Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation

We present a method for converting shares of a secret into shares of the same secret in a different secret-sharing scheme using only local computation and no communication between players. In particular, shares in a replicated scheme based on a CNF representation of the access structure can be converted into shares from any linear scheme for the same structure. We show how this can be combined with any pseudorandom function to create, from initially distributed randomness, any number of Shamir secret-sharings of (pseudo)random values without communication. We apply this technique to obtain efficient non-interactiveprotocols for secure computation of low-degree polynomials, which in turn give rise to other applications in secure computation and threshold cryptography. For instance, we can make the Cramer-Shoup threshold cryptosystem by Canetti and Goldwasser fully non-interactive, or construct non-interactive threshold signature schemes secure without random oracles. The latter solutions are practical only for a relatively small number of players. However, in our main applications the number of players is typically small, and furthermore it can be argued that no solution that makes a black-box use of a pseudorandom function can be more efficient.

[1]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[2]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[3]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[4]  Yuval Ishai,et al.  Breaking the O(n/sup 1/(2k-1)/) barrier for information-theoretic Private Information Retrieval , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[5]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[6]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[8]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[9]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[10]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[11]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[12]  Donald Beaver,et al.  Quorum-Based Secure Multi-party Computation , 1998, EUROCRYPT.

[13]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[14]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[15]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[16]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[17]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[18]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[19]  Ueli Maurer Secure multi-party computation made simple , 2006, Discret. Appl. Math..

[20]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[21]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[22]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[23]  Yuval Ishai,et al.  Adaptive versus Non-Adaptive Security of Multi-Party Protocols , 2004, Journal of Cryptology.

[24]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[25]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[26]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[27]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[28]  Yuval Ishai,et al.  On Adaptive vs. Non-adaptive Security of Multiparty Protocols , 2001, EUROCRYPT.

[29]  Matthias Fitzi,et al.  Pseudo-signatures, Broadcast, and Multi-party Computation from Correlated Randomness , 2004, CRYPTO.

[30]  Yuval Ishai,et al.  Compressing Cryptographic Resources , 1999, CRYPTO.

[31]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[32]  Silvio Micali,et al.  A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Escrow Systems , 1995, CRYPTO.

[33]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[34]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[35]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[36]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[37]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 1999, CCS '99.

[38]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[39]  Ivan Damgård,et al.  Secret-Key Zero-Knowlegde and Non-interactive Verifiable Exponentiation , 2004, TCC.

[40]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[41]  Yuval Ishai,et al.  On 2-Round Secure Multiparty Computation , 2002, CRYPTO.