Presentation is loading. Please wait.

Presentation is loading. Please wait.

For ASIACRYPT 2018 Constructing Ideal Secret Sharing Schemes based on Chinese Remainder Theorem Fuyou Miao University of Science and Technology of China.

Published by允 程 Modified over 5 years ago

Similar presentations

Presentation on theme: "For ASIACRYPT 2018 Constructing Ideal Secret Sharing Schemes based on Chinese Remainder Theorem Fuyou Miao University of Science and Technology of China."— Presentation transcript:

1 For ASIACRYPT 2018 Constructing Ideal Secret Sharing Schemes based on Chinese Remainder Theorem Fuyou Miao University of Science and Technology of China Dec 6, 2018

2 Contributions Generalization of existing CRT-based (t,n)-SS from Integer Ring to Polynomial Ring Ideal (t,n)-SS based on CRT for Poly. Ring Shamir’s (t,n)-SS : a special case Weighted (t,n)-SS

3 Outline Two Typical Secret Sharing Schemes
(t,n)-Threshold Secret Sharing ( i.e., (t,n)-SS) Two Typical Secret Sharing Schemes Secret Sharing based on Polynomial Ring over Fp Both Types of SS as Special Cases Weighted (t,n)-SS Conclusion

4 (t,n)-Threshold Secret Sharing
t-Threshold, n- number of all shareholders A dealer divides a secret s into n pieces, allocates each piece to a shareholder as the share such that 1) any t or more than t shares can recover the secret; 2) less than t shares cannot obtain the secret;

5 S Share Distribution Secret Reconstruction
Dealer Secret: S Share Distribution Shareholder …… Share: s1 s2 s3 s100 s4 Secret Reconstruction S Fig 1. An example of (3,100)-SS

6 Applications of (t,n)-SS
Threshold Encryption Threshold Signature Secure Multiparty Computation Many security-related application protocols…

7 2 Typical (t,n)-SSs Share Distribution Secret Reconstruction
Shamir’s (t,n)-SS [23]* Share Distribution f(x)=a0+a1x+a2x2+…+at-1xt-1 mod p Secret: s=a0 Each Shareholder Ui : Public information-xi ∈Fp , private share--f(xi) Secret Reconstruction m (m≥t) shareholders, e.g. {U1,U2,…Um}, compute the secret as: *[23] Shamir, A.: How to share a secret. Communications of the ACM 22(11), (1979)

8 … … … Share distribution Secret Reconstruction
f(x)=a0+a1x+a2x2+…+at-1xt-1 mod p Secret: s=a0 Dealer Share distribution Shareholder Public Info: x1 Private Share: f(x1) xi f(xi) xi+1 f(xi+1) xn f(xn) xi+2 f(xi+2) Secret Reconstruction Secret: s = Fig 1. Shamir’s (t,n)-SS

9 Remarks Shamir’s (t,n)-SS uses Lagrange Interpolation over finite field Fp to recover the secret. Ideal scheme: Information rate 1; No information leaks to t-1 participants Most popular (t,n)-SS scheme cited over times -- google scholar

10 2 Typical (t,n)-SS Asmuth-Bloom’s (t,n)-SS[1] over 600 times of citation Share distribution: (Increasing sequence, pairwise coprime) (gap creation ) (range extension ) (share evaluation) [1]Asmuth,C., Bloom,J.:A modular approach to key safeguarding. IEEE transactions on information theory 29(2), (1983)

11 Awkward scheme[13-20][33]…
Secret Reconstruction Remark: Based on Chinese Remainder Theorem(CRT) for Integer Ring Not Ideal—information rate < 1 Hard to choose moduli due to the condition Awkward scheme[13-20][33]…

12 Questions Can we use CRT to build a (t,n)-SS as ideal as Shamir’s scheme? What is the connection between CRT based (t,n)-SSs and Shamir’s (t,n)-SS?

