Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University,

Published byMatilda Short Modified over 9 years ago

Similar presentations

Presentation on theme: "Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University,"— Presentation transcript:

1 Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University, Israel 2 Columbia University, NYC

2 Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

3 Intro: What is a Swarm A collection of processors collaborating on a mission UAVs Mobile sensors Processors / RFIDs

4 Intro: Swarm Motivation Robustness Fault tolerance Security

5 Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

6 Swarm’s Global Secret Distributed secret shares

7 Swarm’s Global Secret Distributed secret shares p

8 The Problem Can members modify the global secret without knowing the secret before and after the change and with no internal communication? THINK AGAIN!

9 Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

10 Swarm Settings (1) n swarm members Distributed secret shares Any less thank k cannot reveal At least k to reveal (p) Compromising adversary Listening (no sending) Compromise at most f < k Corruptive adversary Listening (no sending) Corrupt at most f < k

11 Swarm Settings (2) No internal communication Avoided/safe area Simultaneous external input Controller Event observed/sensed X X X X

12 Swarm Settings (3) Swarm input actions set() step() regainConsistencyRequest() joinRequest() joinReply() regainConsistencyReply()

13 Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

14 Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

15 Our Polynomial Based Solution Shamir’s (k,n)-threshold scheme Secret: Globl counter GC p(x) = a 0 +a 1 x+a 2 x 2 +…+a k x k a 1..a k are random Secret: a 0 = GC Secret distribution n distinct points: (x i,p(x i )), x i   0 GC = p(0) Any k points reveals the secret No less than k reveals it

16 Our Polynomial Based counter Increment counter: GC  GC+δ p(x) = GC+a 1 x+a 2 x 2 +…+a k x k q(x) = p(x) + δ q(x) is defined by  x i,p(x i )+δ  Multiply : Gc  GC·μ p(x) = GC+a 1 x+a 2 x 2 +…+ a k x k q(x) = p(x)·μ q(x) is defined by  x i,p(x i )·μ 

17 Our Polynomial based solution Swarm input: set set(  x i,p(x i )  )

18 Our Polynomial based solution Swarm input: step step()   x i, p(x i )    x i, p(x i )+  And the same for multiplication by μ

19 Our Polynomial based solution input: regain consistency request regainConsistencyReq() leader  x i, p(x i ) 

20 Our Polynomial based solution input: regain consistency request leader

21 Our Polynomial based solution input: regain consistency reply leader  x i, p(x i ) 

22 Our Polynomial based solution input: join request & reply joinReq() joinReply()

23 Our Polynomial Based Solution (Corruptive Adversary) Berlekamp-Welch Polynomial p(x) of degree k k+r points e errors Decode p(x) if e  r/2 Polynomial based solution Decode p(x) if f  (n–k–lp)/2 Where lp = num of leaving processes between two regainConsistency ops.

24 Our Polynomial Based Solution Tuple Share I think it is unnecessary in he polynomial Polynomial p(x) of degree l  k Secret share: A tuple of s distinct points  x i1,p(x i1 ) ,  x i2,p(x i2 ) ,….,  x is,p(x is )  s =  l/k  Probability that m shares reveal: Pr m m  k  missing point  Pr m =0 m  k  Pr m = [1-(1-p) m ] l

25 Talk Outline Introduction & motivation The Problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

26 From Polynomial Solution to Chinese Remainder Solution Secret D Polynomial based solution  x,p(x)  is of order of D Minimum k·logD space Chinese remainder solution 0  D  p 1  p 2  …  p k Minimum logD space actually l  k

27 Our Chinese Remainder Based Solution Swarm secret: global counter GC p 1 < p 2 < … < p k relatively primes M k = p 1  p 2  …  p k 0  GC  M k GC   r 1,p 1 ,  r 2,p 2 ,…,  r l,p k  [CRT] r i  = GC mod p i GC   r 1, r 2,…,r k  Secret share  r i, p i , r i  = GC mod p i

28 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0 

29 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1 

30 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  1  0,2,2 

31 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  3  1,0,3 

32 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  3  1,0,3  4  0,1,4 

33 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  3  1,0,3  4  0,1,4  5  1,2,0 

34 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  6  0,0,1  3  1,0,3  4  0,1,4  5  1,2,0 

35 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  6  0,0,1  3  1,0,3  4  0,1,4  5  1,2,0  7  1,1,2 

36 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  6  0,0,1  3  1,0,3  4  0,1,4  5  1,2,0  7  1,1,2  8  0,2,3 

