Secret Sharing Schemes with Applications in Security Protocols

Preface A secret sharing scheme starts with a secret and then derives from it certain shares (or shadows) which are distributed to users. The secret may be recovered only by certain predetermined groups which belong to the access structure. Secret sharing schemes have been independently introduced by Blakley [12] and Shamir [134] as a solution for safeguarding cryptographic keys. Secret sharing schemes can be used for any situation in which the access to an important resource has to be restricted. We mention here the case of opening bank vaults or launching a nuclear missile. In the first secret sharing schemes only the number of the participants in the reconstruction phase was important for recovering the secret. Such schemes have been referred to as threshold secret sharing schemes. There are secret sharing schemes that deal with more complex access structures than the threshold ones. We mention here the weighted threshold secret sharing schemes in which a positive weight is associated to each user and the secret can be reconstructed if and only if the sum of the weights of the participants is greater than or equal to a fixed threshold, the hierarchical (or multilevel) secret sharing schemes in which the set of users is partitioned into some levels and the secret can be recovered if and only if there is an initialization level such that the number of the participants from this level or higher levels is greater than or equal to the initialization level threshold, the compartmented secret sharing schemes in which the set of users is partitioned into compartments and the secret can be recovered if and only if the number of participants from any compartment is greater than or equal to a compartment threshold and the total number of participants is greater than or equal to a global threshold. Ito, Saito, and Nishizeki [90], Benaloh and Leichter [9] have proposed constructions for realizing any monotone (i.e., if a group belongs to the access structure, so does a larger group) access iii iv structure. The schemes in which the unauthorized groups gain no information about the secret are referred to as perfect. Karnin, Greene, and Hellman [97] have proved, using the concept of entropy, that in any perfect threshold secret sharing scheme the shares must be at least as long as the secret and, later on, Capocelli, De Santis, Gargano, and Vaccaro [27] have extended this result to the …

[1]  Weighted Threshold Secret Sharing Schemes , 1999, Inf. Process. Lett..

[2]  Dale K. Pace,et al.  The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet , 1998 .

[3]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[4]  Sorin Iftene,et al.  MpNT: A Multi-Precision Number Theory Package, Number Theoretical Algorithms (I) , 2003 .

[5]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[6]  John Bloom,et al.  A modular approach to key safeguarding , 1983, IEEE Trans. Inf. Theory.

[7]  Hirosuke Yamamoto,et al.  Secret sharing system using (k, L, n) threshold scheme , 1986 .

[8]  Alfredo De Santis,et al.  On the size of shares for secret sharing schemes , 1991, Journal of Cryptology.

[9]  Ken Martin Discrete Structures in the Theory of Secret Sharing , 1991 .

[10]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[11]  Wei-Pang Yang,et al.  A new multi-stage secret sharing scheme using one-way function , 2005, OPSR.

[12]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[13]  Josef Pieprzyk,et al.  On Construction of Cumulative Secret Sharing Schemes , 1998, ACISP.

[14]  H. Garner The residue number system , 1959, IRE-AIEE-ACM '59 (Western).

[15]  Reihaneh Safavi-Naini,et al.  Distributing the Encryption and Decryption of a Block Cipher , 2005, Des. Codes Cryptogr..

[16]  Dana Ron,et al.  Chinese remaindering with errors , 1999, STOC '99.

[17]  Sorin Iftene,et al.  General Secret Sharing Based on the Chinese Remainder Theorem with Applications in E-Voting , 2007, ICS@SYNASC.

[18]  Evangelos Kranakis Primality and cryptography , 1986, Wiley-Teubner series in computer science.

[19]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[20]  Susan K. Langford Threshold DSS Signatures without a Trusted Party , 1995, CRYPTO.

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[22]  Bart Preneel,et al.  On the Security of the Threshold Scheme Based on the Chinese Remainder Theorem , 2002, Public Key Cryptography.

[23]  Josef Pieprzyk,et al.  Remarks on the multiple assignment secret sharing scheme , 1997, ICICS.

[24]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[25]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[26]  Keith M. Martin,et al.  Mutually Trusted Authority-Free Secret Sharing Schemes , 1997, Journal of Cryptology.

