Article

How to Share a Secret

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Furthermore, possessing fewer than k shares does not yield knowledge about the secret. Examples include Shamir's (k, n) method [18], Blakley's method [19] and the additive secret sharing method. Although these methods are commonly utilized in applications such as secure information storage and management across multiple server environments [20], multiparty computation [15], [21]- [25], searchable encryption [26], [27], etc., they have not yet been applied to user authentication in communication channels, to the best of our knowledge. ...
... • Any k − 1 or fewer shares reveal no information regarding the original secret s. • Any k or more shares enable the reconstruction of the original secret s. Examples of threshold secret sharing schemes include Shamir's (k, n) method [18], XOR-based method [41], (k, L, n) ramp method [42], (n, n) additive method, and replicated secret sharing method [36]. ...
... However, traditional one-time pad encryption requires symmetric key distribution between communicating parties, and the volume of keys must match the amount of messages to be exchanged. In our proposed method, we offer secure authentication and communication systems with enhanced security using the information-theoretic security provided by the (k, n) threshold secret sharing scheme, as established in [18]. Specifically, we introduce a novel framework for user authentication using a secure computation based on Shamir's (2, 2) method. ...
Article
Full-text available
When using an insecure communication channel, the initial step involves authenticating the user (verifying the other party) to ensure the legitimacy of the communication partner, followed by encrypted communication. Public-key encryption-based digital signatures are widely utilized for user authentication; however, they is highly likely that it will be deciphered with the development of quantum computers. Studies are also being conducted on post-quantum cryptography, although it requires significant computational resources and is challenging to implement in Internet of Things (IoT) devices. Consequently, this study suggests the implementation of user authentication and secure communication that guarantees information-theoretic security through the use of a secure computation based on a computationally light ( k, n ) threshold secret sharing scheme. In this study, we first propose a user authentication system with information-theoretical security utilizing constantly changing information. Subsequently, we demonstrate that secure communication with information-theoretic security can be achieved without the need to distribute a substantial amount of true random numbers, by employing a secure computation based on ( k, n ) threshold secret sharing. Our proposed methods are suitable for implementation in an IoT environment, as they require minimal processing overhead. We also demonstrate the practical application of the proposed methods through implementation using C++. For example, the claimant’s average execution time is less than 0.1 [ms], and the proposed methods are very efficient.
... It also has a certain impact on the flexibility and efficiency of the scheme. For this we propose a novel TQHE scheme based on the Shamir (t, n)-threshold secret sharing protocol [34]. Our proposed scheme not only supports a flexible number of evaluators but also ensures that all evaluators have the ability to perform all single-qubit unitary operations from {X, Y, Z, H, S, T, U(θ)} and are allowed to perform any computation task assigned by the data owner on the encrypted data. ...
... In this section, we introduce some background knowledge that is crucial for understanding our scheme, including the classical Shamir (t, n)-threshold secret sharing protocol [34] and a brief overview of the TQHE scheme framework. ...
... Essentially, the private share θ 1 in θ e , and the rotation keys {γ 2 , γ 3 , . . . , γ k } are each derived independently from a uniform distribution, and since θ 1 is kept secret by Alice, the secret a 0 cannot be recovered even if all evaluators conspire [34], which provides the maximum entropy for the encryption key. The conditional entropy of the encryption key θ e is the same as its total entropy, H(θ e |Ω) = H(θ e ), and hence the mutual information I(θ e ;Ω) = H(θ e ) − H(θ e |Ω) = 0, proving the security of the encryption key θ e in the privacy key space [40][41][42], the encryption key is secure. ...
Article
Full-text available
Currently, most quantum homomorphic encryption (QHE) schemes only allow a single evaluator (server) to accomplish computation tasks on encrypted data shared by the data owner (user). In addition, the quantum computing capability of the evaluator and the scope of quantum computation it can perform are usually somewhat limited, which significantly reduces the flexibility of the scheme in quantum network environments. In this paper, we propose a novel (t,n)-threshold QHE (TQHE) network scheme based on the Shamir secret sharing protocol, which allows k(t≤k≤n) evaluators to collaboratively perform evaluation computation operations on each qubit within the shared encrypted sequence. Moreover, each evaluator, while possessing the ability to perform all single-qubit unitary operations, is able to perform arbitrary single-qubit gate computation task assigned by the data owner. We give a specific (3, 5)-threshold example, illustrating the scheme’s correctness and feasibility, and simulate it on IBM quantum computing cloud platform. Finally, it is shown that the scheme is secure by analyzing encryption/decryption private keys, ciphertext quantum state sequences during transmission, plaintext quantum state sequence, and the result after computations on the plaintext quantum state sequence.
