Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Problems of Perfect Multi- Secret Sharing Schemes Advisor: 阮夙姿教授 Presenter: 蔡惠嬋 Date: 2008/08/11 國立暨南國際大學資訊工程學系.

Published byCamilla Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Problems of Perfect Multi- Secret Sharing Schemes Advisor: 阮夙姿教授 Presenter: 蔡惠嬋 Date: 2008/08/11 國立暨南國際大學資訊工程學系."— Presentation transcript:

1 1 Problems of Perfect Multi- Secret Sharing Schemes Advisor: 阮夙姿教授 Presenter: 蔡惠嬋 Date: 2008/08/11 國立暨南國際大學資訊工程學系

2 2 Outline Introduction Topic 1: –A Perfect SSS on General Hypergraph-Based Prohibited Structure (G-HP Scheme) Topic 2: –MSSS for Proving Both Improvement Ratios –Two Optimal General MSSSs (GMS1, GMS2) Comparisons Conclusions

3 3 Secret Sharing Scheme (SSS) Introduction (1/4)

4 Introduction (2/4) 4 Secret Sharing Scheme (SSS) D : Distribution Algorithm R : Reconstruction Algorithm P1P1 P2P2 PnPn … D s s P1P1 P2P2 … R P t

5 Introduction (3/4) Dealer Participants P = {P 1, P 2, …, P n } Access structure (   2 P ) Prohibited structure (   2 P ) 5 x1x1 xnxn x2x2 P1P1 P2P2 PnPn … D s P = {P 1, P 2, P 3 }  = {{P 1, P 3 }, {P 2, P 3 }}  = {{P 1 }, {P 3 }, {P 1, P 2 }} P = {P 1, P 2, P 3 }  = {{P 1, P 3 }, {P 2, P 3 }}  = {{P 1 }, {P 3 }, {P 1, P 2 }}

6 (t, n)-threshold scheme (A. Shamir 1979, Blakley 1979) Information Rate (  )  = log(K) / log(S i ) A SSS is ideal if  = 1. 6 Introduction (4/4) K x y

7 7 Outline Introduction Topic 1: –A Perfect SSS on General Hypergraph- Based Prohibited Structure (G-HP Scheme) Topic 2: –MSSS for Proving Both Improvement Ratios –Optimal General MSSS Comparisons Conclusions and Future Work (r 1, r 2 )-HP Scheme G-HP Scheme

8 8 Preliminary – Hypergraph (1/2) Hypergraph H = (V, E) r-Uniform Hypergraph (r 1, r 2 )-Uniform Hypergraph General Hypergraph P1P1 P4P4 P2P2 P3P3 P5P5 P6P6 3-Uniform Hypergraph P1P1 P4P4 P2P2 P3P3 P5P5 P6P6 (2, 3)-Uniform Hypergraph General Hypergraph Source: Wikipedia

9 Preliminary - Related Work (2/2) 9 Graph Based

10 10 (r 1, r 2 )-Uniform Hypergraph H V(H) = P and |P| = n.  = {A| A  B for some B  E(H)}  {A | A  P and |A|  (r 1  1)}  = {A  P|  B  E(H), A  B and r 1  |A|  r 2 +1} Example: (2, 4)-HP Scheme  = {{P 1, P 5 }, {P 1, P 6 }, {P 2, P 5 }, {P 2, P 6 }, {P 1, P 2, P 3 }, {P 1, P 2, P 4 }, {P 1, P 3, P 4 }, {P 2, P 3, P 4 }}. (r 1, r 2 )-HP Scheme (1/3) P1P1 P2P2 P3P3 P4P4 P6P6 P5P5

11 11 (r 1, r 2 )-HP Scheme (2/3) P1P1 P2P2 P3P3 P4P4 P6P6 P5P5 (2, 4)-HP Scheme  = {{P 1, P 5 }, {P 1, P 6 }, {P 2, P 5 }, {P 2, P 6 } {P 1, P 2, P 3 }, {P 1, P 2, P 4 }, {P 1, P 3, P 4 }, {P 2, P 3, P 4 }}. Idea: Distribute a random number a i for each P i. Construct related polynomials. Distribution: Distribute a 1, a 2, …, a 6 to P 1, P 2, …, P 6. Construct f 1 (x) = K 2 x + K 1 mod q Construct f 2 (x) = A 21 x 2 + K 2 x + K 1 mod q

12 12 f 1 (x) = K 2 x +K 1 (mod q) f 2 (x) = A 21 x 2 + K 2 x + K 1 (mod q) P1P1 P2P2 P3P3 P4P4 P6P6 P5P5

13 13 G-HP Scheme (r 1, r 2, …, r v )-HP Scheme Distribute random numbers a 1, a 2, …, a n to P 1, P 2, …, P n. Observe Construct …

