Lecture 13 Secret Sharing Schemes. Secret sharing schemes are multi-party protocols related to key establishment. The original motivation for secret sharing.

Slides:



Advertisements
Similar presentations
RSA.
Advertisements

Public Key Cryptosystem
Computer Security Set of slides 4 Dr Alexei Vernitski.
Secure Multiparty Computations on Bitcoin
Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of.
Ch12. Secret Sharing Schemes
Visual Cryptography Jiangyi Hu Jiangyi Hu, Zhiqian Hu2 Visual Cryptography Example Secret sharing Visual cryptography Model Extensions.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
Fractions.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Secret Sharing Algorithms
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Key Recovery and Secret Sharing -- Towards balancing the interests of individuals and those of governments --
Multiplication and Division Addition and Subtraction PracticeExponentsParenthesesHomeQuizIntroduction Objective and Standards Please Excuse My Dear Aunt.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.
Chapter 4: Intermediate Protocols
Aggregation in Sensor Networks
Lecture 10: Mental Poker Wayne Patterson SYCS 654 Spring 2010.
JFK-103B1W9 and JFK-103B3W9 This program is going to be used to learn about:  Decision Making Skills  Communication Skills  Team Building Skills and.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Based on Schneier Chapter 5: Advanced Protocols Dulal C. Kar.
Solving Algebraic Equations. How do I Solve Algebraic Equations? 1.What ever you add, subtract, multiply or divide to one side of the equation, you have.
Error Control Code. Widely used in many areas, like communications, DVD, data storage… In communications, because of noise, you can never be sure that.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
1 Secret Sharing. 2 Suppose you and your friend accidentally discovered a map that you believe would lead you to an island full of treasure. You and your.
Introduction to Quantum Key Distribution
Digital Signatures, Message Digest and Authentication Week-9.
Copyright 1999 S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 41b Cryptography and Its Applications.
Flipping coins over the telephone and other games.
Protocols Chapter 2 Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Kerberos Guilin Wang School of Computer Science 03 Dec
Lecture 13 Secret Sharing Schemes and Game. Secret sharing schemes are multi-party protocols related to key establishment. The original motivation for.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
COEN 351 E-Commerce Security
Secret Sharing and Key Escrow Supplemental Information for Cryptology Class Lecture slides by Richard Newman.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.
PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Private key
Pass the Buck Every good programmer is lazy, arrogant, and impatient. In the game “Pass the Buck” you try to do as little work as possible, by making your.
1 Lect. 19: Secret Sharing and Threshold Cryptography.
Cryptography CS Lecture 19 Prof. Amit Sahai.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Subnetting Made Easy? The “moving stick” and the “magic number” Jim Blanco Aparicio-Levy Technical Center.
Secret Sharing Schemes In cryptography, secret sharing schemes refers to any method for distributing a secret among a group of participants, each of which.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
CS580 Internet Security Protocols
Ch12. Secret Sharing Schemes
Secret Sharing (or, more accurately, “Secret Splitting”)
Cryptography CS 555 Lecture 22
Cryptographic Protocols (Secret Splitting)
Secret Sharing and Applications
Presentation transcript:

Lecture 13 Secret Sharing Schemes

Secret sharing schemes are multi-party protocols related to key establishment. The original motivation for secret sharing was the following. To safeguard cryptographic keys from loss, it is desirable to create backup copies. The greater the number of copies made, the greater the risk of security exposure; the smaller the number, the greater the risk that all are lost. Secret sharing schemes address this issue by allowing enhanced reliability without increased risk.

Outline  Scenarios for Secret Sharing  Secret Splitting  Threshold Schemes

1 Scenarios for Secret Sharing 1.1 For Secret Splitting Imagine that you ’ ve invented a new, extra gooey, extra sweet, cream filling or a burger sauce that is even more tasteless than your competitors ’. This is important; you have to keep it secret. You could tell only your most trusted employees the exact mixture of ingredients, but what if one of them defects to the competition? There goes the secret, and before long every grease palace on the block will be making burgers with sauce as tasteless as yours.

This calls for secret splitting. There are ways to take a message and divide it up into pieces. Each piece by itself means nothing, but put them together and the message appears. If the message is the recipe and each employee has a piece, then only together can they make the sauce. If any employee resigns with his single piece of the recipe, his information is useless by itself.

However, it has a problem: If any of the pieces gets lost, so does the message. If one employee, who has a piece of the sauce recipe, goes to work for the competition and takes his piece with him, the rest of them are out of luck. He can ’ t reproduce the recipe, but neither can work together. His piece is as critical to the message as every other piece combined.

1.2 For Threshold Schemes You ’ re setting up a launch program for a nuclear missile. You want to make sure that no single raving lunatic can initiate a launch. You want at least three out of five officers to be raving lunatics before you allow a launch. This is easy to solve. Make a mechanical launch controller. Give each of the five officers a key and require that at least three officers stick their keys in the proper slots before you ’ ll allow them to blow up whomever we're blowing up this week.

We can get even more complicated. Maybe the general and two colonels are authorized to launch the missile, but if the general is busy playing golf then five colonels are required to initiate a launch. Make the launch controller so that it requires five keys. Give the general three keys and the colonels one each. The general together with any two colonels can launch the missile; so can the five colonels. However, a general and one colonel cannot; neither can four colonels.

A more complicated sharing scheme, called a threshold scheme, can do all of this and more — mathematically. At its simplest level, you can take any message (a secret recipe, launch codes, your laundry list, etc.) and divide it into n pieces, called shares or shadows, such that any m of them can be used to reconstruct the message.

One can divide his secret sauce recipe among Alice, Bob, Carol, and Dave, such that any three of them can put their shadows together and reconstruct the message. If Carol is on vacation, Alice, Bob, and Dave can do it. If Bob gets run over by a bus, Alice, Carol, and Dave can do it. However, if Bob gets run over by a bus while Carol is on vacation, Alice and Dave can't reconstruct the message by themselves.

2 Secret Splitting 2.1 Dual Control by Modular Addition

2.1 Dual Control by Modular Addition (Continued)

2.2 Unanimous Consent Control by Modular Addition

2.2 Unanimous Consent Control by Modular Addition (Continued)

3 Threshold Schemes

3.1 Shamir ’ s Threshold Scheme

3.1 Shamir ’ s Threshold Scheme (Continued)

3.2 Vector Scheme

3.2 Vector Scheme (Continued)

3.3 Secret Sharing with Cheaters Colonels Alice, Bob, and Carol are in a bunker deep below some isolated field. One day, they get a coded message from the president: “ Launch the missiles. We ’ re going to eradicate the last vestiges of neural network research in the country. ” Alice, Bob, and Carol reveal their shares, but Carol enters a random number. She ’ s actually a pacifist and doesn't want the missiles launched. Since Carol doesn't enter the correct share, the secret they recover is the wrong secret. The missiles stay in their silos. Even worse, no one knows why.

3.3 Secret Sharing with Cheaters (Continued)

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.