... For case (ii.b), suppose that A who corrupts t-1 players has non-negligible advantage ϵ to break the tMCFE to acquire the functionality result. In particular, the "master" functional private key is split into s shares via Shamir's secret share scheme [49] in the TFE scheme, so that we can construct a simulator to transfer A's advantage to solve the t-of -s Shamir's secret share scheme with t-1 shares. As proved in [49], no adversary has a non-negligible advantage to solve that, and hence, A also does not have the nonnegligible advantage to acquire the functionality result. ...
... In particular, the "master" functional private key is split into s shares via Shamir's secret share scheme [49] in the TFE scheme, so that we can construct a simulator to transfer A's advantage to solve the t-of -s Shamir's secret share scheme with t-1 shares. As proved in [49], no adversary has a non-negligible advantage to solve that, and hence, A also does not have the nonnegligible advantage to acquire the functionality result. ...
Preprint
Full-text available
Federated learning is a computing paradigm that enhances privacy by enabling multiple parties to collaboratively train a machine learning model without revealing personal data. However, current research indicates that traditional federated learning platforms are unable to ensure privacy due to privacy leaks caused by the interchange of gradients. To achieve privacy-preserving federated learning, integrating secure aggregation mechanisms is essential. Unfortunately, existing solutions are vulnerable to recently demonstrated inference attacks such as the disaggregation attack. This paper proposes TAPFed, an approach for achieving privacy-preserving federated learning in the context of multiple decentralized aggregators with malicious actors. TAPFed uses a proposed threshold functional encryption scheme and allows for a certain number of malicious aggregators while maintaining security and privacy. We provide formal security and privacy analyses of TAPFed and compare it to various baselines through experimental evaluation. Our results show that TAPFed offers equivalent performance in terms of model quality compared to state-of-the-art approaches while reducing transmission overhead by 29%-45% across different model training scenarios. Most importantly, TAPFed can defend against recently demonstrated inference attacks caused by curious aggregators, which the majority of existing approaches are susceptible to.
... SMPC originates from Yao's Millionaire Problem, and is mainly used to solve the problem of cooperative computation between a group of mutually distrustful participants to maintain privacy. The underlying cryptographic protocols include oblivious transfer protocol (Rabin 2005), garbled circuits protocol (Bellare et al. 2012), Secret Sharing (SS) protocol (Shamir 1979), Goldreich-Micali-Wigderson protocol (Goldreich et al. 2019), and so on. SMPC protocols focus on applications in efficiently parallel and distributed ML (Knott et al. 2021;Gao and Yu 2023;. ...
... For example, the scheme achieves an accuracy of 93.37% when the local epochs are L = 20, while the traditional FL is 93.80%, and the scheme only has an accuracy loss of 0.07%. The work Du et al. (2023) designs a multi-key CKKS scheme based on an SSR variant, i.e., Shamir's t-out-of-n linear secret sharing scheme (LSSS) (Shamir 1979). The proposed scheme which implements a t-user tolerant CKKS variant is used in an FL framework to implement privacy-preserving training of ResNet, CNN and RNN models. ...
Article
Full-text available
Machine Learning (ML) is rapidly advancing, enabling various applications that improve people’s work and daily lives. However, this technical progress brings privacy concerns, leading to the emergence of Privacy-Preserving Machine Learning (PPML) as a popular research topic. In this work, we investigate the privacy protection topic in ML, and showcase the advantages of Homomorphic Encryption (HE) among different privacy-preserving techniques. Additionally, this work presents an introduction of approximate HE, emphasizing its advantages and providing the detail of some representative schemes. Moreover, we systematically review the related works about approximate HE based PPML schemes from the four technical applications and three advanced applications, along with their application scenarios, models and datasets. Finally, we suggest some potential future directions to guide readers in extending the research of PPML.
... Initialization. At system startup, a Distributed Key Generation (DKG) protocol [49] is employed to produce a shared random seed for RANG, enabling the common coin functionality. ...
... TEE-Assisted Commit Rule. The commit rule process in Fides, as outlined in Fig. 7, begins with a DKG protocol [49], which initializes the TEE-Assisted Common Coin service with a shared random seed. This adaptively secure seed, stored confidentially within the trusted enclave, serves as the foundation for deterministic randomness. ...
