Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret Sharing Schemes using Visual Cryptography

Published byMarkku Hiltunen Modified over 6 years ago

Similar presentations

Presentation on theme: "Secret Sharing Schemes using Visual Cryptography"— Presentation transcript:

1 Secret Sharing Schemes using Visual Cryptography
A. Sreekumar Department of Computer Applications Cochin University of Science And Technology address : sreekumar&cusat.ac.in

2 Objectives What are Secret Sharing Schemes
Applications of Secret Sharing Schemes Classification of Secret Sharing Schemes Basic idea behind Secret Sharing Schemes Different methods for Secret Sharing Schemes Different Schemes

3 Keywords Share Access Structure Prohibited Structure Threshold
Visual Cryptography Block Design

4 Introduction Secret Sharing Schemes
Secret sharing schemes enable a dealer, holding a secret piece of information, to distribute this secret among n participants such a way that only some predefined authorized subsets of participants can reconstruct the secret from their shares and others learn nothing about it. Access Structure Let P be the set of participants. The collection of subsets of participants that can reconstruct the secret in this way is called access structure (denoted by ).

5 Prohibited Structure The collection of subsets of participants that cannot reconstruct the secret is called prohibited structure (denoted by ). Natural restrictions The natural restriction is that  is monotonic increasing, and  is monotonic decreasing, that is if A   and A  B  P, then B   , and if A   and B  A  P, then B  . It is unrealistic to believe other schemes exist. If  = 2P \  , then we say the structure (,) is complete

6 Threshold Schemes  = { A | A  P and |A|  m} and  = { A | A  P and |A|  m-1}, the secret sharing scheme is called an (m, n)-threshold scheme, where |P| = n. i.e., secret can be reconstructed if any m or more shares are available. Perfect Scheme A secret scheme is perfect if any set of participants in the prohibited structure  obtains no information regarding the secret

7 Applications of Secret Sharing Schemes
Secure information storage Key establishment on Smart cards Safeguard cryptographic keys from loss Purely Mathematical importance Password protection

8 Secure information storage
Most of the business organizations need to protect the data from disclosure. As the world is more connected by computers, the hackers, power abusers are also increased and most organization afraid to store data in a computer. So there is a need of a method to distribute the data at several places and destroy the original one. When a need of original data arises, it could be reconstructed from the distributed shares

9 Example: Let the secret be “attack” Suppose there are five participants, A through E. Let the secret is encoded as Generate 4 rows of 6 random numbers between [0..25]

10 A : B : C : D : Here E is found such a way that ej = s - (aj + bj+ cj +dj)(26). E : The secret can be computed as aj + bj+ cj +dj + ej (26) S :

11 A: J N R C Y H B: V L I F O X C: G M O D U M D: K F B Z T E E: G E V R D Q Here all the shares are necessary to reconstruct the secret. But, generally it need not be the case.

12 Classification of Secret Sharing Schemes
Based on the access structure and prohibited structures, the secret sharing schemes are classified into the following types Type I A Secret sharing scheme for the access structure  is a method of sharing a secret among a finite set of participants in such a way that only subsets of participants in  can recover the secret while other subsets cannot. That is,  (= 2P \ ) is implied

13 Type II A Secret sharing scheme for the prohibited structure  is a method of sharing a secret among a finite set of participants in such a way that only subsets of participants in  cannot recover the secret while other subsets can. That is,  (= 2P \ ) is implied

14 Type III A Secret sharing scheme for the mixed structure (, ) is a method of sharing a secret among a finite set of participants in such a way that subsets of participants in  can recover the secret, but subsets of participants in  cannot recover the secret . That is, the privileges of subsets in 2P \ (  ) are not cared. Any subset of participants in 2P \ (  ) may either recover the secret or not. Note that    =  and     2P.

15 Basic idea behind (t, n) threshold Schemes
When t = n, it is very easy, as in the case of previous example, generate n-1 random numbers, say r1, r2, … rn-1 and compute rn = S - (r1 + r2 + … + rn-1 ) modulo M. One can easily see that r1, r2, … rn can be considered as the n shares for the secret, and be distributed to each participants. Here, the modulo M operation may be replaced by XOR using data values of fixed bit-length.

16 When t < n All the shares are not necessary to reconstruct the secret. i.e., some shares are redundant in some sense. Shamir’s Scheme : Based on Lagrange’s interpolation formula There is a unique polynomial of degree at most t-1 which passes through n points, but the polynomial passes through infinitely many points.

17 So let the secret M be interpreted as a number mod p, is the constant term of a random polynomial of degree (at most) t-1, and evaluate the polynomial at n different points, say (x1, y1) , (x2, y2) , ……, (xn, yn). These points could be thought of as the n shares. Clearly any t shares uniquely determines the polynomial and hence the secret can be constructed.

18 Properties of Shamir’s Schemes:
Perfect - Ideal – size of one share is the size of the secret Extendable to new users No unproven assumptions Disadvantage As large amount of computation is involved in the Lagrange’s interpolation formula, it is not always recommended.