37 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  6  0,0,1  3  1,0,3  4  0,1,4  5  1,2,0  7  1,1,2  8  0,2,3  9  1,0,4 

38 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  6  0,0,1  3  1,0,3  4  0,1,4  5  1,2,0  7  1,1,2  8  0,2,3  10  0,1,0  9  1,0,4 

39 Example  p 1 =2, p 2 =3, p 3 =5 ,  r 1 =0, r 2 =0, r 3 =0  0  GC  30 0  0,0,0  1  1,1,1  2  0,2,2  6  0,0,1  3  1,0,3  4  0,1,4  5  1,2,0  7  1,1,2  8  0,2,3  10  0,1,0  9  1,0,4  29  1,2,4 

40 Swarm Input p i  x i, r i  p(x i ) set() step() regainConsistencyRequest() joinRequest() joinReply() regainConsistencyReply()

41 Our Chinese Remainder Based Solution Swarm input: step step(δ)   r i, p i    r i +  mod p i, p i 

42 Our Chinese Remainder Based Solution (Corruptive adversary) Mandelbaum p 1 < p 2 <…< p k <…< p k+r, relatively primes M k = p 1  p 2  …  p k 0  GC  M k e errors Detect: e  r Correct: e  r/2 Chinese remainder based solution Detect: f  n-k-lp Correct: f  (n-k-lp)/2

43 Our Chinese Remainder Based Solution Tuple Share Secret: 0  GC  M l p 1 < p 2 <…< p l, l  k M l = p 1  p 2  …  p l Secret share A tuple of s pairs  r i1,p i1 ) ,  r i2,p i2 ,….,  r is,p is   r ij, p ij , r ij  = GC mod p ij s =  l/k  Probability to reveal Pr m m  k  missing pair  Pr m =0 NOT, m  k  Pr m = [1-(1-p) m ] l

44 Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

45 Virtual I/O Automaton I/O Automaton A Implemented by the swarm Global state (Global secret) Current state of A Replicated at least T  n times Regain consistency ensures: At least T+lp+f replicas of the global state At most T-f-1 replicas of any other state Global output Output with at least T  n replicas Threshold device

46 Virtual I/O Automaton Secret share Tuple  s i1,s i2,…,s im  of candidates At most 1 state is the global state Step(  ) transition step on s i1,s i2,…,s im and  New tuple of candidates:  s’ i1,s’ i2,…,s’ im  Output actions  o i1,o i2,…,o im  At least T replicas of the global output

47 Talk Outline Introduction & motivation The problem Swarm Settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

48 polynomial based solution Addition & multiplication Error correcting [Berlekamp-Welch] Chinese remaindering based solution Addition Error correcting [Mandelbaum] Virtual I/O automaton Mask the global state Further results: Vandermonde matrix Support XOR operations

49 Thank You!

Download ppt "Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University,"

Similar presentations

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Optical Architecture for (Restricted) Exponential Time Hard Problems Nova Fandina Ben-Gurion University of the Negev, Israel Joint work with: Prof. Shlomi.

Optical Architecture for (Restricted) Exponential Time Hard Problems Nova Fandina Ben-Gurion University of the Negev, Israel Joint work with: Prof. Shlomi.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Multi-Party Computation Forever for Cloud Computing and Beyond Shlomi Dolev Joint works with Limor Lahiani, Moti Yung, Juan Garay, Niv Gilboa and Vladimir.

Multi-Party Computation Forever for Cloud Computing and Beyond Shlomi Dolev Joint works with Limor Lahiani, Moti Yung, Juan Garay, Niv Gilboa and Vladimir.
Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.

Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Assignment of Different-Sized Inputs in MapReduce Shantanu Sharma 2 joint work with Foto N. Afrati 1, Shlomi Dolev 2, Ephraim Korach 2, and Jeffrey D.

Assignment of Different-Sized Inputs in MapReduce Shantanu Sharma 2 joint work with Foto N. Afrati 1, Shlomi Dolev 2, Ephraim Korach 2, and Jeffrey D.
Ch12. Secret Sharing Schemes

Ch12. Secret Sharing Schemes
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul.

Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul.
1 Data Persistence in Large-scale Sensor Networks with Decentralized Fountain Codes Yunfeng Lin, Ben Liang, Baochun Li INFOCOM 2007.

1 Data Persistence in Large-scale Sensor Networks with Decentralized Fountain Codes Yunfeng Lin, Ben Liang, Baochun Li INFOCOM 2007.
1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.

1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

Similar presentations

Ads by Google