Preprint
Recently, consensus protocols based on Directed Acyclic Graph (DAG) have gained significant attention due to their potential to build robust blockchain systems, particularly in asynchronous networks. In this paper, we propose Fides, an asynchronous DAG-based BFT consensus protocol that leverages Trusted Execution Environments (TEEs) to tackle three major scalability and security challenges faced by existing protocols: (i) the need for a larger quorum size (i.e., at least 3x larger) to tolerate Byzantine replicas, (ii) high communication costs and reliance on expensive cryptographic primitives (i.e., global common coin) to reach agreement in asynchronous networks, and (iii) poor censorship resilience undermining the liveness guarantee. Specifically, Fides adopts four trusted components-Reliable Broadcast, Vertex Validation, Common Coin, and Transaction Disclosure-within TEEs. Incorporating these components enables Fides to achieve linear message complexity, guaranteed censorship resilience, 2x larger quorum size, and lightweight common coin usage. Besides, abstracting these essential components rather than porting the entire protocol into TEE can significantly reduce the Trusted Computing Base (TCB). Experimental evaluations of Fides in local and geo-distributed networks demonstrate its superior performance compared to established state-of-the-art protocols such as Tusk, RCC, HotStuff, and PBFT. The results indicate that Fides achieves a throughput of 400k transactions per second in a geo-distributed network and 810k transactions per second in a local network. Our analysis further explores the protocol's overhead, highlighting its suitability and effectiveness for practical deployment in real-world blockchain systems.
... Blakely [10] and Shamir [11] introduced and formalised the concept of secret sharing. One of its most well-known applications is threshold cryptography [12], a method of key or secret distribution among several independent systems. ...
... Unlike multi-signature models, MPC wallets employ threshold cryptographic techniques to enable decentralised signing processes without revealing private keys to any single participant [11]. Threshold signature schemes offer superior efficiency by generating a single signature compatible with existing blockchain protocols, avoiding the need for protocol modifications required by multi-signature wallets [10]. ...
Article
Full-text available
Blockchain wallets are essential interfaces for managing digital assets and authorising transactions within blockchain systems. However, typical blockchain wallets often encounter performance, privacy and cost issues when utilising multi-signature schemes and face security vulnerabilities with single-signature methods. Additionally, while granting users complete control, non-custodial wallets introduce technical complexities and security risks. While custodial wallets can mitigate some of these challenges, they are primary targets for attacks due to the pooling of customer funds. To address these limitations, we propose a chain-agnostic Multi-Party Computation Threshold Signature Scheme (MPC-TSS) shared-custodial wallet with securely distributed key management and recovery. We apply this solution to create a wallet design for wealth managers and their clients, consolidating the management and access of multiple cryptocurrency tokens and services into a single application interface.
... |F is obtained by m signers reconstructing the secret key K and encrypting K with their keys. According to Eq. (3), except for Trent, at least t signers cooperate in order to must cooperate to reconstruct the secret key K [36]. This means that if K is successfully verified, then t m and the keys of the m signers were used correctly. ...
Article
Full-text available
Recently, a threshold group blind quantum signature scheme has been proposed. Compared to other similar schemes, this scheme has flexibility in the number of signers and the original message is blind. However, our analysis revealed two security vulnerabilities in this scheme. First, some of the shared secret keys have issues with leakage to other participants. Second, the blindness of the original message is partially invalidated for the signer and the third-party. In this paper, we proved these two vulnerabilities and proposed an improved scheme also based on entanglement swapping. In the improved scheme, a trusted third-party is responsible for generating the threshold key, the sender is responsible for blinding the original message, at least t\boldsymbol{t} signers collaborate to generate the signature, and the third-party and verifier jointly perform the verification. The improved scheme not only overcomes the vulnerabilities of the old scheme but also has relatively better efficiency. In addition, this scheme has unforgeability and undeniability, the number of signers remains flexible and it satisfies threshold security.
... NIST (National Institute of Standards and Technology), in its Electronic Authentication Guideline [4], recommends secret sharing as a technique to be used to protect long-term credentials in its level 3 security definition for a CSP (Cloud Service Provider). Secret key sharing allows a secret such as key information to be divided into multiple shares [5]; these shares may be distributed among key generators using the concept of threshold decryption [6], or portions of a private key are distributed among users [7]. The challenge is that the client must assemble a key from multiple sources, potentially resulting in expensive communication overhead. ...