[27]  Ed Dawson,et al.  Multistage secret sharing based on one-way function , 1994 .

[28]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[29]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[30]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[31]  Kaoru Kurosawa,et al.  Optimum Secret Sharing Scheme Secure against Cheating , 1996, EUROCRYPT.

[32]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[33]  Douglas R. Stinson,et al.  Decomposition constructions for secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[34]  Matthew K. Franklin,et al.  The design and implementation of a secure auction service , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[35]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[36]  Philippe Béguin,et al.  General Information Dispersal Algorithms , 1998, Theor. Comput. Sci..

[37]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[38]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[39]  Martin Tompa,et al.  How to share a secret with cheaters , 1988, Journal of Cryptology.

[40]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[41]  Oystein Ore,et al.  The General Chinese Remainder Theorem , 1952 .

[42]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[43]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[44]  Berry Schoenmakers,et al.  A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic , 1999, CRYPTO.

[45]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[46]  Josef Pieprzyk,et al.  Conditionally secure secret sharing schemes with disenrollment capability , 1994, CCS '94.

[47]  Satoshi Obana,et al.  Veto is Impossible in Secret Sharing Schemes , 1996, Inf. Process. Lett..

[48]  Gustavus J. Simmons,et al.  How to (Really) Share a Secret , 1988, CRYPTO.

[49]  Sorin Iftene General secret sharing based on determinants , 2005, Seventh International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC'05).

[50]  Suresh C. Kothari,et al.  Generalized Linear Threshold Scheme , 1985, CRYPTO.

[51]  Keith M. Martin,et al.  Cumulative Arrays and Geometric Secret Sharing Schemes , 1992, AUSCRYPT.

[52]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..

[53]  Josef Pieprzyk,et al.  Changing Thresholds in the Absence of Secure Channels , 1999, Aust. Comput. J..

[54]  Duncan S. Wong,et al.  Generalised Cumulative Arrays in Secret Sharing , 2006, Des. Codes Cryptogr..

[55]  Josef Pieprzyk,et al.  Secret Sharing in Multilevel and Compartmented Groups , 1998, ACISP.

[56]  Alfredo De Santis,et al.  Graph Decompositions and Secret Sharing Schemes , 1992, EUROCRYPT.

[57]  Giovanni Di Crescenzo Sharing one secret vs. sharing many secrets , 2003, Theor. Comput. Sci..

[58]  Erich Kaltofen,et al.  On computing determinants of matrices without divisions , 1992, ISSAC '92.

[59]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[60]  Alfredo De Santis,et al.  Efficient Sharing of Many Secrets , 1993, STACS.

[61]  Tamir Tassa,et al.  Characterizing Ideal Weighted Threshold Secret Sharing , 2008, SIAM J. Discret. Math..

[62]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[63]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[64]  Giovanni Di Crescenzo,et al.  Sharing Block Ciphers , 2000, ACISP.

[65]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[66]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[67]  S. Tsujii,et al.  Nonperfect Secret Sharing Schemes , 1992, AUSCRYPT.

[68]  Tzonelih Hwang,et al.  Cryptosystem for Group Oriented Cryptography , 1991, EUROCRYPT.

[69]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[70]  Douglas R Stinson,et al.  Some improved bounds on the information rate of perfect secret sharing schemes , 1990, Journal of Cryptology.

[71]  Keith M. Martin,et al.  A combinatorial interpretation of ramp schemes , 1996, Australas. J Comb..

[72]  Edgar Martínez-Moro,et al.  Compounding secret sharing schemes , 2004, Australas. J Comb..

[73]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[74]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[75]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[76]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[77]  Gustavus J. Simmons,et al.  A Protocol to Set Up Shared Secret Schemes Without the Assistance of a Mutualy Trusted Party , 1991, EUROCRYPT.

[78]  Simon Singh,et al.  The Code Book: The Evolution of Secrecy from Mary, Queen of Scots, to Quantum Cryptography , 1999 .

[79]  Sorin Iftene,et al.  Compartmented Secret Sharing Based on the Chinese Remainder Theorem , 2005, IACR Cryptol. ePrint Arch..