14 Information Rate  = log(K) / log(S i ) = 2/ (d +1), Comparisons between G-HA and G-HP schemes. 14 Performance Analysis G-HA Scheme 2007 G-HP Scheme 2008 Information Rate2 / (d +1) Public dataYesNo Time ComplexityO(mr 2 ) PerfectYes

15 15 Outline Introduction Topic 1: –A Perfect SSS on General Hypergraph-Based Prohibited Structure (G-HP Scheme) Topic 2: –MSSS for Proving Both Improvement Ratios –Optimal General MSSS Comparisons Conclusions and Future Work

16 16 Outline Introduction Topic 1: –A Perfect SSS on General Hypergraph-Based Prohibited Structure (G-HP Scheme) Topic 2: –MSSS for Proving Both Improvement Ratios –Two Optimal General MSSSs Comparisons Conclusions and Future Work GMS1 GMS2

17 17 Multi-SSS an extension of a single-SSS to deal with many secrets at the same time s1s1 s2s2 sMsM P1P1 P2P2 PnPn s1s1 s2s2 sMsM R P1P1 P2P2 P t … … …… D P1P1 P1P1 P2P2 P2P2 PnPn PnPn s s P1P1 P1P1 P2P2 P2P2 …… …… D D s s R R Preliminary(1/2)

18 Parameter Setup: P = {P 1, P 2, …, P n } s 1, s 2, …, s M : secrets x i : P i ’s secret share. h (r, s): two-variable one way function q : large prime 18 L. J. Pang, H. X. Li and Y. M. Wang, An Efficient and Secure Multi-Secret Sharing Scheme with General Access Structures, WUJNS, 2006. (PLW scheme)

19 19 GMS1 (1/2) x y f 1 (x) = s 1 + x mod q f 2 (x) = s 2 + x mod q f M (x) = s M + x mod q Secret Distribution: sisi f(d i,j )  h(r i, x i,j,1 )  h(r i, x i,j,2 )  …  h(r i, x i,j,k ) P i,j,1 P i,j,2 P i,j,k … x i,j,1 x i,j,2 x i,j,k h(r i, x i,j,1 )  h(r i, x i,j,2 )  …  h(r i, x i,j,k ) MSG i = { r i, h i,1, h i,2,…, h i,|  i | } Publish (d i,j, f(d i,j )) … d i,j = i  z + j, where z = max{n, |  1 |, |  2 |, …, |  M |} h i,j = Let  = (  1,  2, …,  M ) be the access structure for the secret s 1, s 2, …, s M, respectively. Say  i = {A i,1, A i,2, …, A i,|  i | }.

20 20 Secret Reconstruction: GMS1 (2/2) MSG i = { r i, h i,1, h i,2,…, h i,|  i | } P i,j,1 P i,j,2 P i,j,k … x i,j,1 x i,j,2 x i,j,k h(r i, x i,j,1 )  h(r i, x i,j,2 )  …  h(r i, x i,j,k ) h i,j  h(r i, x i,j,1 )  h(r i, x i,j,2 )  …  h(r i, x i,j,k ) x y sisi (d i,j, f(d i,j )) f i (d i,j ) – d i,j f i (x) = s i + x mod q f(d i,j ) =

21 x y f(d j )  h(r, x j,1 )  h(r, x j,2 )  …  h(r, x j,k ) 先直接公佈 l – 1 個點 P j,1 P j,2 P j,k … xj1xj1 xj2xj2 x jk h(r, x j,1 )  h(r, x j,2 )  …  h(r, x j,k ) Publish: MSG = { r, f(1), f(2), …, f(l – 1), h 1, h 2, …, h t } l 個秘密 {s 1, s 2,…, s l } (d j, f(d j )) Secret Distribution: 需要 l 個點 hj =hj = hj =hj = 21 GMS2 Observe access structures of each secret s i first.

22 Security Analysis (d i,j, f(d i,j )) must be computed by P k in A i,j by using his h(r i, x k ). Guessing probability of x i or f i (d i,j ) is the same. (1/q). Two variable one way function h(r i, x i,j ) 22 Security of GMS1 and GMS2 are the same as Shamir’s threshold scheme. Security of GMS1 and GMS2 are the same as Shamir’s threshold scheme.  Multi-use

23 23 Comparisons of general SSS (apply single secret) G-HPGMS1G-HATUMPLW IR2/(d+1)1 1/d1 Public Information Nok + 1  i=1 n (m i  c i ) No2(k + 1) PerfectYes Time ComplexityO(kr 2 )O(kr )O(kr 2 ) O(kr ) Comparisons (1/3 )

24 24 Comparisons of three general MSSS (apply multiple secrets) Comparisons (2/3 ) PLW schemeGMS1GMS2 Time Complexity O(M)O(M) Public Information Weak-PerfectNoYesNo MaxIR (AvIR)1/M

25 Comparisons (3/3 ) 25 With BBSWithout BBS Consider IRGMS1G-HP Scheme Consider CostGMS1 Given an Access Structure, choose a suitable SSS.