... First formalized independently by Adi Shamir [37] and George Blakley [7] in 1979. Shamir's scheme is based on polynomial interpolation over a nite eld, where a secret is encoded as the constant term of a polynomial. ...
Article
Full-text available
In secret sharing, the relationships between participants and the information they hold can be modeled effectively using graph structures. Graphs allow us to visualize and analyze these relationships, making it easier to define access structures, optimize share distributions, and ensure security. This paper provides the first comprehensive review of existing research on the application of graph theory to secret sharing comparing different classic and modern approaches and analyzing the current litterature. Through this study we highlight the key advances and methodologies that have been developed, underscoring the pivotal role of graph theoretic approaches in enhancing the security and efficiency of secret sharing schemes. Furthermore, the review identifies open challenges and future research directions, providing insights into potential innovations that could further strengthen cryptographic practices. This work serves as a foundational resource for researchers and practitioners seeking to deepen their understanding of the intersection between graph theory and secret sharing, fostering the development of more robust and sophisticated cryptographic solutions.
... However, local data can still be deduced from these parameters using the inverse attack [2][3][4], necessitating secure transmission of local parameters to the federated learning server. To conceal the local model parameters, several techniques have been proposed, including secure aggregation through secure multiparty computation [5,6], differential privacy [7,8], homomorphic encryption (HE) [9][10][11][12][13][14][15][16][17][18][19][20][21], and masking techniques [22][23][24][25][26][27][28][29]. Among these, mask-based aggregation and HE-based aggregation are the most widely adopted for ensuring privacy in federated learning. ...
Article
Full-text available
Secure aggregation of local learning model parameters is crucial for achieving privacy-preserving federated learning. This paper presents a novel and practical aggregation method that effectively combines the advantages of masking-based aggregation with those of homomorphic encryption-based techniques. Each node conceals its local parameters using a randomly selected mask, independently chosen, thereby eliminating the need for additional computations to generate or exchange mask values with other nodes. Instead, each node homomorphically encrypts its random mask using its own encryption key. During each federated learning round, nodes send their masked parameters and the homomorphically encrypted mask to the federated learning server. The server then aggregates these updates in an encrypted state, directly calculating the average of actual local parameters across all nodes without the necessity to decrypt the aggregated result separately. To facilitate this, we introduce a new multi-key homomorphic encryption technique tailored for secure aggregation in federated learning environments. Each node uses a different encryption key to encrypt its mask value. Importantly, the ciphertext of each mask includes a partial decryption component from the node, allowing the collective sum of encrypted masks to be automatically decrypted once all are aggregated. Consequently, the server computes the average of the actual local parameters by simply subtracting the decrypted total sum of mask values from the cumulative sum of the masked local parameters. Our approach effectively eliminates the need for interactions between nodes and the server for mask generation and sharing, while addressing the limitation of a single key homomorphic encryption. Moreover, the proposed aggregation process completes the global model update in just two interactions (in the absence of dropouts), significantly simplifying the aggregation procedure. Utilizing the CKKS (Cheon-Kim-Kim-Song) homomorphic encryption scheme, our method ensures efficient aggregation without compromising security or accuracy. We demonstrate the accuracy and efficiency of the proposed method through varied experiments on MNIST data.
... Key management is an essential component in using cryptosystems for securing networks. Key management can be defined as the management of cryptographic keys for cryptosystems [11] [12]. There are two main categories of cryptosystems namely the symmetric and asymmetric cryptographic systems. ...
Thesis
Full-text available
Securing wireless ad-hoc networks is challenging and quite difficult because of its nature. Wireless ad-hoc networks are characterized with lack of infrastructure, node mobility and dynamic topology. Public key infrastructure is a trusted third party that binds the identity of a user to a key in the form of a certificate. The concept of PKI have been introduced in securing wireless ad-hoc networks, however, weaknesses in security still persists. This research reviews the related works carried out in securing wireless ad-hoc networks with PKI. The research also highlights the history, applications, technological challenges and limitations in securing wireless ad-hoc networks. The review revealed the security weakness of a single point of failure in PKI After the discovery of the security weakness in PKI, a master-slave PKI security model was developed based on the resurrecting duckling security model by Frank Stajano and Ross Anderson and implemented on OPNET IT GURU Academic Edition . The master –slave PKI security model solves the problem of single point of failure by introducing redundancy, fault tolerance and high availability. Results of the simulation showed degradation in the quality of service when the slave PKI takes over from the master PKI after a failure. Keywords: Wireless ad-hoc networks, PKI, Security
... Fortunately, secure aggregation methods represented by SecAgg [12] can simultaneously address the aforementioned challenges. SecAgg employs a pairwise masking mechanism and Shamir secret sharing [13] to securely aggregate the model gradients while accommodating up to 30% dropout clients. Specifically, the acquisition of pairwise masks necessitates key (Corresponding author: Yujun Zhang) negotiation among clients. ...
