An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, 2004. ICCCAS 2004.

Slides:



Advertisements
Similar presentations
Completeness and Expressiveness
Advertisements

Reductions Complexity ©D.Moshkovitz.
1 Decomposing Hypergraphs with Hypertrees Raphael Yuster University of Haifa - Oranim.
1. 2 Overview Review of some basic math Review of some basic math Error correcting codes Error correcting codes Low degree polynomials Low degree polynomials.
Instructor: Hayk Melikya
Complexity 16-1 Complexity Andrei Bulatov Non-Approximability.
II. Linear Independence 1.Definition and Examples.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
1 Module 19 LNFA subset of LFSA –Theorem 4.1 on page 131 of Martin textbook –Compare with set closure proofs Main idea –A state in FSA represents a set.
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
1 Lecture 20 LNFA subset of LFSA –Theorem 4.1 on page 105 of Martin textbook –Compare with set closure proofs Main idea –A state in FSA represents a set.
1 A Linear Space Algorithm for Computing Maximal Common Subsequences Author: D.S. Hirschberg Publisher: Communications of the ACM 1975 Presenter: Han-Chen.
Variable-Length Codes: Huffman Codes
Orthogonality and Least Squares
ECE 667 Synthesis and Verification of Digital Systems
1 Set Theory. Notation S={a, b, c} refers to the set whose elements are a, b and c. a  S means “a is an element of set S”. d  S means “d is not an element.
Transparency No. 8-1 Formal Language and Automata Theory Chapter 8 DFA state minimization (lecture 13, 14)
ROM-based computations: quantum versus classical B.C. Travaglione, M.A.Nielsen, H.M. Wiseman, and A. Ambainis.
Use right angle congruence
Sets.
Math 3121 Abstract Algebra I Lecture 3 Sections 2-4: Binary Operations, Definition of Group.
Exam 2 Review 7.5, 7.6, |A1  A2  A3| =∑|Ai| - ∑|Ai ∩ Aj| + |A1∩ A2 ∩ A3| |A1  A2  A3  A4| =∑|Ai| - ∑|Ai ∩ Aj| + ∑ |Ai∩ Aj ∩ Ak| - |A1∩
Testing Theory cont. Introduction Categories of Metrics Review of several OO metrics Format of Presentation CEN 5076 Class 6 – 10/10.
Properties of Relations In many applications to computer science and applied mathematics, we deal with relations on a set A rather than relations from.
CS 173, Lecture B August 27, 2015 Tandy Warnow. Proofs You want to prove that some statement A is true. You can try to prove it directly, or you can prove.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
1 Week 5 Linear operators and the Sturm–Liouville theory 1.Complex differential operators 2.Properties of self-adjoint operators 3.Sturm-Liouville theory.
Lparse Programs Revisited: Semantics and Representation of Aggregates Guohua Liu and Jia-Huai You University of Alberta Canada.
Array BP-XOR Codes for Reliable Cloud Storage Systems Yongge Wang UNC Charlotte, USA IEEE ISIT(International Symposium on Information Theory)
Honors Geometry Intro. to Deductive Reasoning. Reasoning based on observing patterns, as we did in the first section of Unit I, is called inductive reasoning.
1 Closures of Relations: Transitive Closure and Partitions Sections 8.4 and 8.5.
Geometry Honors Section 2. 2
Privacy-preserving rule mining. Outline  A brief introduction to association rule mining  Privacy preserving rule mining Single party  Perturbation.
CS 267: Automated Verification Lecture 3: Fixpoints and Temporal Properties Instructor: Tevfik Bultan.
1 Introduction to Abstract Mathematics Sets Section 2.1 Basic Notions of Sets Section 2.2 Operations with sets Section 2.3 Indexed Sets Instructor: Hayk.
Network and Computer Security (CS 475) Modular Arithmetic
Introduction to Graphs. This Lecture In this part we will study some basic graph theory. Graph is a useful concept to model many problems in computer.
Introduction to Real Analysis Dr. Weihu Hong Clayton State University 8/27/2009.
CS Master – Introduction to the Theory of Computation Jan Maluszynski - HT Lecture 7 Undecidability cont. Jan Maluszynski, IDA, 2007
Lecture 4 Infinite Cardinals. Some Philosophy: What is “2”? Definition 1: 2 = 1+1. This actually needs the definition of “1” and the definition of the.
Functions (Mappings). Definitions A function (or mapping)  from a set A to a set B is a rule that assigns to each element a of A exactly one element.
1 CS 140 Discrete Mathematics Combinatorics And Review Notes.
Secret Sharing Non-Shannon Information Inequalities Presented in: Theory of Cryptography Conference (TCC) 2009 Published in: IEEE Transactions on Information.
Copyright © Cengage Learning. All rights reserved. CHAPTER 8 RELATIONS.
8.5 Equivalence Relations
SECTION 10 Cosets and the Theorem of Lagrange Theorem Let H be a subgroup of G. Let the relation  L be defined on G by a  L b if and only if a -1 b 
RelationsCSCE 235, Spring Introduction A relation between elements of two sets is a subset of their Cartesian products (set of all ordered pairs.
Introduction to Proofs
MAT 2720 Discrete Mathematics Section 3.3 Relations
1 Topic Sets (5.1, 5.2, 5.3). 2 Original author of the slides: Vadim Bulitko University of Alberta Modified by.
 2004 SDU 1 Lecture5-Strongly Connected Components.
Ari Juels, Burton S. Kaliski Jr 14th ACM conference on Computer and communications security,2007 Cited:793 Presenter: 張哲豪 Date:2014/11/24.
What is a matroid? A matroid M is a finite set E, with a set I of subsets of E satisfying: 1.The empty set is in I 2.If X is in I, then every subset of.
2 2.2 © 2016 Pearson Education, Ltd. Matrix Algebra THE INVERSE OF A MATRIX.
CS 173, Lecture B August 27, 2015 Tandy Warnow. Proofs You want to prove that some statement A is true. You can try to prove it directly, or you can prove.
Secret Sharing Schemes: A Short Survey Secret Sharing 2.
Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes
Statistical Properties of Digital Piecewise Linear Chaotic Maps and Their Roles in Cryptography & Pseudo-Random Coding Li ShujunLi Shujun 1, Li Qi 2, Li.
Page 1. 1)Let B n = { a k | where k is a multiple of n}. I.e. B 1 = { a k | where k is a multiple of 1} = { a k | k Є {0,1,2,3,…}} = {‘’, a, aa, aaa, aaaa,
1/29/02CSE460 - MSU1 Nondeterminism-NFA Section 4.1 of Martin Textbook CSE460 – Computability & Formal Language Theory Comp. Science & Engineering Michigan.
Zurich University, 11 April  A secret sharing scheme is a method of dividing a secret S among a finite set of participants.  only certain pre-specified.
Counterexample-Guided Abstraction Refinement By Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith Presented by Yunho Kim Provable Software.
The Relation Induced by a Partition
Introduction to Deductive Proofs
Use right angle congruence
Computability and Complexity
Modular Arithmetic and Change of Base
Linear Algebra Chapter 4 Vector Spaces.
Presentation transcript:

