Miao Fuyou,Xiong Yan,Wang Xingfu,M. Badawy

DOI: https://doi.org/10.1109/tifs.2014.2384393

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:A basic (t,n)-secret sharing (SS) scheme allows a secret s to be divided into n shares and shared among n shareholders. In the scheme, any t or more than t shareholders can recover the secret while fewer than t shareholders cannot obtain the secret s. But an adversary without any valid share may obtain the secret if there are over t participants in the secret reconstruction. To address this type of attack, we first introduce the notion of randomized component (RC), which binds a share with all participants and protects the share from being exposed to outside without any computational assumption; at the same time, RCs can be used to reconstruct the secret. As one of the applications of RCs, a (t,m,n)-group oriented SS scheme is proposed to cope with the attack in basic (t,n)-SSs, in which once m (m ≥ t) participants form a tightly couple group by generating RCs, the secret can be recovered only if all m RCs are correct, which requires each participant to have a valid share in advance. Moreover, the scheme can secure the secret without any user authentication or share verification. Analyses show the proposed (t,m,n)-group oriented SS is asymptotically perfect and unconditionally secure. RCs can also be applied to build other schemes in a simple way, such as multi-SS, group authentication, and so on.

Miao Fuyou,Fan Yuanyuan,Wang Xingfu,Xiong Yan,Moaman Badawy

DOI: https://doi.org/10.1049/cje.2016.01.026

IF: 1.019

2016-01-01

Chinese Journal of Electronics

Abstract:Basic (t, n)-Secret sharing (SS) schemes share a secret among n shareholders by allocating each a share. The secret can be reconstructed only if at least t shares are available. An adversary without a valid share may obtain the secret when more than t shareholders participate in the secret reconstruction. To address this problem, the paper introduces the notion and gives the formal definition of (t, m, n)-Group oriented secret sharing (GOSS); and proposes a (t, m, n)-GOSS scheme based on Chinese remainder theorem. Without any share verification or user authentication, the scheme uses Randomized components (RC) to bind all participants into a tightly coupled group, and ensures that the secret can be recovered only if all m (m≥t) participants in the group have valid shares and release valid RCs honestly. Analysis shows that the proposed scheme can guarantee the security of the secret even though up to m−1 RCs or t−1 shares are available for adversaries. Our scheme does not depend on any assumption of hard problems or one way functions.

Miao Fuyou,Meng Keju,Yu Yue,Huang Wenchao,Xiong Yan,Wang Xingfu

2019-01-01

Abstract: Group oriented applications are getting more and more popular in today's mobile Internet and call for secure and efficient (t,n) threshold secret sharing scheme (or (t,n)-SS) to meet their requirements. A (t,n)-SS divides a secret into $n$ shares such that any $t$ or more than $t$ shares can recover the secret while less than $t$ shares cannot. However, an adversary, even without a valid share, may obtain the secret by mounting Illegal Participant (IP) attack or Half Threshold Channel Cracking (HTCC) attack. Therefore, 1) the paper presents the notion and generic framework of (t,m,n)-Tightly Coupled Secret Sharing ((t,m,n)-TCSS). Prior to recovering the secret, it requires $m$ ($m \ge t$) participants to form a tightly coupled group by each independently constructing a component with the share. All $m$ components have to be used to recover the secret and thus both attacks can be thwarted more directly and simply. Furthermore, following the framework, threshold changeable secret sharing can also be easily constructed. 2) As an implementation of the framework, a linear code based (t,m,n)-TCSS scheme is proposed. Analyses show that the scheme can prevent IP, HTCC and $(t-1)$-Insider conspiring attacks with asymptotically perfect security. Moreover, it doesn't depend on any computational assumption and is more secure and efficient in storage, communication and computation when compared with related schemes. 3) Based on (t,m,n)-TCSS, a group authentication scheme is constructed, which allows a group user to authenticate whether all users are legal group members at once and thus provides efficient and flexible m-to-m authentication for group oriented applications.