Preprint
Privacy-preserving machine learning (PPML) enables clients to collaboratively train deep learning models without sharing private datasets, but faces privacy leakage risks due to gradient leakage attacks. Prevailing methods leverage secure aggregation strategies to enhance PPML, where clients leverage masks and secret sharing to further protect gradient data while tolerating participant dropouts. These methods, however, require frequent inter-client communication to negotiate keys and perform secret sharing, leading to substantial communication overhead. To tackle this issue, we propose NET-SA, an efficient secure aggregation architecture for PPML based on in-network computing. NET-SA employs seed homomorphic pseudorandom generators for local gradient masking and utilizes programmable switches for seed aggregation. Accurate and secure gradient aggregation is then performed on the central server based on masked gradients and aggregated seeds. This design effectively reduces communication overhead due to eliminating the communication-intensive phases of seed agreement and secret sharing, with enhanced dropout tolerance due to overcoming the threshold limit of secret sharing. Extensive experiments on server clusters and Intel Tofino programmable switch demonstrate that NET-SA achieves up to 77x and 12x enhancements in runtime and 2x decrease in total client communication cost compared with state-of-the-art methods.
... Formally, ∈ = , where is an index set of size + 1, 's are constants and addition is over the ring. Linear secret-sharing schemes such as Shamir secret-sharing [60] and additive secret-sharing [13] are extensively used in secure MPC protocols. ...
Article
Full-text available
Distributed training that enables multiple parties to jointly train a model on their respective datasets is a promising approach to address the challenges of large volumes of diverse data for training modern machine learning models. However, this approach immedi- ately raises security and privacy concerns; both about each party wishing to protect its data from other parties during training and preventing leakage of private information from the model after training through various inference attacks. In this paper, we ad- dress both these concerns simultaneously by designing efficient Differentially Private, secure Multiparty Computation (DP-MPC) protocols for jointly training a model on data distributed among multiple parties. Our DP-MPC protocol in the two-party setting is 56-794× more communication-efficient and 16-182× faster than previous such protocols. Conceptually, our work simplifies and improves on previous attempts to combine techniques from secure multiparty computation and differential privacy, especially in the context of ML training.
... Shares are distributed to qualified recipients which can reconstruct the secret by computing individual shares back together with a ss.Reconstruct algorithm [24]. In this work, we consider secret sharing with an access structure of = =2, where out of parties must add together secret shares to reconstruct the secret [47]. We provide the formal definition of secret sharing in the Appendix A.7. ...
Article
Full-text available
Web users can gather data from secure endpoints and demonstrate the provenance of sensitive data to any third party by using privacy-preserving TLS oracles. In practice, privacy-preserving TLS oracles remain limited and cannot verify larger, sensitive data sets. In this work, we introduce new optimizations for TLS oracles, which enhance the efficiency of selectively verifying the provenance of confidential web data. The novelty of our work is a construction which secures an honest verifier zero-knowledge proof system in the asymmetric privacy setting while retaining security against malicious adversaries. Concerning TLS 1.3 in the one round-trip time (1-RTT) mode, we propose a new, optimized garble-then-prove paradigm in a security setting with malicious adversaries. Our improvements reach new performance benchmarks and facilitate a practical deployment of privacy-preserving TLS oracles in web browsers.
... To reconstruct the original secret, a minimum number of participants must combine their parts. This approach helps ensure that no single participant has complete control over the secret and reduces the risk of compromised cryptographic keys or passwords (Shamir, 1979). Furthermore, it reduces the risk of compromised cryptographic keypairs, as an attacker would need to obtain multiple pieces from multiple participants to reconstruct the key. ...