26 26 Conclusions Conclusions: Construct G-HP scheme. Theoretical prove of improvement ratios. Construct GMS1 and GMS2 schemes.

27 Thanks for your listening.

Download ppt "1 Problems of Perfect Multi- Secret Sharing Schemes Advisor: 阮夙姿教授 Presenter: 蔡惠嬋 Date: 2008/08/11 國立暨南國際大學資訊工程學系."

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.

How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.
國立暨南國際大學 National Chi Nan University A Study of (k, n)-threshold Secret Image Sharing Schemes in Visual Cryptography without Expansion Presenter : Ying-Yu.

國立暨南國際大學 National Chi Nan University A Study of (k, n)-threshold Secret Image Sharing Schemes in Visual Cryptography without Expansion Presenter : Ying-Yu.
A Perfect Threshold Secret Sharing Scheme to Identify Cheaters Marco Carpentieri Designs, Codes and Cryptography 5(3):183-187, May 1995 Presented by Po-Kun.

A Perfect Threshold Secret Sharing Scheme to Identify Cheaters Marco Carpentieri Designs, Codes and Cryptography 5(3): , May 1995 Presented by Po-Kun.
IEEE TRANSACTIONS ON IMAGE PROCESSING,2007 指導老師:李南逸 報告者:黃資真 Cheating Prevention in Visual Cryptography 1.

IEEE TRANSACTIONS ON IMAGE PROCESSING,2007 指導老師:李南逸 報告者:黃資真 Cheating Prevention in Visual Cryptography 1.
Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.

Introduction to Modern Cryptography, Lecture 11 1) More about efficient computation: Montgomery arithmetic, efficient exponentiation 2)Secret Sharing schemes.
Web-based Spoken English Training System with American Accent 線上美式英文口音訓練系統 指導教授:陳恆佑老師 學生:王舜霈 Date: June 25th, 2008 國立暨南國際大學 資訊工程學系碩士班畢業成果展 1.

Web-based Spoken English Training System with American Accent 線上美式英文口音訓練系統 指導教授:陳恆佑老師 學生:王舜霈 Date: June 25th, 2008 國立暨南國際大學 資訊工程學系碩士班畢業成果展 1.
Speaker: Pei-Ni Tsai Adviser: Dr. Kai-Wei Ke. Outline Introduction Hierarchical Resource Allocation Resource Allocation Complete share Guard External.

Speaker: Pei-Ni Tsai Adviser: Dr. Kai-Wei Ke. Outline Introduction Hierarchical Resource Allocation Resource Allocation Complete share Guard External.
Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.

Announcements: SHA due tomorrow SHA due tomorrow Last exam Thursday Last exam Thursday Available for project questions this week Available for project.
Part 4 b Forward-Backward Algorithm & Viterbi Algorithm CSE717, SPRING 2008 CUBS, Univ at Buffalo.

Part 4 b Forward-Backward Algorithm & Viterbi Algorithm CSE717, SPRING 2008 CUBS, Univ at Buffalo.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
2003/02/13 Chapter 1 1頁1頁 工程數學 (3) : Complex Variables Analysis 91 學年度 第二學期 國立中興大學 電機系 授課教師 范志鵬 助理教授 Textboobs: “Complex Variables with Applications”,

2003/02/13 Chapter 1 1頁1頁 工程數學 (3) : Complex Variables Analysis 91 學年度 第二學期 國立中興大學 電機系 授課教師 范志鵬 助理教授 Textboobs: “Complex Variables with Applications”,
Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.
An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, 2004. ICCCAS 2004.

An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, ICCCAS 2004.
On the Construction of Energy- Efficient Broadcast Tree with Hitch-hiking in Wireless Networks Source: 2004 International Performance Computing and Communications.

On the Construction of Energy- Efficient Broadcast Tree with Hitch-hiking in Wireless Networks Source: 2004 International Performance Computing and Communications.
1 高等演算法 Homework One 暨南大學資訊工程學系 黃光璿 2004/11/11. 2 Problem 1.

1 高等演算法 Homework One 暨南大學資訊工程學系 黃光璿 2004/11/11. 2 Problem 1.
Secret Sharing Algorithms

Secret Sharing Algorithms
A new predictive search area approach for fast block motion estimation Kuo-Liang Chung ( 鍾國亮 ) Lung-Chun Chang ( 張隆君 ) 國立台灣科技大學資訊工程系暨研究所 IEEE TRANSACTIONS.

A new predictive search area approach for fast block motion estimation Kuo-Liang Chung ( 鍾國亮 ) Lung-Chun Chang ( 張隆君 ) 國立台灣科技大學資訊工程系暨研究所 IEEE TRANSACTIONS.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

Similar presentations

Ads by Google