19 Combinatorial structures
Latin square can be used as a scheme We can reconstruct the Latin square, if any two of the coloured numbers (with position) are known. 2 1 3

20 Visual Cryptography The decoding process of a visual cryptography scheme, which differs from traditional secret sharing, does not need complicated cryptographic mechanisms and computations. Instead, it can be decoded directly by simple computation

21

22 (2,7) scheme Share for 1 Share for 0 A 1 B C D E F G ≥ 4/7 = 3/7

23 Combining Any Two rows of share for 1 will give Four or more 1’s   Where as if we do the same for share for 0, We get only two 3’s

24 Permutations 1 2 3

25 Combining Any Two rows of share for 1
Share for 1 Share for 0 (2,9) Scheme A 1 Combining Any Two rows of share for 1 will give Three or more 1’s Where as if we do the same for share for 0, We get only two 1’s. B C D E F G H I

26 (n, n) scheme Seven bit secret is converted to an 8 bit number by inserting an invalid random bit at the left. Example : Let the Secret is the right most 7 bits of Generate n-2 rows of 8 bit Random numbers having 4 0’s and 4 1’s

27 XOR ing the shares with secret we get Because of odd # of 1’s in it, make it even by changing leftmost 0 to 1.

28 So we get Make to shares 1 … … … 0 …1 0 and … … …. 1 …0 1 Fill the dot’s randomly by needed 0’s and 1’s. Example :

29 (t, n) Scheme with t  3 For a (t,n) scheme, the shares for 0 cannot be same for all participants as before, because, if two shares are same, then a third share is not necessary to know that the corresponding bit. It must be 0.Since the logical addition favours towards 1, it is unlikely that the shares for zero will have more than two 1’s. So the scarcity of 1’s in a share, is a symptom that the bit to be 0. So the secret reconstruction must be little more complex than just logical OR. One can try for XOR. Infact XOR is more suitable because it doesn’t favour to either 0 or 1.

30 Problems that can occur with XOR:
If the shares of more than the minimum number of participants are known, whether the extra shares have to be considered for reconstruction of the secret or not, has to be decided. It may happen that by considering additional share, the result may differ. In such cases, the reconstruction algorithm should discard extra shares. It may also be noted that considering extra shares may slow down the reconstruction procedure. So there is nothing wrong in discarding extra shares.

31 A (3,5)-threshold scheme Share for 1 Share for 0 A 1 B C D E

32 Tthe reconstruction procedure is as follows:
·              Take only 3 shares, if more than 3 shares are available. ·              XOR the shares block wise and count the number of 1’s. ·              If this number is > 4 the secret bit is 1, otherwise 0. We can see that if we XOR two shares, in either case we get two 1’s in each block. So, one cannot conclude whether it is 1 or 0.

33 AB 1 2 AC AD AE BC BD BE CD CE DE

34 ABC 1 6 2 ABD ABE ACD ACE ADE BCD BCE BDE CDE

35 References [1] G.R. Blakley. Safeguarding Cryptographic keys. Proc. N.C.C. AFIPS Conference Proceedings 48, Vol. 48, pp , 1979 [2] Adi Shamir How to Share a Secret. Communications of the ACM, 22(11): , 1979. [3] Moni Naor and Adi Shamir, Visual Cryptography, EUROCRYPT 1994, pp1–12

36 References ……. [4] J.C. Benaloh and J. Leichter, Generalized Secret sharing and Monotone Functions, Proceedings of Crypto ’88, Advances in Cryptology, Lecture Notes in Computer Science, vol. 403, S. Goldwasser, Ed.,Springer-Verlag, 1990,pp 27-35

37 Conclusion Originally motivated as secure information storage, secret sharing schemes have found numerous other applications Visual cryptography is much more faster than traditional cryptography Sources of various methods has to be investigated.

38 QUESTIONS

39 Thank you

Download ppt "Secret Sharing Schemes using Visual Cryptography"

Similar presentations

Visual Cryptography Moni Naor Adi Shamir Presented By:

Visual Cryptography Moni Naor Adi Shamir Presented By:
Schema Refinement: Normal Forms

Schema Refinement: Normal Forms
How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.

How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.
Ch12. Secret Sharing Schemes

Ch12. Secret Sharing Schemes
Visual Cryptography Jiangyi Hu Jiangyi Hu, Zhiqian Hu2 Visual Cryptography Example Secret sharing Visual cryptography Model Extensions.

Visual Cryptography Jiangyi Hu Jiangyi Hu, Zhiqian Hu2 Visual Cryptography Example Secret sharing Visual cryptography Model Extensions.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim.

Broadcast Encryption and Traitor Tracing Jin Kim.
Secret Sharing Algorithms

Secret Sharing Algorithms
The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.

The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.
Basic Concepts in Number Theory Background for Random Number Generation 1.For any pair of integers n and m, m  0, there exists a unique pair of integers.

Basic Concepts in Number Theory Background for Random Number Generation 1.For any pair of integers n and m, m  0, there exists a unique pair of integers.
Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.

Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.
Visual Cryptography Advanced Information Security March 11, 2010 Presenter: Semin Kim.

Visual Cryptography Advanced Information Security March 11, 2010 Presenter: Semin Kim.
Riyadh Philanthropic Society For Science Prince Sultan College For Woman Dept. of Computer & Information Sciences CS 251 Introduction to Computer Organization.

Riyadh Philanthropic Society For Science Prince Sultan College For Woman Dept. of Computer & Information Sciences CS 251 Introduction to Computer Organization.
Visual Cryptography Hossein Hajiabolhassan Department of Mathematical Sciences Shahid Beheshti University Tehran, Iran.

Visual Cryptography Hossein Hajiabolhassan Department of Mathematical Sciences Shahid Beheshti University Tehran, Iran.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.

The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.
1 Lect. 19: Secret Sharing and Threshold Cryptography.

1 Lect. 19: Secret Sharing and Threshold Cryptography.
Non-transitivity and Probability Steven Kumer Advised by Dr. Bryan Shader.

Non-transitivity and Probability Steven Kumer Advised by Dr. Bryan Shader.
Secret Sharing Schemes: A Short Survey. 3742 2538 344113296634 Secret Sharing 2.

Secret Sharing Schemes: A Short Survey Secret Sharing 2.
Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes

Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes

Similar presentations

Ads by Google