Article
Full-text available
Data is the foundation of any scientific, industrial, or commercial process. Its journey flows from collection to transport, storage, and processing. While best practices and regulations guide its management and protection, recent events have underscored their vulnerabilities. Academic research and commercial data handling have been marred by scandals, revealing the brittleness of data management. Data is susceptible to undue disclosures, leaks, losses, manipulation, or fabrication. These incidents often occur without visibility or accountability, necessitating a systematic structure for safe, honest, and auditable data management. We introduce the concept of Honest Computing as the practice and approach that emphasizes transparency, integrity, and ethical behaviour within the realm of computing and technology. It ensures that computer systems and software operate honestly and reliably without hidden agendas, biases, or unethical practices. It enables privacy and confidentiality of data and code by design and default. We also introduce a reference framework to achieve demonstrable data lineage and provenance, contrasting it with Secure Computing, a related but differently orientated form of computing. At its core, Honest Computing leverages Trustless Computing, Confidential Computing, Distributed Computing, Cryptography, and AAA security concepts. Honest Computing opens new ways of creating technology-based processes and workflows which permit the migration of regulatory frameworks for data protection from principle-based approaches to rule-based ones. Addressing use cases in many fields, from AI model protection and ethical layering to digital currency formation for finance and banking, trading, and healthcare, this foundational layer approach can help define new standards for appropriate data custody and processing.
... The data provided by the dealer to a participant is referred to as a share and sets of participants which are able to recover the secret by pooling their data are said to be authorized or qualified. The concept was introduced by Shamir in his seminal paper [29] where he describes what is now known as Shamir's secret sharing scheme. His scheme which is based on univariate polynomials is perfect meaning that subsets that are not authorized possess no information on the secret. ...
Preprint
In this work we revisit the fundamental findings by Chen et al. in [5] on general information transfer in linear ramp secret sharing schemes to conclude that their method not only gives a way to establish worst case leakage [5, 25] and best case recovery [5, 19], but can also lead to additional insight on non-qualifying sets for any prescribed amount of information. We then apply this insight to schemes defined from monomial-Cartesian codes and by doing so we demonstrate that the good schemes from Sec.\ IV in [14] have a second layer of security. Elaborating further, when given a designed recovery number, in a new construction the focus is entirely on ensuring that the access structure possess desirable second layer security, rather on what is the worst case information leakage in terms of number of participants. The particular structure of largest possible sets being not able to determine given amount of information suggests that we call such schemes democratic
... A secret sharing scheme [41] allows a secret s to be divided into several pieces held by different individuals. In this framework, a certain coalition of holders can recover the original secret value s, while any smaller coalition learns nothing about s. ...
Article
Full-text available
Private Set Intersection (PSI) is a significant application of interest within Secure Multi-party Computation (MPC), even though we are still in the early stages of deploying MPC solutions to real-world problems. Threshold PSI (tPSI), a variant of PSI, allows two parties to determine the intersection of their respective sets only if the cardinality of the intersection is at least (or less than) a specified threshold t. In this paper, we propose a generic construction for two-party tPSI that extensively utilizes Oblivious Transfer (OT). Our approach is based on lightweight primitives and avoids costly public-key systems such as homomorphic encryption. We start by introducing the secret-sharing private membership test PMTss that is based on the secret-sharing private equality test PEQTss. The PMTss enables tPSI to be scaled for a wide range of practical applications, particularly benefiting parties with limited computational resources. Consequently, two distinct two-party tPSI protocols can be efficiently implemented: over-threshold PSI (t≤PSI) and under-threshold PSI t>PSI. In addition, we propose a lightweight two-party tPSI with limited leakage and a generic precomputing OT suitable for phased implementation. Experimental performance demonstrates that our protocols are highly efficient and computationally friendly, thus paving the way for broader deployment of tPSI solutions.
... only specific subsets of participants, defined by an access structure, can reconstruct the original secret from their shares. 2 One of the most well-known secret sharing schemes in the literature is that of Shamir's [Sha79]. The formal definition of Shamir's secret sharing (SSS) is as follows. ...
Preprint
Full-text available
In this work, we study the performance of Reed-Solomon codes against an adversary that first permutes the symbols of the codeword and then performs insertions and deletions. This adversarial model is motivated by the recent interest in fully anonymous secret-sharing schemes [EBG+24],[BGI+24]. A fully anonymous secret-sharing scheme has two key properties: (1) the identities of the participants are not revealed before the secret is reconstructed, and (2) the shares of any unauthorized set of participants are uniform and independent. In particular, the shares of any unauthorized subset reveal no information about the identity of the participants who hold them. In this work, we first make the following observation: Reed-Solomon codes that are robust against an adversary that permutes the codeword and then deletes symbols from the permuted codeword can be used to construct ramp threshold secret-sharing schemes that are fully anonymous. Then, we show that over large enough fields of size, there are [n,k] Reed-Solomon codes that are robust against an adversary that arbitrary permutes the codeword and then performs n2k+1n-2k+1 insertions and deletions to the permuted codeword. This implies the existence of a (k1,2k1,n)(k-1, 2k-1, n) ramp secret sharing scheme that is fully anonymous. That is, any k1k-1 shares reveal nothing about the secret, and, moreover, this set of shares reveals no information about the identities of the players who hold them. On the other hand, any 2k12k-1 shares can reconstruct the secret without revealing their identities. We also provide explicit constructions of such schemes based on previous works on Reed-Solomon codes correcting insertions and deletions. The constructions in this paper give the first gap threshold secret-sharing schemes that satisfy the strongest notion of anonymity together with perfect reconstruction.
