How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] 1706 2538344113296634 ? 1706 2 bad.

Slides:



Advertisements
Similar presentations
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Advertisements

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Secret Sharing Algorithms
Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:
Privacy Preserving Data Mining Yehuda Lindell & Benny Pinkas.
Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Bit-level based secret sharing for image encryption Rastislav Lukac, Konstantinos N. Plataniotis Presented by Du-Shiau Tsai Pattern Recognition 38 (2005)
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Aggregation in Sensor Networks
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
Topic 22: Digital Schemes (2)
On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.
Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.
Visual Cryptography Advanced Information Security March 11, 2010 Presenter: Semin Kim.
DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.
1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
On the Cryptographic Complexity of the Worst Functions Amos Beimel (BGU) Yuval Ishai (Technion) Ranjit Kumaresan (Technion) Eyal Kushilevitz (Technion)
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class.
The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.
Secret Sharing Non-Shannon Information Inequalities Presented in: Theory of Cryptography Conference (TCC) 2009 Published in: IEEE Transactions on Information.
28 September 2005 Secret Sharing Amin Y. Teymorian Department of Computer Science The George Washington University.
1 Lect. 19: Secret Sharing and Threshold Cryptography.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Verifiable Distributed Oblivious Transfer and Mobile-agent Security Speaker: Sheng Zhong (joint work with Yang Richard Yang) Yale University.
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
Secret Sharing Schemes: A Short Survey Secret Sharing 2.
Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Security Outline Encryption Algorithms Authentication Protocols
Advanced Computer Networks
Secret Sharing (or, more accurately, “Secret Splitting”)
Chap 6: Security and Protection
Cryptography CS 555 Lecture 22
Cryptographic protocols 2014, Lecture 8 multi-round and multi-party
Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems Omer Barkol Yuval Ishai Technion.
PART VII Security.
Secret Sharing: Linear vs. Nonlinear Schemes (A Survey)
A Secret Enriched Visual Cryptography
New Frontiers in Secret Sharing
Oblivious Transfer.
Secure Diffie-Hellman Algorithm
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Presentation transcript:

How to Share a Secret Amos Beimel

Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad

02/11/2010BGU - Graduate Day3 Applications Original motivation: Secure storage Building box for cryptographic protocols  Secure multiparty computation  Threshold cryptography  Byzantine agreement  Access control  Private information retrieval  Attribute-based encryption  Generalized oblivious transfer

02/11/2010BGU - Graduate Day4 –Input: secret –Choose at random a bit –Share of P 1 : –Share of P 2 : 2-out-of-2 Secret Sharing Scheme

02/11/2010BGU - Graduate Day5 Shamir’s t-out-of-n Secret Sharing Scheme –Input: secret s –Choose at random a polynomial p(x)=s+r 1 x+r 2 x 2 +…+ r t-1 x t-1 –Share of P j : s j = p(j ) s

Open Question: Generalized Secret Sharing Not all sets are equal. There is a collection  of authorized sets –Correctness: Every authorized set can recover s. –Privacy: Every unauthorized set cannot learn s. Are there efficient schemes for every  ? –number of parties: n –Upper bound 2 O(n) –Lower bound n 2 /log n Open problem: 02/11/2010BGU - Graduate Day6