Miao Fuyou,Xiong Yan,Wang Xingfu,M. Badawy

DOI: https://doi.org/10.1109/tifs.2014.2384393

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:A basic (t,n)-secret sharing (SS) scheme allows a secret s to be divided into n shares and shared among n shareholders. In the scheme, any t or more than t shareholders can recover the secret while fewer than t shareholders cannot obtain the secret s. But an adversary without any valid share may obtain the secret if there are over t participants in the secret reconstruction. To address this type of attack, we first introduce the notion of randomized component (RC), which binds a share with all participants and protects the share from being exposed to outside without any computational assumption; at the same time, RCs can be used to reconstruct the secret. As one of the applications of RCs, a (t,m,n)-group oriented SS scheme is proposed to cope with the attack in basic (t,n)-SSs, in which once m (m ≥ t) participants form a tightly couple group by generating RCs, the secret can be recovered only if all m RCs are correct, which requires each participant to have a valid share in advance. Moreover, the scheme can secure the secret without any user authentication or share verification. Analyses show the proposed (t,m,n)-group oriented SS is asymptotically perfect and unconditionally secure. RCs can also be applied to build other schemes in a simple way, such as multi-SS, group authentication, and so on.

Fuyou Miao,Yan Xiong,Xingfu Wang,Moaman Badawy

DOI: https://doi.org/10.1109/tifs.2014.2384393

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:A basic (t,n)-secret sharing (SS) scheme allows a secret s to be divided into n shares and shared among n shareholders. In the scheme, any t or more than t shareholders can recover the secret while fewer than t shareholders cannot obtain the secret s. But an adversary without any valid share may obtain the secret if there are over t participants in the secret reconstruction. To address this type of attack, we first introduce the notion of randomized component (RC), which binds a share with all participants and protects the share from being exposed to outside without any computational assumption; at the same time, RCs can be used to reconstruct the secret. As one of the applications of RCs, a (t,m,n)-group oriented SS scheme is proposed to cope with the attack in basic (t,n)-SSs, in which once m (m ≥ t) participants form a tightly couple group by generating RCs, the secret can be recovered only if all m RCs are correct, which requires each participant to have a valid share in advance. Moreover, the scheme can secure the secret without any user authentication or share verification. Analyses show the proposed (t,m,n)-group oriented SS is asymptotically perfect and unconditionally secure. RCs can also be applied to build other schemes in a simple way, such as multi-SS, group authentication, and so on.

Chen Chaochao,Li Liang,Fang Wenjing,Zhou Jun,Wang Li,Wang Lei,Yang Shuang,Liu Alex,Wang Hao

2020-01-01

Abstract: Nowadays, the utilization of the ever expanding amount of data has made a huge impact on web technologies while also causing various types of security concerns. On one hand, potential gains are highly anticipated if different organizations could somehow collaboratively share their data for technological improvements. On the other hand, data security concerns may arise for both data holders and data providers due to commercial or sociological concerns. To make a balance between technical improvements and security limitations, we implement secure and scalable protocols for multiple data holders to train linear regression and logistic regression models. We build our protocols based on the secret sharing scheme, which is scalable and efficient in applications. Moreover, our proposed paradigm can be generalized to any secure multiparty training scenarios where only matrix summation and matrix multiplications are used. We demonstrate our approach by experiments which shows the scalability and efficiency of our proposed protocols, and finally present its real-world applications.

肖清华,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973X.2004.11.004

2004-01-01

Abstract:A vector space secret sharing scheme against cheating was proposed for extending the normal threshold structure. In this scheme, the secret was encapsulated, and its commitment was publicized. Then everyone can verify the correctness of the distribution of secret shares, and any malicious dealer can be detected efficiently. In the process of secret recovery, each shareholder who pooled share was authenticated by means of the intractability of quadratic residue over finite field of large prime order, which prevented the adversaries from getting the secret or shares and the shareholders from cheating each other. Thus any unfaithful shareholders was traced and determined. Compared with the similar schemes, the proposed scheme not only has maximum information rate, but also has far lower computation and communication cost.

