Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors

Consider an abstract storage device Σ(G) that can hold a single element x from a fixed, publicly known finite group G. Storage is private in the sense that an adversary does not have read access to Σ(G) at all. However, Σ(G) is non-robust in the sense that the adversary can modify its contents by adding some offset Δ ∈ G. Due to the privacy of the storage device, the value Δ can only depend on an adversary's a priori knowledge of x. We introduce a new primitive called an algebraic manipulation detection (AMD) code, which encodes a source s into a value x stored on Σ(G) so that any tampering by an adversary will be detected. We give a nearly optimal construction of AMD codes, which can flexibly accommodate arbitrary choices for the length of the source s and security level. We use this construction in two applications: - We show how to efficiently convert any linear secret sharing scheme into a robust secret sharing scheme, which ensures that no unqualified subset of players can modify their shares and cause the reconstruction of some value s′ ≠ s. - We show how to build nearly optimal robust fuzzy extractors for several natural metrics. Robust fuzzy extractors enable one to reliably extract and later recover random keys from noisy and non-uniform secrets, such as biometrics, by relying only on non-robust public storage. In the past, such constructions were known only in the random oracle model, or required the entropy rate of the secret to be greater than half. Our construction relies on a randomly chosen common reference string (CRS) available to all parties.

[1]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[2]  Satoshi Obana,et al.  Almost Optimum Secret Sharing Schemes Secure Against Cheating for Arbitrary Secret Distribution , 2006, ASIACRYPT.

[3]  Xavier Boyen Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[4]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[5]  Martin Tompa,et al.  How to share a secret with cheaters , 2005, Journal of Cryptology.

[6]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[7]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[8]  Kaoru Kurosawa,et al.  New combinatorial designs and their applications to authentication codes and secret sharing schemes , 2004, Discret. Math..

[9]  Alfredo De Santis,et al.  Lower Bounds for Robust Secret Sharing Schemes , 1997, Inf. Process. Lett..

[10]  Carles Padró Robust Vector Space Secret Sharing Schemes , 1998, Inf. Process. Lett..

[11]  Joel H. Spencer,et al.  On the (non)universality of the one-time pad , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[12]  Carles Padró,et al.  Secret Sharing Schemes with Detection of Cheaters for a General Access Structure , 2002, Des. Codes Cryptogr..

[13]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[14]  C. Padró,et al.  Secret Sharing Schemes with Detection of Cheaters for a General Access Structure , 2002 .

[15]  Yevgeniy Dodis Exposure-resilient cryptography , 2000 .

[16]  Gilles Brassard,et al.  Anonymous Quantum Communication , 2007, ASIACRYPT.

[17]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[18]  Kaoru Kurosawa,et al.  Optimum Secret Sharing Scheme Secure against Cheating , 1996, EUROCRYPT.

[19]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[20]  Alain Tapp,et al.  Information-Theoretic Security Without an Honest Majority , 2007, ASIACRYPT.

[21]  Yongge Wang,et al.  Perfectly Secure Message Transmission Revisited , 2008, IEEE Trans. Inf. Theory.

[22]  Hugo Krawczyk Distributed fingerprints and secure information dispersal , 1993, PODC '93.

[23]  Thomas Johansson,et al.  On the Relation between A-Codes and Codes Correcting Independent Errors , 1993, EUROCRYPT.

[24]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[25]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[26]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[27]  Carles Padró,et al.  Detection of Cheaters in Vector Space Secret Sharing Schemes , 1999, Des. Codes Cryptogr..

[28]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[29]  Luca Trevisan Extractors and pseudorandom generators , 2001, JACM.

[30]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2006, SIAM J. Comput..