,LI Zhi-hui

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.27.032

2008-01-01

Abstract:A dynamic cheat-proof multi-group-secret sharing scheme based on the discrete logarithm and lagrange interpolation formula is proposed.In the proposed scheme,m groups of secrets being shared among n participants,each group of secrets has a different threshold access structure and includes a distinct number of secrets.Each participant selects her/his shadow by her/himself and the dealer don't know the shadow of any participant,so there is not need a security channel.Each participant is able to check whether another participant provides the valid information or not in the recovery phase.Each participant holds only one shadow while sharing many groups' secrets with other participants.The security of the proposed scheme can be guaranteed due to the difficulty in solving the discrete logarithm problem.

Shi Li,Inshil Doh,Kijoon Chae

DOI: https://doi.org/10.1109/IMIS.2016.51

2016-01-01

Abstract:Group authentication, as a new type of security services in group communication application, can authenticate all users belonging to the same group at the same time. Most existing group authentication schemes are presented with high computation and communication complexities. Thus, in this paper, we propose a group authentication mechanism based on the Lagrange interpolation polynomial theory, which can distribute a number of secret shares to the group members and authenticate some/all of them at once later. From the experience analysis result, we show that both the computation and communication complexities of our proposed scheme are much lower than those of existing renowned group authentication scheme. And the security analysis result shows that the proposed scheme can guarantee the CIA (Confidentiality, Integrity and Availability) triad security model.

Andrea Bissoli,Fabrizio d'Amore

DOI: https://doi.org/10.48550/arXiv.1806.07291

2018-06-19

Abstract:We present a practical methodology for securing the password-based authentication scheme. We propose a solution based on the well-known (k,n) threshold scheme of Shamir for sharing a secret, where in our case the secret is the password itself and (k,n) threshold scheme means that n password-derived secrets (shares) are created and k less than n shares are necessary and sufficient for reconstructing the password, while k-1 are not sufficient. The scheme is information-theoretic secure. Since each of the n shares is stored on a different host (shareholder), an attacker will need to compromise k different shareholders for obtaining an amount of data sufficient for reconstructing the secret. Furthermore, in order to be resistant to the compromising of the server (dealer) coordinating the shareholders we define a variant of the classic Shamir, where the Shamir's abscissae are unknown to dealer and shareholders, making the reconstruction impossible even in the case of dealer and shareholders compromised. In addition we use the Pedersen technique for allowing the verification of shares. For the described scenario we have designed two protocols: the registration (user's sign-up, to be carried out once), and authentication (user's login). We analyse several scenarios where dealer and/or shareholders are partially/totally compromised and confirm that none of them is enabling the attacker to break the authentication. Furthermore we focus on cases where one or more byzantine servers are presented, analysing the impact on the framework and show the adopted mechanisms to be safe against these kinds of attacks. We have developed a prototype demonstrating that our framework works correctly, effectively and efficiently. It provides a first feasibility study that will provide a base for structured and engineered cloud-based implementations aiming at providing an authentication-as-a-service.

Cryptography and Security

Lu Ming-xin,Xiaotong Fu,Zhang Ning,Guozhen Xiao

2007-01-01

Abstract:In order to meet the requirements of digital signature for messages with different importance,a secret sharing-multisignature scheme without a trusted center is proposed based on the techniques of joint random secret sharing and multisignature.In this scheme,there is no trusted center,and each participant randomly selects his own secret key and publishes the corresponding public key as a part of the group public key.For messages with different importance,participants of prescriptive amount can cooperate to produce valid multisignatures without changing their private and public keys.As compared with the existing schemes,the proposed scheme lowers the cost of key distribution and improves the system performance.