Miao Fuyou,Wang Li,Ji Yangyang,Xiong Yan

DOI: https://doi.org/10.1049/cje.2016.08.014

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:In most (t, n)-Multi-secret sharing ((t, n) MSS) schemes, an illegal participant, even without any valid share, may recover secrets when there are over t participants in secret reconstructions. To address this problem, the paper presents the notion of Group oriented (t, m, n)-multi-secret sharing (or (t, m, n)-GOMSS), in which recovering each secret requires all m (n > m > t) participants to have valid shares and actually participate in secret reconstruction. As an example, the paper then proposes a simple (t, m, n)-GOMSS scheme. In the scheme, every shareholder has only one share; to recover a secret, m shareholders construct a Polynomial-based randomized component (PRC) each with the share to form a tightly coupled group, which forces the secret to be recovered only with all m valid PRCs. As a result, the scheme can thwart the above illegal participant attack. The scheme is simple as well as flexible and does not depend on conventional hard problems or one way functions.

Xinyan Wang,Fuyou Miao

DOI: https://doi.org/10.1007/978-3-030-91356-4_7

2021-01-01

Abstract:In Shamir (t, n) secret sharing scheme, the secret can be recovered by any t or more than t shareholders. However, in insecure networks, if the number of participants is greater than t, a participant who does not own a valid share can also recover the secret by collecting components from other honest shareholders. Harn proposed the first secure secret reconstruction scheme, which used linear combination of shares to solve this problem, but this scheme is vulnerable to linear subspace attack. Miao used randomized component to disrupt the linear relationship and protect the share from being exposed. However, it can also be attacked by lattice. In this paper, we propose two randomized component based secure secret reconstruction schemes in insecure networks. The first scheme uses a random element whose distribution range at least equals to the share to protect the secrecy of share. Furthermore, the scheme is ideal and perfect. The second scheme is an improved scheme using bivariate polynomial, which is not only used for share and randomized component generation, but for secure channel construction. We don't need to establish the secure channel for each pairwise shareholders in advance. s-box transmission breaks the linear relationship among randomized components and guarantee the perfect secrecy of our scheme.

Keju Meng,Fuyou Miao,Wenchao Huang,Yan Xiong

DOI: https://doi.org/10.1016/j.dam.2019.05.011

IF: 1.254

2019-01-01

Discrete Applied Mathematics

Abstract:(t,n)-Threshold secret sharing ((t,n)-SS) scheme is a fundamental cryptographic primitive. As a special (t,n)-SS, a Multi-Level threshold Secret Sharing scheme (MLSS) divides shares into different levels. Shares at higher levels can be used at lower ones but shares of lower levels are invalid at higher ones. However, MLSS is limited in applications and vulnerable to Illegal Participant (IP) attack and t-Share Capture (SC) attack. Therefore, the paper first extends the notion of MLSS to multi-group threshold secret sharing (MGSS) to accommodate wider application scenarios. In order to cope with the 2 attacks, the paper then proposes a tightly coupled MGSS scheme based on Chinese Remainder Theorem. In the scheme, a shareholder, with only one private share, is allowed to participate in secret reconstruction of different groups. Moreover, when sufficient shareholders collaborate to recover the secret in a group, they first form a tightly coupled subgroup by constructing a randomized component each so that the secret can be recovered only if each participant has valid share and actually participates in secret reconstruction. Analyses show that the proposed scheme is capable of thwarting IP and SC attacks. Besides, the scheme is more flexible and popular in applications compared with MLSS scheme.

