Presentation on theme: "Ch12. Secret Sharing Schemes"— Presentation transcript:
1Ch12. Secret Sharing Schemes Imagine that you have made billions of ￡$ fromInternet stocks, and you wish to leave your estateto your 4 children. You like to divide it among themin such a way that two of them have to gettogether to reconstruct the real combination, i.e.,someone who wants some of the inheritance mustsomehow cooperate with one of the other children.(t,w)=(2,4) - threshold scheme
2Definition Let t≦w be positive integers. A (t,w)-threshold scheme is a method of sharing a message M among a set of w participants such that any subset consisting of t participants can reconstruct the message M, but no subsets of smaller size can reconstruct M.
3Shamir threshold scheme in 1979 Based on Lagrange interpolation polynomialAlso called Lagrange interpolation schemeChoose a large prime p, the message M isrepresented as a number (mod p)s(x)≡M+s1x+s2x2+…+st-1xt-1 (mod p)(xi,yi), i=1,2, …, w; yi≡s(xi) (mod p)
4Lagrange Interpolating Polynomials Suppose that the function y=f(x) is known at the n+1 points (x0,y0), (x1,y1), … (xn,yn), where a≤ x0 <x1 <x2 …< xn≤b, then there is a polynomial Pn(xi)=yi, 0≤i≤n
6Simple Exercises from p.303-306 2. You set up a (2,30) Shamir threshold scheme, working mod the prime 101. Two of the shares are (1,13) and (3,12). Another person received the share (2,*), what is the value of *?3. In a (3,5) Shamir secret sharing scheme with modulus p=17, the following were given to Alice, Bob, Charles: (1,8), (3,10), (5,11). Calculate the corresponding Lagrange interpolating polynomial, and identify the secret.
7(Secret) Value Sharing A (k, n) threshold secret sharing should satisfy the following requirements:(1) A secret value M is used to generate nshadows.(2) Any ≧k shadows can reconstruct thesecret value M.(3) Any ＜k shadows can not get sufficientinformation to reveal the secret value M.
8s(x) ≡ M+s1x+s2x2+…+sk-1xk-1 (mod p) Secret Sharing (1/4)A (k, n) threshold polynomial can be written bys(x) ≡ M+s1x+s2x2+…+sk-1xk-1 (mod p)Select n distinct integer x1,x2,…,xn form [0,p-1]Deliver (xi,s(xi)) to the i-th participantp= a (large) prime numberM: secret values1,…,sk-1: randomly chosen from [0, p-1]
9Secret Sharing (2/4)To reveal the secret value M, we must collect (at least k) ≧k shadows.Without loss of generality, we use(x1,s(x1)),…, (xk,s(xk)) as k shadows.We can reveal the secret value M by using Lagrange interpolation.where M=s(0)
10Secret Sharing (3/4) Example: (k, n)=(2, 4)-threshold secret sharing Given x1=1,x2=2,x3=3,x4=4A polynomial equation can be defined ass(x) ≡ 9+13x mod 17Then s(1)=5, s(2)=1, s(3)=14, s(4)=10Four shadows: (1,5), (2,1), (3,14), (4,10)
11Secret Sharing (4/4) Example We can get the equation by taking (1,5), (4,10) by using Lagrange interpolation.s(0)=9
12Secret Image SharingA (k, n)-threshold secret image sharing msut satisfy the following requirements:(1)The secret image S is used to generate n shadow images.(2)Any ≧k shadow images can reconstruct the secret image.(3)Any ＜k shadow images can not get sufficient information to reveal the secret image.
14Scramble a Secret Image Pre-operation:All gray levels are in the range [0,255]Let p=251Suppress all values larger than 250 to 250.-The values are in the range 0~250-A Lossy methodSelect a key P to create a permutation matrix.-To decrease the correlation between any neighboring pixels.
21Experimental results The (2,4)-threshold on image Lenna 512x512, Histogram of LennaThe secret imageThe permutation image(1,s(1))(2,s(2))(3,s(3))(4,s(4))
22Security AnalysisWithout loss of generality, if we only have (k-1) shadow images.y1 ≡ (a0+a1+…+ak-1) mod py2 ≡ (a0+2a1+…+2k-1ak-1) mod p…yk-1 ≡ (a0+(k-1)a1+…+(k-1)(k-1)ak-1) mod pThe probability to get the right image is
23Property and Conclusion A lossy methodThe size of each shadow image is 1/r of the secret imageFault-toleranceUse network hard disks for storage.Steganography…
24ReferencesW. Trappe and l.C. Washington, Introduction to Cryptography with Coding Theory, Pearson International Edition (2006)C.C. Thien and J.C. Lin, “Secret image sharing,” Computers & Graphics, vol. 26, no. 1, , 2002.