Fabian Schillinger,Christian Schindelhauer

DOI: https://doi.org/10.48550/arXiv.1909.05243

2020-10-08

Abstract:Secret sharing is the well-known problem of splitting a secret into multiple shares, which are distributed to shareholders. When enough or the correct combination of shareholders work together the secret can be restored. We introduce two new types of shares to the secret sharing scheme of Shamir. Crucial shares are always needed for the reconstruction of the secret, whereas mutual redundant shares only help once in reconstructing the secret. Further, we extend the idea of crucial and redundant shares to a compartmented secret sharing scheme. The scheme, which is based on Shamir's, allows distributing the secret to different compartments, that hold shareholders themselves. In each compartment, another secret sharing scheme can be applied. Using the modifications the overall complexity of general access structures realized through compartmented secret sharing schemes can be reduced. This improves the computational complexity. Also, the number of shares can be reduced and some complex access structures can be realized with ideal amount and size of shares.

Cryptography and Security

Keju Meng,Fuyou Miao,Wenchao Huang,Yan Xiong

DOI: https://doi.org/10.1016/j.ipl.2020.105928

IF: 0.851

2020-01-01

Information Processing Letters

Abstract:(t, n) threshold secret sharing (SS) is an important cryptographic primitive in which a secret is divided into n shares, and then any t or more shareholders can exchange shares to reconstruct the secret without help of any trusted third party. However, if an illegal participant, without any valid share, impersonates a shareholder to recover the secret with m (m >= t) legal shareholders in a traditional (t, n) threshold SS scheme, it may obtain the secret. Therefore, this paper utilizes a bivariate symmetry polynomial to propose a basic threshold changeable secret sharing (TCSS) scheme which is cheating immune and thwarts the above illegal participant attack. In the basic TCSS scheme, threshold is allowed to increase from t to the exact number of all participants during secret reconstruction. In this way, the secret can be recovered only if all the participants have valid shares. However, each shareholder has to keep t coefficients of its share. Then, an improved TCSS scheme based on both univariate polynomial and bivariate symmetry polynomial is proposed to reduce coefficients of shares for each shareholder. (C) 2020 Elsevier B.V. All rights reserved.

Runhua Shi,Liusheng Huang,Wei Yang,Hong Zhong

DOI: https://doi.org/10.1109/nswctc.2009.263

2009-01-01

Abstract:In real world, there are many important applications for the secret sharing with the quasi-threshold multipartite access structure. But there was still not a very efficient scheme proposed in the past. In this paper, we combine the multi-secret sharing and the quasi-threshold multipartite access structure, and present an efficient multi-secret sharing scheme with the quasi-threshold multipartite access structure based on Shamir's secret sharing scheme. In this scheme, the participants of any authorized subset can reconstruct multiple secrets by repeatedly using the Lagrange interpolation formula during a sharing process, but any non-authorized subset cannot recover any secret. In addition, the share is the same size of the single shared secret. Thus, it is an efficient and ideal multi-secret sharing scheme with the quasi-threshold multipartite access structure.

Ruihai Ma,Fei Gao,Song Lin

2023-06-15

Abstract:In addition to secret splitting, secret reconstruction is another important component of secret sharing. In this paper, the first quantum secret reconstruction protocol based on cluster states is proposed. Before the protocol, a classical secret is divided into multiple shares, which are distributed among shareholders via secret splitting. In the protocol, the dealer utilizes her secret to encrypt a private quantum state, and sends the encrypted state to a combiner chosen by her from the shareholders. With the help of other shareholders, the combiner utilizes the properties of cluster states to recover the privacy quantum state. It is shown that the proposed protocol is secure against several common attacks, including external and internal attacks. Compared with classical secret reconstruction protocols, this protocol not only achieves theoretical security of all shares, but also is more efficient due to reducing the distribution cost and computation cost. To demonstrate the feasibility of the protocol, a corresponding simulation quantum experiment is conducted on the IBM Q platform. Furthermore, in conjunction with quantum fingerprinting, it can be directly applied to achieve the task of multiple secrets sharing, because the classical shares can be reused in the proposed protocol.

Quantum Physics

Lei Zhu,Yanxiao Liu,Yichuan Wang,Wenjiang Ji,Xinhong Hei,Quanzhu Yao,Xiaoyan Zhu

DOI: https://doi.org/10.1109/NaNA.2017.62

2017-01-01

Abstract:In 1989, Tompa and Woll first introduced a cheating problem in Shamir's (k, n) secret sharing scheme, such that malicious shareholders (cheaters) aim to cheat honest shareholders by pooling forged shares during secret reconstruction. They succeed if honest shareholders accept a forged secret. In this cheating, even a single cheater can deceive other k - 1 honest shareholders with high probability. In this paper, we consider a situation that there are k --2 or less cheaters in secret reconstruction, and propose a (k, n) secret sharing scheme secure against such cheating. Our scheme is efficient respect to the size of shares. Furthermore, our scheme is secure regardless of the probability distribution of the secret.

