Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN 317 12-03-2003.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

Secret Sharing Protocols [Sha79,Bla79]
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Secure Multiparty Computations on Bitcoin
A Perfect Threshold Secret Sharing Scheme to Identify Cheaters Marco Carpentieri Designs, Codes and Cryptography 5(3): , May 1995 Presented by Po-Kun.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Digital Signatures and Hash Functions. Digital Signatures.
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
Public Key Algorithms …….. RAIT M. Chatterjee.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.
Secure Multi-party Computations (MPC) A useful tool to cryptographic applications Vassilis Zikas.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.
Randomized Byzantine Agreements (Sam Toueg 1984).

Randomized and Quantum Protocols in Distributed Computation Michael Ben-Or The Hebrew University Michael Rabin’s Birthday Celebration.
Secret Sharing Algorithms
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Reliable Communication in Unknown Networks Lakshmi Subramanian Joint work with: Randy Katz, Volker Roth, Scott Shenker, Ion Stoica.
Key Establishment Techniques: Key Distribution and Key Agreement
Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Introduction to Public Key Cryptography
Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
Topic 22: Digital Schemes (2)
Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.
Section 4.4: The RSA Cryptosystem Practice HW Handwritten and Maple Exercises p at end of class notes.
1 Public-Key Cryptography and Message Authentication.
Welcome to to Autumn School! Some practical issues.
DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.
On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase Ronald Cramer, Ivan Damgard, Serge Fehr.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.
PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.
28 September 2005 Secret Sharing Amin Y. Teymorian Department of Computer Science The George Washington University.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg May 1993 Adviser:
1 Lect. 19: Secret Sharing and Threshold Cryptography.
Secure Computation Lecture Arpita Patra. Recap >Three orthogonal problems- (n,t)-sharing, reconstruction, multiplication protocol > Verifiable Secret.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
COM 5336 Lecture 8 Digital Signatures
Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation Michael Ben-Or Shafi Goldwasser Avi Wigderson Lecture: Mickey Hakimi.
Secret Sharing Schemes: A Short Survey Secret Sharing 2.
Zero Knowledge r Two parties:  All powerful prover P  Polynomially bounded verifier V r P wants to prove a statement to V with the following properties:
MinJi Kim, Muriel Médard, João Barros
The Round Complexity of Verifiable Secret Sharing
On the Power of Hybrid Networks in Multi-Party Computation
Threshold RSA Cryptography
Cheating and Prevention in Visual Secret Sharing
Homework #3 Consider a verifyable secret sharing scheme (VSS) based on Shamir's polynomial secret sharing as follows. A dealer has a secret S, a public.
Presentation transcript:

Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN

Introduction •Verifiable Secret Sharing •n>=2t+1 where t are cheaters •k>t required to reconstruct secret •Assumes private communication and group broadcast (for dishonest dealers) •Information checking for authentication  Weak Secret Sharing – may not always complete with dishonest dealers

Example Application •Company checks require secret key authentication •3 of the 20 Vice presidents must approve check •Any 2 can not decipher the key •Can also distribute key to CEO

(k,n) secret sharing scheme •Shamir How to share a secret •q(x)=D+a 1 x+... +a k-1 x k-1 •D=Data to be shared •a=k-1 random numbers •Pick (n>=k) random unique values of x •Distribute x, q(x) to each n •Any k together can interpolate D

Linear Example (k=2)

Quadratic Example (k=3)

Interpolation •k=2, y=mx+b for 2 points •k=3, y=m 1 x 2 +m 2 x+b for 3 points •k equations, k unknowns •Entire polynomial is reconstructed to recreate secret

Motivation  Shamir ’ s algorithm doesn ’ t work with dishonest players  Need to detect cheaters – use digital signatures or information checking •Byzantine Agreements possible •Exponentially small probability of error

Information Checking • Dealer hands information to intermediary, then later delivers to recipient • Must assure reliable, correct, and secure delivery • The dealer D chooses two random numbers b, y and computes c=sb+y. • The dealer hands to INT the values s and y. • The dealer hands to R b, c • INT will transmit s and y to the recipient R. • R will compute sb + y and will accept if it equals c.

Terminology  Players: participants, 2 types Knights – honest, Knaves – dishonest •Dealer: coordinator, could also be a player •Adversary: any knight may become a knave at any time dynamically •All computations done modulus a large prime

Weak Secret Sharing  Use Shamir ’ s secret sharing scheme •Verify all data using Information Checking for all other nodes •Secretly communicate sharing data, but broadcast checking data •Require n>=2t+1 where t are cheaters, pick k required for secret sharing >t

Analysis •Probability of failure < k 2 n/2 k •6 rounds of communication •4n 2 k messages per round •2kn computations per round

Verifiable Secret Sharing •If a player is determined to be a cheater by using Information Checking, then broadcast sharing data from the dealer •Share 2 values and check the sum •Zero knowledge proof •Protocol must complete so check that all players have properly received the share

Analysis •Probability of failure < 7k 2 n 4 /2 k •14 rounds of communication •4n 3 k 2 messages per round •2k 2 n 2 computations per round

Conclusion •Weak Secret Sharing much simpler than Verifiable Secret Sharing •If the dealer is known to be honest, there are less rounds and no need for broadcasting •Information checking can be used in other applications

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.