Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May.

Published byLucy Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May."— Presentation transcript:

1 Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May 2010.

2 Outline Multipartite access structure Relate work: – Asmuth-Bloom’s (t, n) secret sharing scheme – Galibus and Matveev (GM) algorithm for polynomial ring in General Access Structure (based on M) Proposed method – Proposed 1: Modified GM algorithm for integer (based on A-B) – Proposed 2: Splitting-based secret sharing scheme Conclusion

3 Multipartite access structure (1/5) The set of players is divided into K different disjoint classes P 1, P 2,…, P K classes; All players of the same class play the same role in the structure.

4 Multipartite access structure (2/5) K-partite can be represented by a set of K-tuple vectors. Ex: Γ={(3, 4), (4, 2)} – Each vector is an authorized combination, (3, 4) is a authorized combination (4, 2) is the other authorized combination – The ith entry in a vector denoting the required number of participants from P i in that authorized combination. (3, 4) means at least 3 users from P 1 and 4 from P 2. – {(|P 1 |  3 and |P 2 |  4) or (|P 1 |  4 and |P 2 |  2)}

5 Multipartite access structure (3/5) Ex: Γ={(3, 4), (4, 2)}, |P 1 |=|P 2 |=5, we can find corresponding (3, 4)  Γ (4, 2)  Γ (2,1)(1,3) (2,2)(2,3) (3,3) (2,4)(4,3) (2,5)(5,3) (3,1)(1,1) (3,2)(2,1) (3,3)(3,1) (3,4)(4,1) (3,5)(5,1)

6 Multipartite access structure (4/5) Ex:, |P 1 |=|P 2 |=5, we can find corresponding Γ={(3, 4), (4, 2)}, (3,1)(1,6) (3,2)(2,6) (3,3)(3,6) (3,4)(4,6) (3,5)(5,6) (6,1)(1,2) (6,2)(2,2) (6,3)(3,2) (6,4)(4,2) (6,5)(5,2) (4,1)(1,4) (4,2)(2,4) (4,3)(3,4) (4,4) (4,5)(5,4)

7 Multipartite access structure (5/5) Any access structure defined on a set of n users is trivially n-partite – We can always take P 1 = {1}, …,P n = {n}. – But, we usually want to consider the minimum possible number of classes. Ex1: (2,3)-threshold transform to 3-partite – Γ={(1,1,0), (1,0,1),(0,1,1)} Ex2: Γ={{1,4}, {2,3}} transform to 4-partite – Γ={(1,0,0,1), (0,1,1,0)}

8 questations 1.Multiple assignment 是否只對 Shamir 有意 義 ?( 因為 CRT 可輕易合併 share ,沒有多個 share 問題 ) – 考慮 information rate 2.CRT 是否就是 single assignment? 3.CRT 如何解 GAS

9 [ 補充 ]access structures Threshold access structures [1], Access structures defined by graphs [2], Star access structures [3], Those with at most five players [4], Bipartite access structures [5], Hierarchical threshold access structures [6, 7], Weighted threshold access structures [8]. Reference to :2006_New results on multipartite access structures

10 Relate work Asmuth-Bloom secret sharing scheme – C. Asmuth and J. Bloom. “A modular approach to key safeguarding,“ IEEE Transactions on Information Theory, 29(2):208–210, 1983. – The property of (  n/2 , n) Asmuth-Bloom sequence – K. Kaya and A. A. Selcuk. A veriable secret sharing scheme based on the Chinese Remainder Theorem. In Proc. of INDOCRYPT 2008, volume 5365 of LNCS, pages 414–425. Springer-Verlag, 2008. Galibus and Matveev (GM) algorithm for polynomial ring – T. Galibus and G. Matveev. “Generalized Mignotte’s sequences over polynomial rings,“ Electronic Notes on Theoretical Computer Science, 186:43–48, 2007.

11 Asmuth-Bloom’s (t, n) secret sharing scheme (1/4) Based on the Chinese Remainder Theorem(CRT) (t, n) Asmuth-Bloom sequence: – a public sequence of coprime integers m 0 < m 1 < …< m n such that Qualified Min t m 1, m 2,…, m t Forbidden Max t  1 m n, m n  1,…, m n  t+2

12 Asmuth-Bloom’s (t, n) secret sharing scheme (2/4) Based on the Chinese Remainder Theorem(CRT) (t, n) Asmuth-Bloom sequence: – a public sequence of integers m 0 < m 1 < …< m n such that S j be the set of all subsets of P={1,2,…,n} of cardinality j. Compare with coprime integers

13 (t, n) secret sharing encoded: – Secret d  Z m 0 – y = d + Am 0 where A is a random positive integer such that y < M – Share y i = y mod m i for all 1  i  n Asmuth-Bloom’s (t, n) secret sharing scheme(3/4) Qualified Min t m 1, m 2,…, m t

14 (t, n) secret sharing decoded: – y is the unique solution modulo M of the system – Secret d = y mod m 0 Asmuth-Bloom’s (t, n) secret sharing scheme(4/4)

15 (  n/2 , n) Asmuth-Bloom sequence Lemma: An (  n/2 , n) Asmuth-Bloom sequence is a (k, n) Asmuth-Bloom sequence for all k such that 1  k  n. – Let t =  n/2  – Case1: Let 1  k < t. – Case2: Let t < k  n. 1 t n k Case 1Case 2 k

16 (  n/2 , n) Asmuth-Bloom sequence Let t =  n/2  Case1: Let 1  k < t. get 1 t n k Case 1

17 (  n/2 , n) Asmuth-Bloom sequence Let t =  n/2  Case2: Let t < k  n. get 1 t n k Case 2

18 Galibus and Matveev (GM) algorithm For polynomials, any access structure can be realized by using Mignotte SSS – for polynomial ring – in General Access Structure – (based on Mignotte’s sequence) Secret d, moduli m i, and shares y i are polynomials.

19 Galibus and Matveev (GM) algorithm Initial: m i (x) =1, for 1  i  n Iteration:

20

21 Proposed method Proposed 1: Modified GM algorithm for integer (based on A-B) Proposed 2: Splitting-based secret sharing scheme

22 Proposed 1: Modified GM algorithm for integer Based on A-B, find a prime m 0 (for specified bit length) For each, check all – Find prime p, and bit length of p is minimal 修改 : 符合標準 有問題

23

24 Proposed 2: Splitting-based secret sharing scheme k-partite, each part Pi has it’s (  n i /2 , n i ) Asmuth-Bloom sequence For each vector (authorized combination) – Using A-B’s scheme sharing subsecret d v,i into share y v,i For each participant l,

25

Download ppt "Secret Sharing for General Access Structure İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Information Security and Cryptology, Ankara, Turkey, May."

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Basic Number Theory.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Basic Number Theory.
Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.

Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.
Computability and Complexity

Computability and Complexity
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.

Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.
CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic

CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic
An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, 2004. ICCCAS 2004.

An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, ICCCAS 2004.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Chapter II. THE INTEGERS

Chapter II. THE INTEGERS
Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference.

Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu ICC IEEE International Conference.
Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.

Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.
Secret Sharing Algorithms

Secret Sharing Algorithms
Congruence of Integers

Congruence of Integers
Introduction Polynomials

Introduction Polynomials
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.

1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.
Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.

Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.

Similar presentations

Ads by Google