Utkarsh Gupta,Hessam Mahdavifar

2024-05-08

Abstract:Secret sharing is an instrumental tool for sharing secret keys in distributed systems. In a classical threshold setting, this involves a dealer who has a secret/key, a set of parties/users to which shares of the secret are sent, and a threshold on the number of users whose presence is needed in order to recover the secret. In secret sharing, secure links with no leakage are often assumed between the involved parties. However, when the users are nodes in a communication network and all the links are physical links, e.g., wireless, such assumptions are not valid anymore. In order to study this critical problem, we propose a statistical leakage model of secret sharing, where some noisy versions of all the secret shares might be independently leaked to an adversary. We then study the resilience of the seminal Shamir's secret sharing scheme with statistical leakage, and bound certain measures of security (i.e., semantic security, mutual information security), given other parameters of the system including the amount of leakage from each secret share. We show that for an extreme scenario of Shamir's scheme, in particular when the underlying field characteristic is $2$, the security of each bit of the secret against leakage improves exponentially with the number of users. To the best of our knowledge, this is the first attempt towards understanding secret sharing under general statistical noisy leakage.

Information Theory

Yilei Wang,Hao Wang,Qiuliang Xu

DOI: https://doi.org/10.1504/ijguc.2012.045697

2012-01-01

International Journal of Grid and Utility Computing

Abstract:Rational secret sharing, first introduced by Halpern and Teague, means that whether players send their shares relies on their utilities, whereas in traditional scheme, players are assumed to contribute their shares willingly. This paper puts forward a rational secret-sharing scheme where players run their reconstruction protocol in point-to-point communication networks other than broadcast channels which are often used in previous papers. Kol and Naor propose an efficient t-out-of-n protocol for rational secret sharing without using cryptographic primitives while it has weak robustness to coalition when short player colludes with any long players. The protocol proposed by Fuchsbauer and Katz runs efficiently in asynchronous or point-to-point networks. Although it achieves strict Nash equilibrium and is stable with respect to trembles, it is susceptible to realise fairness among the whole party. This paper proposes a rational secret-sharing scheme in point-to-point communication networks to achieve fairness and robustness to coalition.

Qi Chen,Xiaojun Ren,Li Hu,Yongzhi Cao

DOI: https://doi.org/10.1016/j.ins.2023.119907

IF: 8.1

2024-01-01

Information Sciences

Abstract:Multipartite secret sharing schemes are those having a multipartite access structure, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. Secret sharing schemes for these access structures have gained attention, as they generalize threshold secret sharing. This work focuses on the construction of linear secret sharing schemes for ideal uniform multipartite access structures, while avoiding the inefficiencies and randomness of known constructions. To achieve this, we have developed two approaches. The first approach combines polymatroid-based techniques with Gabidulin codes, which efficiently realize a particular family of ideal uniform multipartite access structures. The efficiency of this method is derived from the unique properties of Gabidulin codes, which allow for polynomial share and secret sizes relative to the number of participants. Our second approach applies linear algebraic techniques and polymatroid-based techniques to explicitly design linear secret sharing schemes for arbitrary ideal uniform multipartite access structures. The efficiency of this method stems from the properties of polynomials over finite fields. The schemes from this method are efficient for smaller numbers of parts relative to the number of participants. In summary, we present explicit constructions of linear secret sharing schemes for ideal uniform multipartite access structures, which have important applications in cryptography.