13 Our work Generalize Asmuth-Bloom’s (t,n)-SS from Integer Ring to Polynomial Ring General Scheme Ideal Scheme Prove Shamir’s (t,n)-SS is a special case of our Ideal Scheme Construct a weighted (t,n)-SS from General Scheme

14 Asmuth-Bloom’s (t,n)-SS
Our work Polynomial Ring over Fp Asmuth-Bloom’s (t,n)-SS (CRT for Integer Ring) 1.Our General Scheme 4. Weighted (t,n)-SS 2. Our ldeal Scheme 3. Shamir’s (t,n)-SS (Fp)

15 (t,n)-SS based on CRT for Polynomial Ring over Fp
General scheme Ideal scheme

16 Our General Scheme Setup Share Distribution
(ascending sequence, gap production)

17 Our General Scheme Secret Reconstruction

18 Our Ideal Scheme Only Difference in Setup

19 Surprising Gains from Our Ideal Scheme
Information rate=1, no info. leak Ideal scheme Quite easy to choose pairwise coprime modulus polynomials e.g. Shamir’s (t,n)-SS as a special case

20 Shamir’s (t,n)-SS as our special case
An instantiation of our ideal scheme with d0=1

21 Shamir’s (t,n)-SS as our special case
CRT for Polynomial Ring over Fp Lagrange Interpolation over Fp Shamir’s (t,n)-SS Our Ideal scheme xi : Public info. of shareholder Ui

22 Weighted (t,n)-SS based on our General Scheme
What is Weighted (t,n)-SS Each shareholder Ui in subset A has a weight wi ; secret can be recovered if

23 Weighted (t,n)-SS based on our General Scheme
More natural and easier to realize Weighted (t,n)-SS based on our scheme weight=deg(mi(x))= wi Shareholder with weight wi is allocated a modulus polynomial of degree wi

24 Conclusions General (t,n)-SS Scheme (Poly. Ring) Asmuth- Bloom’s (t,n)-SS (Integer Ring) Ideal (t,n)-SS Scheme  General (t,n)-SS Scheme Shamir’s scheme as a special case of Ideal (t,n)-SS Scheme Weighted (t,n)-SS  General (t,n)-SS Scheme

25 Asmuth-Bloom’s Scheme
Conclusions following schemes Potential as an alternative of both schemes Our scheme Asmuth-Bloom’s Scheme Shamir’s Scheme

26

Download ppt "For ASIACRYPT 2018 Constructing Ideal Secret Sharing Schemes based on Chinese Remainder Theorem Fuyou Miao University of Science and Technology of China."

Similar presentations

How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.

How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.
Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.

Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.
Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.

Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] 1706 2538344113296634 ? 1706 2 bad.

How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Secret Sharing Algorithms

Secret Sharing Algorithms
RSA Ramki Thurimella.

RSA Ramki Thurimella.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Announcements: SHA due Tuesday SHA due Tuesday Last exam Thursday Last exam Thursday Available for project questions this week Available for project questions.

Announcements: SHA due Tuesday SHA due Tuesday Last exam Thursday Last exam Thursday Available for project questions this week Available for project questions.
Prelude to Public-Key Cryptography Rocky K. C. Chang, February 2014 1.

Prelude to Public-Key Cryptography Rocky K. C. Chang, February
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Network and Computer Security (CS 475) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson.

1 Network and Computer Security (CS 475) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson.
A novel DRM framework for peer-to- per music content delivery Authors: Jung-Shian Li, Che-Jen Hsieh, Cheng-Fu Hung Source: 2010, Journal of Systems and.

A novel DRM framework for peer-to- per music content delivery Authors: Jung-Shian Li, Che-Jen Hsieh, Cheng-Fu Hung Source: 2010, Journal of Systems and.
Optimizing Robustness while Generating Shared Secret Safe Primes Emil Ong and John Kubiatowicz University of California, Berkeley.

Optimizing Robustness while Generating Shared Secret Safe Primes Emil Ong and John Kubiatowicz University of California, Berkeley.
Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May.

Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May.
10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.

10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.
The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.

The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu.
28 September 2005 Secret Sharing Amin Y. Teymorian Department of Computer Science The George Washington University.

28 September 2005 Secret Sharing Amin Y. Teymorian Department of Computer Science The George Washington University.
1 Lect. 19: Secret Sharing and Threshold Cryptography.

1 Lect. 19: Secret Sharing and Threshold Cryptography.
Secure Computation Lecture 17-18 Arpita Patra. Recap >Three orthogonal problems- (n,t)-sharing, reconstruction, multiplication protocol > Verifiable Secret.

Secure Computation Lecture Arpita Patra. Recap >Three orthogonal problems- (n,t)-sharing, reconstruction, multiplication protocol > Verifiable Secret.

Similar presentations

Ads by Google