James Smith

DOI: https://doi.org/10.48550/arXiv.2211.01658

2022-11-03

Abstract:Sharing a secret efficiently amongst a group of participants is not easy since there is always an adversary / eavesdropper trying to retrieve the secret. In secret sharing schemes, every participant is given a unique share. When the desired group of participants come together and provide their shares, the secret is obtained. For other combinations of shares, a garbage value is returned. A threshold secret sharing scheme was proposed by Shamir and Blakley independently. In this (n,t) threshold secret sharing scheme, the secret can be obtained when at least t out of n participants contribute their shares. This paper proposes a novel algorithm to reveal the secret only to the subsets of participants belonging to the access structure. This scheme implements totally generalized ideal secret sharing. Unlike threshold secret sharing schemes, this scheme reveals the secret only to the authorized sets of participants, not any arbitrary set of users with cardinality more than or equal to t. Since any access structure can be realized with this scheme, this scheme can be exploited to implement various access priorities and access control mechanisms. A major advantage of this scheme over the existing ones is that the shares being distributed to the participants is totally independent of the secret being shared. Hence, no restrictions are imposed on the scheme and it finds a wider use in real world applications.

Cryptography and Security,Information Theory

Fuyou Miao,Keju Meng,Wenchao Huang,Yan Xiong,Xingfu Wang

DOI: https://doi.org/10.1109/icctec.2017.00310

2019-01-01

Abstract: As a fundamental cryptographic tool, (t,n)-threshold secret sharing ((t,n)-SS) divides a secret among n shareholders and requires at least t, (t<=n), of them to reconstruct the secret. Ideal (t,n)-SSs are most desirable in security and efficiency among basic (t,n)-SSs. However, an adversary, even without any valid share, may mount Illegal Participant (IP) attack or t/2-Private Channel Cracking (t/2-PCC) attack to obtain the secret in most (t,n)-SSs.To secure ideal (t,n)-SSs against the 2 attacks, 1) the paper introduces the notion of Ideal Tightly cOupled (t,m,n) Secret Sharing (or (t,m,n)-ITOSS ) to thwart IP attack without Verifiable SS; (t,m,n)-ITOSS binds all m, (m>=t), participants into a tightly coupled group and requires all participants to be legal shareholders before recovering the secret. 2) As an example, the paper presents a polynomial-based (t,m,n)-ITOSS scheme, in which the proposed k-round Random Number Selection (RNS) guarantees that adversaries have to crack at least symmetrical private channels among participants before obtaining the secret. Therefore, k-round RNS enhances the robustness of (t,m,n)-ITOSS against t/2-PCC attack to the utmost. 3) The paper finally presents a generalized method of converting an ideal (t,n)-SS into a (t,m,n)-ITOSS, which helps an ideal (t,n)-SS substantially improve the robustness against the above 2 attacks.

Rui Xu,Xu Wang,Kirill Morozov,Chi Cheng,Jintai Ding

DOI: https://doi.org/10.1016/j.ins.2021.12.053

IF: 8.1

2022-04-01

Information Sciences

Abstract:In a ( t , n ) threshold scheme any t or more shares can reconstruct the secret s, but less than t shares reveal no information about s. However, an unauthenticated adversary can pretend to be the shareholder at the reconstruction stage. If there were more than t honest shareholders, the unauthenticated adversary without valid share can obtain the secret. To deal with this type of attacks, a model of ( t , m , n ) group oriented secret sharing (GOSS) scheme was proposed by Miao et al. in 2015. Here the group oriented property means that if m &gt; t parties try to reconstruct the secret, they should all have the authentic shares in advance. It was claimed by Miao et al. that the group oriented property in their GOSS schemes holds in the information-theoretic sense. In this paper, we revisit two instantiations of ( t , m , n ) group oriented secret sharing schemes and show that these constructions cannot provide the so-called “group oriented property”. Specifically, we develop concrete attacks which allow an unauthenticated adversary with no valid share to participate in the reconstruction phase and obtain the secret provided that there are at least t honest shares presented at the reconstruction phase.

computer science, information systems

Fuyou Miao,Yue Yu,Keju Meng,Yan Xiong,Chin-Chen Chang

DOI: https://doi.org/10.1155/2021/6678345

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:In a t , n threshold secret sharing (SS) scheme, whether or not a shareholder set is an authorized set totally depends on the number of shareholders in the set. When the access structure is not threshold, (t,n) threshold SS is not suitable. This paper proposes a new kind of SS named grouped secret sharing (GSS), which is specific multipartite SS. Moreover, in order to implement GSS, we utilize both Lagrange interpolation polynomials and Chinese remainder theorem to design two GSS schemes, respectively. Detailed analysis shows that both GSS schemes are correct and perfect, which means any authorized set can recover the secret while an unauthorized set cannot get any information about the secret.

