An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, ICCCAS International Conference on Volume 1, June 2004 Page(s): Vol.1 Presented by Yu-Sheng Chen
Introduction: Secret Sharing Scheme Access structure secret sharing scheme –designate certain authorized groups of participants (who can use their shares to recover the secret) Adversary structure secret sharing scheme (prohibited structure) –specify the subsets of participants that may be corrupted at the same time (who can not use their shares to recover the secret)
Adversary structure Notation 1 Let P={ p 1, …, p n } be the set of participants S is the master secret and the partitions of S = [S 1, …, S m ] The adversary structure is and β is monotone : The Maximal adversary structure is
Notation 1 Illustration P={a,b,c,d} adversary structure β={ {a}, {b}, {a,b}, {b,c} } Maximal adversary structure β max ={ {a,b}, {b,c} } b c a a b c d d
Adversary structure Notation 2 A secret sharing scheme about S is a mapping Π realizes adversary structure β if it satisfies –(1) Reconstruction Property: –(2) Perfect Property: (i.e. S and S’are indistinguishable for X) (Is this definition the same as “ ” ?)
Adversary Structure Secret Sharing Scheme Step 1 –Compute β max from adversary structure β –We denote Step 2 –Let –We call the write structure of the secret sharing. Step 3 –Secret S is split into –The share of participant p is
Example and Illustration ωβωβ p1p2p3p4p5 W 1 = W 2 = W 3 = β max p1p2p3p4p5 β 1 =10110 β 2 =11000 β 3 =00011 p1 p2 p3 p4 p5 β1β1 β2β2 β3β3 S3S3 S1S3S1S3 S2S3S2S3 S2S2 S1S2S1S2 Example: X={ p1, p5 } q(X)={ S 1, S 2, S 3 } X can recover S Y={ p1, p2 } q(Y)={ S 1, S 3 } Y cannot recover S
Proof of Its Correctness Theorem The scheme described above realizes adversary structure β Proof –We need to prove that the scheme satisfies Reconstruction property Perfect property
B j Reconstruction property pf X
Perfect property pf X B i S 1 +…+ [S i +(S’-S)] +…+S m = S+(S’-S) = S’
Reduction Define the equivalence relation ~ as : iff “ ” The paper proves that removing p j from the original secret sharing scheme does not matter (Theorem 2, 3, and 4). The reduced scheme still preserves the Reconstruction property and Perfect Property.
If p i ~p j Then p i and p j have the same share Thus removing p j from the scheme dose not matter.
Conclusion An adversary structure secret sharing scheme –specify the subsets of participant who can not recover the secret The scheme –Prove the reconstruction and perfect property –Efficiency It performs modular additions and subtractions. The scheme can be slightly reduced