Download presentation
Presentation is loading. Please wait.
Published byLucy Gaines Modified over 9 years ago
1
Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May 2010.
2
Outline Multipartite access structure Relate work: – Asmuth-Bloom’s (t, n) secret sharing scheme – Galibus and Matveev (GM) algorithm for polynomial ring in General Access Structure (based on M) Proposed method – Proposed 1: Modified GM algorithm for integer (based on A-B) – Proposed 2: Splitting-based secret sharing scheme Conclusion
3
Multipartite access structure (1/5) The set of players is divided into K different disjoint classes P 1, P 2,…, P K classes; All players of the same class play the same role in the structure.
4
Multipartite access structure (2/5) K-partite can be represented by a set of K-tuple vectors. Ex: Γ={(3, 4), (4, 2)} – Each vector is an authorized combination, (3, 4) is a authorized combination (4, 2) is the other authorized combination – The ith entry in a vector denoting the required number of participants from P i in that authorized combination. (3, 4) means at least 3 users from P 1 and 4 from P 2. – {(|P 1 | 3 and |P 2 | 4) or (|P 1 | 4 and |P 2 | 2)}
5
Multipartite access structure (3/5) Ex: Γ={(3, 4), (4, 2)}, |P 1 |=|P 2 |=5, we can find corresponding (3, 4) Γ (4, 2) Γ (2,1)(1,3) (2,2)(2,3) (3,3) (2,4)(4,3) (2,5)(5,3) (3,1)(1,1) (3,2)(2,1) (3,3)(3,1) (3,4)(4,1) (3,5)(5,1)
6
Multipartite access structure (4/5) Ex:, |P 1 |=|P 2 |=5, we can find corresponding Γ={(3, 4), (4, 2)}, (3,1)(1,6) (3,2)(2,6) (3,3)(3,6) (3,4)(4,6) (3,5)(5,6) (6,1)(1,2) (6,2)(2,2) (6,3)(3,2) (6,4)(4,2) (6,5)(5,2) (4,1)(1,4) (4,2)(2,4) (4,3)(3,4) (4,4) (4,5)(5,4)
7
Multipartite access structure (5/5) Any access structure defined on a set of n users is trivially n-partite – We can always take P 1 = {1}, …,P n = {n}. – But, we usually want to consider the minimum possible number of classes. Ex1: (2,3)-threshold transform to 3-partite – Γ={(1,1,0), (1,0,1),(0,1,1)} Ex2: Γ={{1,4}, {2,3}} transform to 4-partite – Γ={(1,0,0,1), (0,1,1,0)}
8
questations 1.Multiple assignment 是否只對 Shamir 有意 義 ?( 因為 CRT 可輕易合併 share ,沒有多個 share 問題 ) – 考慮 information rate 2.CRT 是否就是 single assignment? 3.CRT 如何解 GAS
9
[ 補充 ]access structures Threshold access structures [1], Access structures defined by graphs [2], Star access structures [3], Those with at most five players [4], Bipartite access structures [5], Hierarchical threshold access structures [6, 7], Weighted threshold access structures [8]. Reference to :2006_New results on multipartite access structures
10
Relate work Asmuth-Bloom secret sharing scheme – C. Asmuth and J. Bloom. “A modular approach to key safeguarding,“ IEEE Transactions on Information Theory, 29(2):208–210, 1983. – The property of ( n/2 , n) Asmuth-Bloom sequence – K. Kaya and A. A. Selcuk. A veriable secret sharing scheme based on the Chinese Remainder Theorem. In Proc. of INDOCRYPT 2008, volume 5365 of LNCS, pages 414–425. Springer-Verlag, 2008. Galibus and Matveev (GM) algorithm for polynomial ring – T. Galibus and G. Matveev. “Generalized Mignotte’s sequences over polynomial rings,“ Electronic Notes on Theoretical Computer Science, 186:43–48, 2007.
11
Asmuth-Bloom’s (t, n) secret sharing scheme (1/4) Based on the Chinese Remainder Theorem(CRT) (t, n) Asmuth-Bloom sequence: – a public sequence of coprime integers m 0 < m 1 < …< m n such that Qualified Min t m 1, m 2,…, m t Forbidden Max t 1 m n, m n 1,…, m n t+2
12
Asmuth-Bloom’s (t, n) secret sharing scheme (2/4) Based on the Chinese Remainder Theorem(CRT) (t, n) Asmuth-Bloom sequence: – a public sequence of integers m 0 < m 1 < …< m n such that S j be the set of all subsets of P={1,2,…,n} of cardinality j. Compare with coprime integers
13
(t, n) secret sharing encoded: – Secret d Z m 0 – y = d + Am 0 where A is a random positive integer such that y < M – Share y i = y mod m i for all 1 i n Asmuth-Bloom’s (t, n) secret sharing scheme(3/4) Qualified Min t m 1, m 2,…, m t
14
(t, n) secret sharing decoded: – y is the unique solution modulo M of the system – Secret d = y mod m 0 Asmuth-Bloom’s (t, n) secret sharing scheme(4/4)
15
( n/2 , n) Asmuth-Bloom sequence Lemma: An ( n/2 , n) Asmuth-Bloom sequence is a (k, n) Asmuth-Bloom sequence for all k such that 1 k n. – Let t = n/2 – Case1: Let 1 k < t. – Case2: Let t < k n. 1 t n k Case 1Case 2 k
16
( n/2 , n) Asmuth-Bloom sequence Let t = n/2 Case1: Let 1 k < t. get 1 t n k Case 1
17
( n/2 , n) Asmuth-Bloom sequence Let t = n/2 Case2: Let t < k n. get 1 t n k Case 2
18
Galibus and Matveev (GM) algorithm For polynomials, any access structure can be realized by using Mignotte SSS – for polynomial ring – in General Access Structure – (based on Mignotte’s sequence) Secret d, moduli m i, and shares y i are polynomials.
19
Galibus and Matveev (GM) algorithm Initial: m i (x) =1, for 1 i n Iteration:
21
Proposed method Proposed 1: Modified GM algorithm for integer (based on A-B) Proposed 2: Splitting-based secret sharing scheme
22
Proposed 1: Modified GM algorithm for integer Based on A-B, find a prime m 0 (for specified bit length) For each, check all – Find prime p, and bit length of p is minimal 修改 : 符合標準 有問題
24
Proposed 2: Splitting-based secret sharing scheme k-partite, each part Pi has it’s ( n i /2 , n i ) Asmuth-Bloom sequence For each vector (authorized combination) – Using A-B’s scheme sharing subsecret d v,i into share y v,i For each participant l,
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.