Xingxing Jia,Yusheng Guo,Xiangyang Luo,Daoshun Wang,Chaoyang Zhang

DOI: https://doi.org/10.1016/j.ins.2022.02.016

IF: 8.1

2022-01-01

Information Sciences

Abstract:The secret sharing (SS) scheme has been widely used as the de facto paradigm for group key management in cryptography and distributed computation. An SS scheme for a general access structure (GSS) has drawn more and more attention since it allows flexible access control. However, previous solutions to GSS need to either assign multiple shares to each participant or to solve a complex nonlinear integer programming. In this paper, we propose a novel strategy to address the two problems simultaneously based on the Chinese Remainder Theorem (CRT) for a polynomial ring over a finite field. We classify general access structures satisfying the monotone property into the two families of maximum forbidden subsets and minimum qualified subsets conforming to the security condition and the revealing condition. The moduli used in the scheme are pairwise coprime polynomials and can take the irreducible polynomials. To find the degrees of these polynomials, we only need to solve an integer linear programming (ILP) by minimizing the sum of the degrees of all the moduli. The proposed scheme is inherently a weighted SS scheme and may have no solution which commonly exists in all GSS schemes. To ensure a solution, we put forth a preprocessing algorithm which separates the original access structure into several subaccess structures based on graph theory. The proposed scheme only assigns a share for each participant and achieves perfect security. It has good generalization and provides a universal approach to program the scheme construction for SS schemes with general access structures, threshold access structures and weighted access structures.

Jing Li,Licheng Wang,Jianhua Yan,Xinxin Niu,Yixian Yang

DOI: https://doi.org/10.3837/tiis.2014.12.018

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:A (n,t,n) secret sharing scheme is to share a secret among n group members, where each member also plays a role of a dealer, and any t shares can be used to recover the secret. In this paper, we propose a strong (k,t,n) verifiable multi-secret sharing scheme, where any k out of n participants operate as dealers. The scheme realizes both threshold structure and adversary structure simultaneously, and removes a trusted third party. The secret reconstruction phase is performed using an additive homomorphism for decreasing the storage cost. Meanwhile, the scheme achieves the pre-verification property in the sense that any participant doesn't need to reveal any information about real master shares in the verification phase. We compare our proposal with the previous (n,t,n) secret sharing schemes from the perspectives of what kinds of access structures they achieve, what kinds of functionalities they support and whether heavy storage cost for secret share is required. Then it shows that our scheme takes the following advantages: (a) realizing the adversary structure, (b) allowing any k out of n participants to operate as dealers, (c) small sized secret share. Moreover, our proposed scheme is a favorable candidate to be used in many applications, such as secure multi-party computation and privacy preserving data mining, etc.

Miao Fuyou,Jiang Huiwen,Ji Yangyang,Xiong Yan

DOI: https://doi.org/10.1049/cje.2016.08.015

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Group authentication usually checks whether an individual user belongs to a pre-defined group each time but cannot authenticate all users at once without public key system. The paper proposes a Randomized component-based asynchronous（t, m, n） group authentication（（t, m, n）-RCAGA） scheme. In the scheme, each user employs the share of（t, n）-threshold secret sharing as the token, constructs a Randomized component（RC） with the share and verifies whether all users belong to a pre-defined group at once without requiring all users to release randomized components simultaneously. The proposed scheme is simple and flexible because each group member just uses a single share as the token and the scheme does not depend on any public key system. Analyses show the proposed scheme can resist up to t-1 group members conspiring to forge a token, and an adversary is unable to forge a valid token or derive a token from a RC.