An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, ICCCAS International Conference on Volume 1, June 2004 Page(s): Vol.1 Presented by Yu-Sheng Chen

Introduction: Secret Sharing Scheme Access structure secret sharing scheme –designate certain authorized groups of participants (who can use their shares to recover the secret) Adversary structure secret sharing scheme (prohibited structure) –specify the subsets of participants that may be corrupted at the same time (who can not use their shares to recover the secret)

Adversary structure Notation 1 Let P={ p 1, …, p n } be the set of participants S is the master secret and the partitions of S = [S 1, …, S m ] The adversary structure is and β is monotone : The Maximal adversary structure is

Notation 1 Illustration P={a,b,c,d} adversary structure β={ {a}, {b}, {a,b}, {b,c} } Maximal adversary structure β max ={ {a,b}, {b,c} } b c a a b c d d

Adversary structure Notation 2 A secret sharing scheme about S is a mapping Π realizes adversary structure β if it satisfies –(1) Reconstruction Property: –(2) Perfect Property: (i.e. S and S’are indistinguishable for X) (Is this definition the same as “ ” ?)

Adversary Structure Secret Sharing Scheme Step 1 –Compute β max from adversary structure β –We denote Step 2 –Let –We call the write structure of the secret sharing. Step 3 –Secret S is split into –The share of participant p is

Example and Illustration ωβωβ p1p2p3p4p5 W 1 = W 2 = W 3 = β max p1p2p3p4p5 β 1 =10110 β 2 =11000 β 3 =00011 p1 p2 p3 p4 p5 β1β1 β2β2 β3β3 S3S3 S1S3S1S3 S2S3S2S3 S2S2 S1S2S1S2 Example: X={ p1, p5 } q(X)={ S 1, S 2, S 3 } X can recover S Y={ p1, p2 } q(Y)={ S 1, S 3 } Y cannot recover S

Proof of Its Correctness Theorem The scheme described above realizes adversary structure β Proof –We need to prove that the scheme satisfies Reconstruction property Perfect property

B j Reconstruction property pf X

Perfect property pf X B i S 1 +…+ [S i +(S’-S)] +…+S m = S+(S’-S) = S’

Reduction Define the equivalence relation ~ as : iff “ ” The paper proves that removing p j from the original secret sharing scheme does not matter (Theorem 2, 3, and 4). The reduced scheme still preserves the Reconstruction property and Perfect Property.

If p i ~p j Then p i and p j have the same share Thus removing p j from the scheme dose not matter.

Conclusion An adversary structure secret sharing scheme –specify the subsets of participant who can not recover the secret The scheme –Prove the reconstruction and perfect property –Efficiency It performs modular additions and subtractions. The scheme can be slightly reduced

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.