Shaofeng Zou,Yingbin Liang,Lifeng Lai,Shlomo Shamai

DOI: https://doi.org/10.48550/arXiv.1404.6474

2014-04-26

Abstract:A novel information theoretic approach is proposed to solve the secret sharing problem, in which a dealer distributes one or multiple secrets among a set of participants that for each secret only qualified sets of users can recover it by pooling their shares together while non-qualified sets of users obtain no information about the secret even if they pool their shares together. While existing secret sharing systems (implicitly) assume that communications between the dealer and participants are noiseless, this paper takes a more practical assumption that the dealer delivers shares to the participants via a noisy broadcast channel. An information theoretic approach is proposed, which exploits the channel as additional resources to achieve secret sharing requirements. In this way, secret sharing problems can be reformulated as equivalent secure communication problems via wiretap channels, and can be solved by employing powerful information theoretic security techniques. This approach is first developed for the classic secret sharing problem, in which only one secret is to be shared. This classic problem is shown to be equivalent to a communication problem over a compound wiretap channel. The lower and upper bounds on the secrecy capacity of the compound channel provide the corresponding bounds on the secret sharing rate. The power of the approach is further demonstrated by a more general layered multi-secret sharing problem, which is shown to be equivalent to the degraded broadcast multiple-input multiple-output (MIMO) channel with layered decoding and secrecy constraints. The secrecy capacity region for the degraded MIMO broadcast channel is characterized, which provides the secret sharing capacity region. Furthermore, these secure encoding schemes that achieve the secrecy capacity region provide an information theoretic scheme for sharing the secrets.

Information Theory

Longhui Ni,Fuyou Miao

DOI: https://doi.org/10.1109/cei57409.2022.9950078

2022-01-01

Abstract:As an enhancement to traditional secret sharing, robust secret sharing provides additional fault tolerance. The fault tolerance means that the original secret can be recovered even if some shares used in reconstruction are incorrect. So far, there is a lot of research work on robust secret sharing, however the current schemes are all based on Shamir's scheme. Because Shamir's scheme is constructed on polynomials, it has only additive homomorphism and has a narrow range of applications. In this article, we will analyze the existence of robust secret sharing scheme based on Chinese Remainder Theorem from the perspective of redundant residue number system. Based on the existence, we construct a new robust secret sharing scheme and we analyze the time complexity, share size, robustness and homomorphism of our scheme. Compared with the existing scheme, our new scheme has both additive and multiplicative homomorphisms under the premise of achieving the same robustness and share size.

Zihang Yin,Cheng Chi,Jiale Song,Faguo Wu

DOI: https://doi.org/10.1109/CSCloud62866.2024.00035

2024-06-28

Abstract:Traditional threshold secret sharing scheme provides a mechanism to prevent the over-concentration of secrets while allowing for flexibility through the distribution and reconstruction of sub-secrets. However, this approach often simplifies participant behavior into categories of complete honesty or continuous deceit, neglecting the nuances of rational decision-making. To address this limitation, the rational secret sharing scheme merges threshold secret sharing with game theory, where each participant is considered rational and acts solely in self-interest. Nonetheless, existing schemes encounter challenges such as the prisoner's dilemma and the inability to reconstruct secrets due to the prioritization of individual interests. To mitigate these issues, our proposed scheme integrates a reward and punishment mechanism that balances short-term gains with long-term incentives, effectively deterring malicious behavior among participants. Moreover, traditional solutions based on elliptic curves and bilinear pairs lack resilience against quantum attacks. In response, our solution incorporates lattice-based cryptography to enhance security in the face of quantum threats. Additionally, we introduce an attribute access control tree to empower secret dealers in selecting suitable participants based on attribute restrictions, ensuring a more flexible, convenient, and secure rational secret sharing plan. This comprehensive approach improves participant selection and strengthens security measures in secret sharing scenarios.

Computer Science,Physics

Wu Lei,Miao Fuyou,Meng Keju,Wang Xu

DOI: https://doi.org/10.1007/s11704-021-0483-9

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:Secret sharing (SS) is part of the essential tech-niques in cryptography but still faces many challenges in effi-ciency and security.Currently,SS schemes based on the Chi-nese Remainder Theorem (CRT) are either low in the infor-mation rate or complicated in construction.To solve the above problems,1) a simple construction of an ideal (t,n)-SS scheme is proposed based on CRT for a polynomial ring.Compared with Ning's scheme,it is much more efficient in generating n pairwise coprime modular polynomials during the scheme construction phase.Moreover,Shamir's scheme is also a spe-cial case of our scheme.To further improve the security,2)a common-factor-based (t,n)-SS scheme is proposed in which all shareholders share a common polynomial factor.It enables both the verification of received shares and the establishment of a secure channel among shareholders during the reconstruction phase.As a result,the scheme is resistant to eavesdropping and modification attacks by outside adversaries.