Keju Meng,Fuyou Miao,Yue Yu,Changbin Lu

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00031

2018-01-01

Abstract:In a (t,n) threshold secret sharing ((t,n)-SS) scheme, any equal to or more than t shareholders are able to reconstruct the secret by pooling shares together. However, (t,n)-SS cannot work when the access structure is not threshold. Later, the notion of secret sharing scheme with general access structure (GAS) was proposed. In a GAS scheme, access structure can be designed for any requirements. If and only if a set of shareholders satisfies required access structure, the secret can be recovered. Because access structures are more complex than simple (t,n) threshold, users need plenty of storage to keep multiple private shares in most GAS schemes. In order to reduce private shares of shareholder, this paper proposes a universal GAS scheme which breaks the hierarchical limitation of levels in a multilevel secret sharing scheme based on Chinese remainder theorem to make the GAS scheme available for any general access structure. More importantly, each shareholder just needs less storage to keep one private share in the proposed scheme.

Lein Harn,Miao Fuyou

DOI: https://doi.org/10.1016/j.ipl.2014.04.006

IF: 0.851

2014-01-01

Information Processing Letters

Abstract:The (t,n) threshold secret sharing schemes (SSs) were introduced by Shamir and Blakley separately in 1979. Multilevel threshold secret sharing (MTSS) is a generalization of classical threshold SS, and it has been studied extensively in the literature. In an MTSS, shareholders are classified into different security subsets. The threshold value of a higher-level subset is smaller than the threshold value of a lower-level subset. Shareholders in each subset can recover the secret if the number of shares available is equal to or more than a threshold value. Furthermore, the share of a shareholder in a higher-level subset can be used as a share in the lower-level subset to recover the secret. Chinese Remainder Theorem (CRT) is one of popular tools used for designing SSs. For example, the Mignotte's scheme and Asmuth–Bloom's scheme are two classical (t,n) threshold SSs based on the CRT. So far, there was no CRT-based MTSS in the literature. In this paper, we propose the first MTSS based on the CRT. In our proposed scheme, one unique feature is that each shareholder needs to keep only one private share. Our proposed scheme is based on the Asmuth–Bloom's SS which is unconditionally secure.

Qi Chen,Xiaojun Ren,Li Hu,Yongzhi Cao

DOI: https://doi.org/10.1016/j.ins.2023.119907

IF: 8.1

2024-01-01

Information Sciences

Abstract:Multipartite secret sharing schemes are those having a multipartite access structure, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. Secret sharing schemes for these access structures have gained attention, as they generalize threshold secret sharing. This work focuses on the construction of linear secret sharing schemes for ideal uniform multipartite access structures, while avoiding the inefficiencies and randomness of known constructions. To achieve this, we have developed two approaches. The first approach combines polymatroid-based techniques with Gabidulin codes, which efficiently realize a particular family of ideal uniform multipartite access structures. The efficiency of this method is derived from the unique properties of Gabidulin codes, which allow for polynomial share and secret sizes relative to the number of participants. Our second approach applies linear algebraic techniques and polymatroid-based techniques to explicitly design linear secret sharing schemes for arbitrary ideal uniform multipartite access structures. The efficiency of this method stems from the properties of polynomials over finite fields. The schemes from this method are efficient for smaller numbers of parts relative to the number of participants. In summary, we present explicit constructions of linear secret sharing schemes for ideal uniform multipartite access structures, which have important applications in cryptography.

Xing Xing Jia,Yi Xuan Song,Dao Shun Wang,Da Xin Nie,Jin Zhao Wu

DOI: https://doi.org/10.3934/mbe.2019062

2019-01-01

Mathematical Biosciences and Engineering

Abstract:Secret sharing (SS) can be used as an important group key management technique for distributed cloud storage and cloud computing. In a traditional threshold SS scheme, a secret is shared among a number of participants and each participant receives one share. In many real-world applications, some participants are involved in multiple SS schemes with group collaboration supports thus have more privileges than the others. To address this issue, we could assign multiple shares to such participants. However, this is not a bandwidth efficient solution. Therefore, a more sophisticated mechanism is required. In this paper, we propose an efficient collaborative secret sharing (CSS) scheme specially tailored for multi-privilege participants in group collaboration. The CSS scheme between two or among more SS schemes is constructed by rearranging multi-privilege participants in each participant set and then formulated into several independent SS schemes with multi-privilege shares that precludes information leakage. Our scheme is based on the Chinese Remainder Theorem with lower recovery complexity and it allows each multi-privilege participant to keep only one share. It can be formally proved that our scheme achieves asymptotically perfect security. The experimental results demonstrate that it is efficient to achieve group collaboration, and it has computational advantages, compared with the existing works in the literature.

