For ASIACRYPT 2018 Constructing Ideal Secret Sharing Schemes based on Chinese Remainder Theorem Fuyou Miao University of Science and Technology of China.

Slides:



Advertisements
Similar presentations
How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.
Advertisements

Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.
Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Secret Sharing Algorithms
RSA Ramki Thurimella.
Great Theoretical Ideas in Computer Science.
Announcements: SHA due Tuesday SHA due Tuesday Last exam Thursday Last exam Thursday Available for project questions this week Available for project questions.
Prelude to Public-Key Cryptography Rocky K. C. Chang, February
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Network and Computer Security (CS 475) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson.
A novel DRM framework for peer-to- per music content delivery Authors: Jung-Shian Li, Che-Jen Hsieh, Cheng-Fu Hung Source: 2010, Journal of Systems and.
Optimizing Robustness while Generating Shared Secret Safe Primes Emil Ong and John Kubiatowicz University of California, Berkeley.
Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May.
10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.
The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.
28 September 2005 Secret Sharing Amin Y. Teymorian Department of Computer Science The George Washington University.
1 Lect. 19: Secret Sharing and Threshold Cryptography.
Secure Computation Lecture Arpita Patra. Recap >Three orthogonal problems- (n,t)-sharing, reconstruction, multiplication protocol > Verifiable Secret.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
May 9, 2001Applied Symbolic Computation1 Applied Symbolic Computation (CS 680/480) Lecture 6: Multiplication, Interpolation, and the Chinese Remainder.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Secret Sharing Schemes: A Short Survey Secret Sharing 2.
Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes
Image Sharing By Chinese Remainder Theorem Group S: S1, S2, S3 Institute of Information Systems & Applications National Tsing Hua University Hsinchu 30013,
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Cryptographic Protocols Secret sharing, Threshold Security
Public Key Cryptography
Public Key Encryption Major topics The RSA scheme was devised in 1978
CSE565: Computer Security Lecture 7 Number Theory Concepts
PRODUCTS OF GROUPS If F and H are groups then their product F x H is the group defined as follows: Example If F = H = {0,1} with + mod 2.
Writing a Good Technical Paper
CS580 Internet Security Protocols
Ch12. Secret Sharing Schemes
Prelude to Public-Key Cryptography
An efficient threshold RSA digital signature scheme
Advanced Protocols.
RSA and El Gamal Cryptosystems
IEEE TRANSACTIONS ON INFORMATION THEORY, JULY 1985
Secret Sharing (or, more accurately, “Secret Splitting”)
Knapsack Cryptosystems
Cryptography CS 555 Lecture 22
Advanced Cryptography Protocols
Interpolation.
Polynomials, Secret Sharing, And Error-Correcting Codes
Introduction to Cryptography
Analysis of the RSA Encryption Algorithm
Writing a Good Technical Paper
Systems Architecture I
Group Key Management Scheme for Simultaneous Multiple Groups with Overlapped Membership Andrew Moore 9/27/2011.
Polynomials, Secret Sharing, And Error-Correcting Codes
Secret Sharing Schemes using Visual Cryptography
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
Threshold RSA Cryptography
Key Management Network Systems Security
Secret Sharing and Applications
Secret Sharing: Linear vs. Nonlinear Schemes (A Survey)
Chapter -5 PUBLIC-KEY CRYPTOGRAPHY AND RSA
Some New Issues on Secret Sharing Schemes
CSCI284 Spring 2009 GWU Sections 5.1, 5.2.2, 5.3
Cryptology Design Fundamentals
Security of Wang-Li Threshold Signature Scheme
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9
Introduction to Cryptography
Secret Image Sharing Based on Encrypted Pixels
Secret image sharing with steganography and authentication
Cryptographic Protocols Secret Sharing, Threshold Security
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
Adopting secret sharing for reversible data hiding in encrypted images
Presentation transcript:

For ASIACRYPT 2018 Constructing Ideal Secret Sharing Schemes based on Chinese Remainder Theorem Fuyou Miao University of Science and Technology of China Dec 6, 2018

Contributions Generalization of existing CRT-based (t,n)-SS from Integer Ring to Polynomial Ring Ideal (t,n)-SS based on CRT for Poly. Ring Shamir’s (t,n)-SS : a special case Weighted (t,n)-SS

Outline Two Typical Secret Sharing Schemes (t,n)-Threshold Secret Sharing ( i.e., (t,n)-SS) Two Typical Secret Sharing Schemes Secret Sharing based on Polynomial Ring over Fp Both Types of SS as Special Cases Weighted (t,n)-SS Conclusion