Jing Yang,Fang-Wei Fu

DOI: https://doi.org/10.48550/arXiv.2202.09026

2022-02-18

Abstract:Secret sharing was firstly proposed in 1979 by Shamir and Blakley respectively. To avoid deficiencies of original schemes, researchers presented improvement schemes, among which the multi-secret sharing scheme (MSS) is significant. There are three categories of MSSs, however, we focus on multi-stage secret sharing scheme (MSSS) recovering secrets with any order in this work. By observing inhomogeneous linear recursions (ILRs) in the literature, we conclude a general formula and divide ILRs into two types according to different variables in them. Utilizing these two kinds of ILRs, we propose four verifiable MSSSs with Ajtai's function, which is a lattice-based function. Our schemes have the following advantages. Firstly, our schemes can detect cheat of the dealer and participants, and are multi-use. Secondly, we have several ways to restore secrets. Thirdly, we can turn our schemes into other types of MSSs due to the universality of our method. Fourthly, since we utilize a lattice-based function to mask shares, our schemes can resist the attack from the quantum computer with computational security. Finally, although our schemes need more memory consumption than some known schemes, we need much less time consumption, which makes our schemes more suitable facing limited computing power.

Cryptography and Security

Wentao Huang,Jehoshua Bruck

DOI: https://doi.org/10.48550/arXiv.1706.00500

2017-06-01

Information Theory

Abstract:This paper studies the problem of repairing secret sharing schemes, i.e., schemes that encode a message into $n$ shares, assigned to $n$ nodes, so that any $n-r$ nodes can decode the message but any colluding $z$ nodes cannot infer any information about the message. In the event of node failures so that shares held by the failed nodes are lost, the system needs to be repaired by reconstructing and reassigning the lost shares to the failed (or replacement) nodes. This can be achieved trivially by a trustworthy third-party that receives the shares of the available nodes, recompute and reassign the lost shares. The interesting question, studied in the paper, is how to repair without a trustworthy third-party. The main issue that arises is repair security: how to maintain the requirement that any colluding $z$ nodes, including the failed nodes, cannot learn any information about the message, during and after the repair process? We solve this secure repair problem from the perspective of secure multi-party computation. Specifically, we design generic repair schemes that can securely repair any (scalar or vector) linear secret sharing schemes. We prove a lower bound on the repair bandwidth of secure repair schemes and show that the proposed secure repair schemes achieve the optimal repair bandwidth up to a small constant factor when $n$ dominates $z$, or when the secret sharing scheme being repaired has optimal rate. We adopt a formal information-theoretic approach in our analysis and bounds. A main idea in our schemes is to allow a more flexible repair model than the straightforward one-round repair model implicitly assumed by existing secure regenerating codes. Particularly, the proposed secure repair schemes are simple and efficient two-round protocols.

James Smith

DOI: https://doi.org/10.48550/arXiv.2211.01658

2022-11-03

Abstract:Sharing a secret efficiently amongst a group of participants is not easy since there is always an adversary / eavesdropper trying to retrieve the secret. In secret sharing schemes, every participant is given a unique share. When the desired group of participants come together and provide their shares, the secret is obtained. For other combinations of shares, a garbage value is returned. A threshold secret sharing scheme was proposed by Shamir and Blakley independently. In this (n,t) threshold secret sharing scheme, the secret can be obtained when at least t out of n participants contribute their shares. This paper proposes a novel algorithm to reveal the secret only to the subsets of participants belonging to the access structure. This scheme implements totally generalized ideal secret sharing. Unlike threshold secret sharing schemes, this scheme reveals the secret only to the authorized sets of participants, not any arbitrary set of users with cardinality more than or equal to t. Since any access structure can be realized with this scheme, this scheme can be exploited to implement various access priorities and access control mechanisms. A major advantage of this scheme over the existing ones is that the shares being distributed to the participants is totally independent of the secret being shared. Hence, no restrictions are imposed on the scheme and it finds a wider use in real world applications.

Cryptography and Security,Information Theory

SHI Run-hua,HUANG Liu-sheng,YANG Wei,ZHONG Hong

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.01.002

2012-01-01

Journal of Communications

Abstract:A novel secret sharing scheme was proposed.This scheme consisted of two layer protocols: in the first layer,a larger secret was split into t smaller integers(sub-secrets) based on the Stern-Brocot tree;in the lower layer,t sub-secrets obtained from the first layer were regarded as t initial states in one-dimensional cellular automaton model,and then from the t initial states it could dynamic create all participants' shares according to the simple fixed rule.This scheme could dynamic add new member,adjust the threshold value and renew the secret and the shares.Besides,there were still other advantages that the costs of the computation were very low and the size of the shares was very small.The results of analysis show that it was secure and very efficient.