... Propagate: Propagate is a communication algorithm used to send quorums' composition over an asynchronous network. It is based on Shamir's secret sharing [21]: data is split in n shares so that any f + 1 different shares allow to reconstruct the original data. Each validator is sent a different share and they need to cooperate by sending their shares to others in order to reconstruct the sensitive data. ...
Preprint
Full-text available
Digital currencies have emerged as a significant evolution in the financial system, yet they face challenges in distributed settings, particularly regarding double spending. Traditional approaches, such as Bitcoin, use consensus to establish a total order of transactions, ensuring that no more than the currency held by an account is spent in the order. However, consensus protocols are costly, especially when coping with Byzantine faults. It was shown that solving Consensus is not needed to perform currency's transfer, for instance using byzantine quorum systems but validation remains per-account sequential. Recent research also introduced the fractional spending problem, which enables concurrent but non-conflicting transactions i.e., transactions that spend from the same account but cannot lead to a double spending because each is only spending a small fraction of the balance. A solution was proposed based on a new quorum system and specific cryptographic primitives to protect against an adaptive adversary. The quorum system, called (k1, k2)-quorum system, guarantees that at least k1 transactions can be validated concurrently but that no more than k2 can. Employing such quorums, a payer can validate concurrently multiple fractional spending transactions in parallel with high probability. Subsequently, the payer reclaims any remaining sum through a settlement. This paper enhances such solution by integrating different cryptographic primitives, VRF and Ring Signatures, into a similar protocol. But contrarily, these tools ensure quorums to remain secret during settlements, allowing to reduces its communication costs from cubic to quadratic in messages. We also achieve payment transaction with 3 message delays rather then 5. Additionally, we propose a refined formalization of the fractional spending problem, introducing coupons, which simplifies the theoretical framework and proof structure.
Article
The autonomous driving system necessitates using privacy-preserving deep learning (PPDL) technologies as the safety assurance for its extensive application. However, existing PPDL solutions depend on intricate protocol designs for robust security. Although leveraging advanced dedicated hardware platforms can significantly improve inference efficiency, the PPDL frameworks that make the best use of hardware platform computility are scarce. Thus, balancing efficiency and security in PPDL remains an open question. This study presents SEPPDL, a secure tripartite inference framework for deep learning based on secret-sharing to balance privacy security and computational efficiency. We reduce the communication and calculation time by designing a deep learning quantisation representation scheme, two new computational protocols, and a computation library that utilises the integer computation units of the GPU. The experimental results show that compared with state-of-the-art PPDL frameworks, the SEPPDL framework reduces the communication and computation delay in the model inference to 1/2 and 1/3 of the existing optimal frameworks while maintaining the accuracy of the model inference. Meanwhile, the SEPPDL framework achieves a 10-fold performance improvement in a lightweight model. As the model scale increases, the performance of the SEPPDL-based model even achieves an 86-fold improvement compared to VGG16.
Article
Full-text available
The massive data generated by the Internet of Things (IoT) is often outsourced to the cloud, leading to a separation between data ownership and management. Access control during the data’s validity period and assured deletion once that period expires are both crucial for protecting privacy. While recent research has primarily focused on access control, assured deletion has received less attention. Existing assured deletion schemes can be classified into key-control based and cryptographic policy based methods, but to varying degrees, they have limitations such as requiring a trusted third party, high encryption overhead, lack of support for deletion verification and fine-grained access control. To address these limitations, we propose BBAD, a blockchain-based assured deletion scheme that leverages smart contracts for fine-grained access control, employs Shamir secret sharing and re-encryption for assured key deletion, and utilizes Merkle Hash Tree (MHT) for public deletion verification. Notably, BBAD eliminates the need for a trusted third party, exhibits low computational overhead, supports customizable deletion time limit, and enables offline verification of deletion for users. Our experimental comparison with two prominent alternatives, Secure Electronic-Document Self-Destructing with Identity-Based Timed-Release Encryption (ESITE) and Key-Policy Attribute-Based Encryption for Assured Deletion (AD-KP-ABE), demonstrates that BBAD reduces data processing time by over 46.5%, data deletion time by 98.4%, and deletion verification time by 99.0%.