[80]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[81]  Yvo Desmedt,et al.  Classification of Ideal Homomorphic Threshold Schemes over Finite Abelian Groups (Extended Abstract) , 1992, EUROCRYPT.

[82]  Nira Dyn,et al.  Multipartite Secret Sharing by Bivariate Interpolation , 2006, ICALP.

[83]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[84]  Marten van Dijk A Linear Construction of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[85]  Alfredo De Santis,et al.  Graph decompositions and secret sharing schemes , 2004, Journal of Cryptology.

[86]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[87]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[88]  Reihaneh Safavi-Naini,et al.  Bounds and Techniques for Efficient Redistribution of Secret Shares to New Access Structures , 1999, Comput. J..

[89]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[90]  Ioana Boureanu,et al.  Weighted Threshold Secret Sharing Based on the Chinese Remainder Theorem , 2005, Sci. Ann. Cuza Univ..

[91]  J. Miller Numerical Analysis , 1966, Nature.

[92]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[93]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[94]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[95]  Gilles Villard,et al.  On computing the determinant and Smith form of an integer matrix , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[96]  Alfredo De Santis,et al.  Secret Sharing Schemes with Veto Capabilities , 1993, Algebraic Coding.

[97]  Brian A. Carter,et al.  Advanced Encryption Standard , 2007 .

[98]  Wayne Patterson Mathematical Cryptology for Computer Scientists and Mathematicians , 1987 .

[99]  Torben P. Pedersen Distributed Provers with Applications to Undeniable Signatures , 1991, EUROCRYPT.

[100]  Keith M. Martin,et al.  Geometric secret sharing schemes and their duals , 1994, Des. Codes Cryptogr..

[101]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[102]  Yvo Desmedt Treshold Cryptosystems (invited talk) , 1992, AUSCRYPT.

[103]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[104]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[105]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[106]  Aviezri S. Fraenkel,et al.  New proof of the generalized Chinese Remainder Theorem , 1963 .

[107]  Tamir Tassa,et al.  Hierarchical Threshold Secret Sharing , 2004, Journal of Cryptology.

[108]  Enav Weinreb,et al.  Monotone circuits for monotone weighted threshold functions , 2006, Inf. Process. Lett..

[109]  G. R. Blakley,et al.  Threshold Schemes with Disenrollment , 1992, CRYPTO.

[110]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[111]  Yvo Desmedt,et al.  Perfect Homomorphic Zero-Knowledge Threshold Schemes over any Finite Abelian Group , 1994, SIAM J. Discret. Math..

[112]  A. Salomaa,et al.  Chinese remainder theorem: applications in computing, coding, cryptography , 1996 .

[113]  K. Srinathan,et al.  On the Power of Computational Secret Sharing , 2003, INDOCRYPT.

[114]  Rosalie Maggio,et al.  How to Say It. , 1906, California state journal of medicine.

[115]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[116]  Jean-Jacques Quisquater,et al.  A Signature with Shared Verification Scheme , 1989, CRYPTO.

[117]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[118]  Yong He,et al.  Non-Interactive and Information-Theoretic Secure Publicly Verifiable Secret Sharing , 2004, IACR Cryptol. ePrint Arch..

[119]  Ivan Damgård,et al.  Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions , 2005, Public Key Cryptography.

[120]  Wang Zhifang,et al.  A non-interactive modular verifiable secret sharing scheme , 2005, Proceedings. 2005 International Conference on Communications, Circuits and Systems, 2005..

[121]  R.G.E. Pinch,et al.  On-line multiple secret sharing , 1996 .

[122]  Mike Burmester,et al.  Homomorphisms of Secret Sharing Schemes: A Tool for Verifiable Signature Sharing , 1996, EUROCRYPT.

[123]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[124]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[125]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[126]  Philippe Béguin,et al.  General Short Computational Secret Sharing Schemes , 1995, EUROCRYPT.

[127]  L. Harn,et al.  Comment on "Multistage secret sharing based on one-way function" , 1995 .

[128]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[129]  Josef Pieprzyk,et al.  Threshold MACs , 2002, ICISC.

[130]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[131]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.