Verifiable Secret Redistribution for Threshold Sharing Schemes

Abstract : We present a new protocol for the verifiable redistribution of secrets from (m,n) to (m',n') access structures for threshold sharing schemes. Our protocol enables the addition or removal of shareholders and also guards against mobile adversaries that cause permanent damage. We observe that existing protocols either cannot be readily extended to allow redistribution between different access structures, or have vulnerabilities that allow faulty old shareholders to corrupt the shares of new shareholders. Our primary contribution is that, in our protocol, new shareholders can verify the validity of their shares after redistribution between different access structures.

[1]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[2]  Antony I. T. Rowstron,et al.  Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility , 2001, SOSP.

[3]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[4]  Moti Yung,et al.  Adaptive Security for the Additive-Sharing Based Proactive RSA , 2001, Public Key Cryptography.

[5]  Pradeep K. Khosla,et al.  Selecting the Right Data Distribution Scheme for a Survivable Storage System (CMU-CS-01-120) , 2001 .

[6]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[7]  Marvin Theimer,et al.  Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs , 2000, SIGMETRICS '00.

[8]  Moti Yung,et al.  Adaptively-Secure Optimal-Resilience Proactive RSA , 1999, ASIACRYPT.

[9]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[10]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[11]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[12]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[13]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[14]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[15]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[16]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[17]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[18]  Silvio Micali,et al.  Verifiable Secret Sharing as Secure Computation , 1994, EUROCRYPT.

[19]  Tal Rabin,et al.  Robust sharing of secrets when the dealer is honest or cheating , 1994, JACM.

[20]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[21]  Thomas Beth,et al.  Verifiable secret sharing for monotone access structures , 1993, CCS '93.

[22]  Alfredo De Santis,et al.  Fully Dynamic Secret Sharing Schemes , 1993, Theor. Comput. Sci..

[23]  J. Massey,et al.  Threshold Schemes with Disenrollment , 1993, Proceedings. IEEE International Symposium on Information Theory.

[24]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[25]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[26]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[27]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[28]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[29]  Josh Benaloh,et al.  Secret sharing homomorphisms: keeping shares of a secret secret , 1987, CRYPTO 1987.

[30]  Silvio Micali,et al.  How to Prove all NP-Statements in Zero-Knowledge, and a Methodology of Cryptographic Protocol Design , 1986, CRYPTO.

[31]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[32]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[33]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).