Article
Full-text available
Стаття присвячена дослідженню технологій шифрування даних із акцентом на візуальну криптографію, яка є сучасним і перспективним методом забезпечення конфіденційності інформації. Основна увага приділяється аналізу існуючих методів шифрування інформації та розробці рішень, що дозволяють забезпечити надійний захист комунікацій. Візуальна криптографія, як один із сучасних методів, є актуальною через зростання потреби у захисті конфіденційних даних в умовах посилення загроз кібербезпеки. У роботі описано основні принципи візуальної криптографії, її переваги та практичні можливості застосування у сферах, де конфіденційність інформації має вирішальне значення, таких як державна безпека, військова сфера, фінансові установи та системи охорони здоров’я. Описано переваги візуальної криптографії, що дозволяє передавати зашифровані повідомлення у вигляді зображень, які можна розшифрувати шляхом фізичного накладання частин. Це розширює потенціал технології у контексті систем аутентифікації та доступу. Крім того, стаття містить опис програмних засобів для реалізації шифрування та розшифрування інформації, а також детальний огляд можливостей використання мов програмування для вирішення таких задач. Розглянуто ключові алгоритми та методи шифрування, оцінюючи їх ефективність та можливості впровадження у реальні системи захисту інформації. Завдяки проведеним дослідженням було проаналізовано різні підходи до захисту даних і визначено переваги візуальної криптографії у порівнянні з іншими методами. Результати дослідження демонструють ефективність візуальної криптографії як методу захисту інформації, особливо у випадках, коли необхідно уникнути залежності від складних цифрових технологій. Перспективи подальших досліджень включають розробку більш досконалих алгоритмів візуального шифрування, адаптивних до різних умов використання, а також впровадження технології для захисту критично важливих даних у різних галузях.
Chapter
Quantum secret sharing is the extension and development of classical secret sharing in the area of quantum mechanics. It provides a new way and idea for the secure transmission of information. Using quantum states as information carrier, quantum secret sharing technology can realize quantum network identity and large-capacity information transmission. This technology has the advantages of high security, high reliability, saving resources, and reducing the complexity of communication. At present, quantum secret sharing technology has occupied a leading position in the quantum communication technology, which is of great significance not only in the theoretical research. Once realized, it will have an inestimable application prospect in the fields of quantum communication and quantum computing.
Article
Seldom quantum secret sharing protocols with both the flexible (t, n) threshold and semi-quantum properties have been proposed. Recently, a novel idea of (t, n) threshold semiquantum secret sharing was proposed, which has both the (t, [Formula: see text] threshold and semi-quantum properties. Its idea can simplify the quantum secret sharing process such that many classical users with simple ability of quantum operations can realize the communication goal by cooperating with one quantum party. Furthermore, the protocol is very flexible since any t collaborators of the n classical users can reconstruct the full secret by Shamir’s threshold technology. Unfortunately, their protocol is vulnerable to the NOT-gate attack. This paper shows that an attacker can break the (t, n) threshold protocol by performing two rounds of NOT-gate attack. Then, an improved (t, n) threshold semiquantum secret sharing protocol is proposed. In the improvement scheme, each receiver can perform the eavesdropping check by measuring the Z-basis sample states. The improved protocol not only has semi-quantum properties but also can repair the security hole of the old version and has enhanced security against various quantum attacks.
Article
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d = 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .
Article
Incluye bibliografía e índice
A method for obtaining digital signatures and public-key cryptosystems LThe polynomials can be replaced by any other collection of func-tions which are easy to evaluate and to interpolate
  • R Rivest
  • A Shamir
  • L Adleman
Rivest, R., Shamir, A., and Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Comm. A CM 21, 2 (Feb. 1978), 120-126. LThe polynomials can be replaced by any other collection of func-tions which are easy to evaluate and to interpolate.
  • D Knuth
Knuth, D. The Art of Computer Programming, Vol. 2: SeminumericalAlgorithms. Addison-Wesley, Reading, Mass., 1969.