Keju Meng,Fuyou Miao,Yu Ning,Wenchao Huang,Yan Xiong,Chin-Chen Chang

DOI: https://doi.org/10.1007/s11704-019-9123-z

IF: 2.6688

2020-01-01

Frontiers of Computer Science

Abstract:If an adversary tries to obtain a secret s in a ( t, n ) threshold secret sharing (SS) scheme, it has to capture no less than t shares instead of the secret s directly. However, if a shareholder keeps a fixed share for a long time, an adversary may have chances to filch some shareholders’ shares. In a proactive secret sharing (PSS) scheme, shareholders are supposed to refresh shares at fixed period without changing the secret. In this way, an adversary can recover the secret if and only if it captures at least t shares during a period rather than any time, and thus PSS provides enhanced protection to long-lived secrets. The existing PSS schemes are almost based on linear SS but no Chinese Remainder Theorem (CRT)-based PSS scheme was proposed. This paper proposes a PSS scheme based on CRT for integer ring to analyze the reason why traditional CRT-based SS is not suitable to design PSS schemes. Then, an ideal PSS scheme based on CRT for polynomial ring is also proposed. The scheme utilizes isomorphism of CRT to implement efficient share refreshing.

Keju Meng,Fuyou Miao,Wenchao Huang,Yan Xiong

DOI: https://doi.org/10.1016/j.ipl.2020.105928

IF: 0.851

2020-01-01

Information Processing Letters

Abstract:(t, n) threshold secret sharing (SS) is an important cryptographic primitive in which a secret is divided into n shares, and then any t or more shareholders can exchange shares to reconstruct the secret without help of any trusted third party. However, if an illegal participant, without any valid share, impersonates a shareholder to recover the secret with m (m >= t) legal shareholders in a traditional (t, n) threshold SS scheme, it may obtain the secret. Therefore, this paper utilizes a bivariate symmetry polynomial to propose a basic threshold changeable secret sharing (TCSS) scheme which is cheating immune and thwarts the above illegal participant attack. In the basic TCSS scheme, threshold is allowed to increase from t to the exact number of all participants during secret reconstruction. In this way, the secret can be recovered only if all the participants have valid shares. However, each shareholder has to keep t coefficients of its share. Then, an improved TCSS scheme based on both univariate polynomial and bivariate symmetry polynomial is proposed to reduce coefficients of shares for each shareholder. (C) 2020 Elsevier B.V. All rights reserved.

Li, Fulin,Liu, Zhuo,Liu, Li

DOI: https://doi.org/10.1007/s11128-024-04269-1

IF: 1.965

2024-02-13

Quantum Information Processing

Abstract:Quantum secret sharing plays a crucial role in quantum cryptography. In this paper, we present a rational hierarchical (t,n) -threshold quantum secret sharing scheme based on Lagrange interpolation. In our scheme, participants possess rational and hierarchical properties, and the secret can be reconstructed when the number of rational participants satisfies the hierarchical (t,n) -threshold structure proposed in this paper. The reconstructed secret can encompass both classical information and quantum state information, enhancing the practicality and flexibility of our scheme compared to existing ones. Additionally, we redefine the utility of participants based on their roles in the secret recovery process. This newly defined utility allows for a more precise analysis of the correctness, fairness, and equilibrium of our scheme. Finally, our scheme not only resists a typical set of external attacks but also incorporates mechanisms to detect forgery and collusion among participants.

physics, multidisciplinary,quantum science & technology, mathematical