(t,n)-Threshold Secret Sharing t-Threshold, n- number of all shareholders A dealer divides a secret s into n pieces, allocates each piece to a shareholder as the share such that 1) any t or more than t shares can recover the secret; 2) less than t shares cannot obtain the secret;

S Share Distribution Secret Reconstruction Dealer Secret: S Share Distribution Shareholder …… Share: s1 s2 s3 s100 s4 Secret Reconstruction S Fig 1. An example of (3,100)-SS

Applications of (t,n)-SS Threshold Encryption Threshold Signature Secure Multiparty Computation Many security-related application protocols…

2 Typical (t,n)-SSs Share Distribution Secret Reconstruction Shamir’s (t,n)-SS [23]* Share Distribution f(x)=a0+a1x+a2x2+…+at-1xt-1 mod p Secret: s=a0 Each Shareholder Ui : Public information-xi ∈Fp , private share--f(xi) Secret Reconstruction m (m≥t) shareholders, e.g. {U1,U2,…Um}, compute the secret as: *[23] Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612-613 (1979)

… … … Share distribution Secret Reconstruction f(x)=a0+a1x+a2x2+…+at-1xt-1 mod p Secret: s=a0 Dealer Share distribution Shareholder … Public Info: x1 Private Share: f(x1) … … xi f(xi) xi+1 f(xi+1) xn f(xn) xi+2 f(xi+2) Secret Reconstruction Secret: s = Fig 1. Shamir’s (t,n)-SS

Remarks Shamir’s (t,n)-SS uses Lagrange Interpolation over finite field Fp to recover the secret. Ideal scheme: Information rate 1; No information leaks to t-1 participants Most popular (t,n)-SS scheme cited over 13000 times -- google scholar

2 Typical (t,n)-SS Asmuth-Bloom’s (t,n)-SS[1] over 600 times of citation Share distribution: (Increasing sequence, pairwise coprime) (gap creation ) (range extension ) (share evaluation) [1]Asmuth,C., Bloom,J.:A modular approach to key safeguarding. IEEE transactions on information theory 29(2), 208-210 (1983)

Awkward scheme[13-20][33]… Secret Reconstruction Remark: Based on Chinese Remainder Theorem(CRT) for Integer Ring Not Ideal—information rate < 1 Hard to choose moduli due to the condition Awkward scheme[13-20][33]…

Questions Can we use CRT to build a (t,n)-SS as ideal as Shamir’s scheme? What is the connection between CRT based (t,n)-SSs and Shamir’s (t,n)-SS?

Our work Generalize Asmuth-Bloom’s (t,n)-SS from Integer Ring to Polynomial Ring General Scheme Ideal Scheme Prove Shamir’s (t,n)-SS is a special case of our Ideal Scheme Construct a weighted (t,n)-SS from General Scheme

Asmuth-Bloom’s (t,n)-SS Our work Polynomial Ring over Fp Asmuth-Bloom’s (t,n)-SS (CRT for Integer Ring) 1.Our General Scheme 4. Weighted (t,n)-SS 2. Our ldeal Scheme 3. Shamir’s (t,n)-SS (Fp)

(t,n)-SS based on CRT for Polynomial Ring over Fp General scheme Ideal scheme

Our General Scheme Setup Share Distribution (ascending sequence, gap production)

Our General Scheme Secret Reconstruction

Our Ideal Scheme Only Difference in Setup

Surprising Gains from Our Ideal Scheme Information rate=1, no info. leak Ideal scheme Quite easy to choose pairwise coprime modulus polynomials e.g. Shamir’s (t,n)-SS as a special case

Shamir’s (t,n)-SS as our special case An instantiation of our ideal scheme with d0=1

Shamir’s (t,n)-SS as our special case CRT for Polynomial Ring over Fp Lagrange Interpolation over Fp Shamir’s (t,n)-SS Our Ideal scheme xi : Public info. of shareholder Ui

Weighted (t,n)-SS based on our General Scheme What is Weighted (t,n)-SS Each shareholder Ui in subset A has a weight wi ; secret can be recovered if

Weighted (t,n)-SS based on our General Scheme More natural and easier to realize Weighted (t,n)-SS based on our scheme weight=deg(mi(x))= wi Shareholder with weight wi is allocated a modulus polynomial of degree wi

Conclusions General (t,n)-SS Scheme (Poly. Ring) Asmuth- Bloom’s (t,n)-SS (Integer Ring) Ideal (t,n)-SS Scheme  General (t,n)-SS Scheme Shamir’s scheme as a special case of Ideal (t,n)-SS Scheme Weighted (t,n)-SS  General (t,n)-SS Scheme

Asmuth-Bloom’s Scheme Conclusions following schemes Potential as an alternative of both schemes Our scheme Asmuth-Bloom’s Scheme Shamir’s Scheme

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.