Secret Sharing Nisarg Raval Sep 24, 2014 Material is adapted from CS513 lecture notes.

Slides:



Advertisements
Similar presentations
MPC for Comparing Two Shared Secrets without Bit-Decomposition Takashi Nishide * Kazuo Ohta The University of Electro-Communications * Hitachi Software.
Advertisements

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
1 Visual Cryptography: Secret Sharing without a Computer Ricardo Martin GWU Cryptography Group September 2005.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Cryptography and Network Security
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Mar 25, 2003Mårten Trolin1 Previous lecture – smart-cards Card-terminal authentication Card-issuer authentication.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Bob can sign a message using a digital signature generation algorithm
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Aggregation in Sensor Networks
1 Secure Ad-Hoc Network Eunjin Jung
Cryptography, Authentication and Digital Signatures
James Higdon, Sameer Sherwani
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
1 Secret Sharing. 2 Suppose you and your friend accidentally discovered a map that you believe would lead you to an island full of treasure. You and your.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Secret Sharing and Key Escrow Supplemental Information for Cryptology Class Lecture slides by Richard Newman.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Private key
28 September 2005 Secret Sharing Amin Y. Teymorian Department of Computer Science The George Washington University.
1 Lect. 19: Secret Sharing and Threshold Cryptography.
Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,
Key Management and Distribution Anand Seetharam CST 312.
Secret Sharing Schemes In cryptography, secret sharing schemes refers to any method for distributing a secret among a group of participants, each of which.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Secret Sharing (or, more accurately, “Secret Splitting”)
Cryptography CS 555 Lecture 22
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
Cryptology Design Fundamentals
Security: Integrity, Authentication, Non-repudiation
Cryptographic Protocols Secret Sharing, Threshold Security
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
Presentation transcript:

Secret Sharing Nisarg Raval Sep 24, Material is adapted from CS513 lecture notes (Cornell) CPS Computer Security

Why share a secret?

Goal Given a secret s and n parties a.All n parties together recover s b.Less than n parties can not recover s

Naive Scheme S=10011 S 1 = 100S 2 = 11 Concat shares to reveal secret - S = (S 1 )(S 2 ) = (100)(11) = High OrderLow Order What is the problem? - Think of a salary or password

Partial Disclosure Given a secret s and n parties a.All n parties together recover s b.Less than n can not recover any information about s

Generate Shares using XOR S= S 1 = RandS 2 = S XOR S 1 S = S 1 XOR S

General Scheme Given a secret s and n parties a.Generate n-1 random strings as first n-1 shares b.Last share is the bitwise XORing of s with all the other n-1 shares

General Scheme Given a secret s and n parties a.Generate n-1 random strings as first n-1 shares b.Last share is the bitwise XORing of s with all the other n-1 shares Security Check a.Can n parties generate s?

General Scheme Given a secret s and n parties a.Generate n-1 random strings as first n-1 shares b.Last share is the bitwise XORing of s with all the other n-1 shares Security Check a.Can n parties generate s? b.Can any n-1 parties generate s?

Example S=10011 S1S1 S2S2 S3S3 S2S2 S

Problem? S=10011 S1S1 S2S2 S3S3 S2S2 ? S can be constructed by 2 or more generals Less than 2 generals can not construct s

(n,t) Secret Sharing Given a secret s and n parties a.Any t or more parties can recover s b.Less than t parties have no information about s S=10011 S1S1 S2S2 S3S3 S2S2 S (3,2) secret sharing

(n,2) Secret Sharing (0,S) x y

(n,2) Secret Sharing (0,S) (x 1,y 1 ) (x 2,y 2 ) (x n-1,y n-1 )(x n,y n ) x y

(n,2) Secret Sharing (0,S) (x 1,y 1 ) (x 2,y 2 ) (x n-1,y n-1 )(x n,y n ) x y Shares

(n,2) Secret Sharing (0,S) (x 1,y 1 ) (x n-1,y n-1 ) x y

(n,2) Secret Sharing (0,S) (x 1,y 1 ) x y Exist a line for every S

(n,3) Secret Sharing (0,S)(x 1,y 1 ) (x 2,y 2 ) (x n-1,y n-1 ) (x n,y n )

Shamir’s Secret Sharing It takes t points to define a polynomial of degree t-1 Create a (t-1) - degree polynomial with secret as the first coefficient and the remaining coefficient picked at random Find n points on the curve and give one to each of the parties. At least t points are required to fit the polynomial and hence to recover secret Shamir, Adi (1979), "How to share a secret", Communications of the ACM y = a t-1 * x t-1 + a t-2 * x t-2 + … + a 1 * x + a 0

Use Case S1S1 S3S3 S2S2 (3,2) Secret Sharing Scheme (3,2) Secret Sharing Scheme Private Key

Problem? Time S1S1 S3S3 S2S2 S 1 compromised S 2 compromised S 1 + S 2 = Secret

Refresh Shares S1S1 S3S3 S2S2 Time Trusted Third Party S’ 1 S’ 3 S’ 2 S’’ 1 S’’ 3 S’’ 2

Refresh Shares S1S1 S3S3 S2S2 Time Trusted Third Party S’ 1 S’ 3 S’ 2 S’’ 1 S’’ 3 S’’ 2 S 1 compromised S’ 2 compromised can not construct secret

Proactive Secret Sharing S1S1 S S2S2 Server 1Server 2 Goal: without changing the secret, periodically update shares in a way that old shares are invalidated.

Proactive Secret Sharing S1S1 S S2S2 S 11 S 12 S 21 S 22 Server 1Server 2 Goal: without changing the secret, periodically update shares in a way that old shares are invalidated.

Proactive Secret Sharing S1S1 S S2S2 S 11 S 12 S 21 S 22 S 21 S 12 Exchange Partial Shares Server 1Server 2 Goal: without changing the secret, periodically update shares in a way that old shares are invalidated.

Proactive Secret Sharing S1S1 S S2S2 S 11 S 12 S 21 S 22 S 21 S 12 Exchange Partial Shares S’ 1 S’ 2 Server 1Server 2 Goal: without changing the secret, periodically update shares in a way that old shares are invalidated.

Proactive Secret Sharing S1S1 S S2S2 S 11 S 12 S 21 S 22 S 21 S 12 Exchange Partial Shares S’ 1 S’ 2 S Server 1Server 2 (S 11 + S 21 ) + (S 12 + S 22 ) Recover S

BitCoin Multi-Signature Addresses Related to, but different than secret sharing. Secret sharing: break a single secret into multiple shares. Multi-signature address: requires multiple signatures with different private keys (secrets) to authorize a transaction. Examples: 2 out of 2, 2 out of 3, 3 out of 5.

Opening the Vault

Summary Useful technique to distribute secret Confidentiality Reliability Each share must be as long as the secret itself Require random bits of length proportional to the number of parties as well as length of the secret

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.