Non-malleable secret sharing

A number of works have focused on the setting where an adversary tampers with the shares of a secret sharing scheme. This includes literature on verifiable secret sharing, algebraic manipulation detection(AMD) codes, and, error correcting or detecting codes in general. In this work, we initiate a systematic study of what we call non-malleable secret sharing. Very roughly, the guarantee we seek is the following: the adversary may potentially tamper with all of the shares, and still, either the reconstruction procedure outputs the original secret, or, the original secret is “destroyed” and the reconstruction outputs a string which is completely “unrelated” to the original secret. Recent exciting work on non-malleable codes in the split-state model led to constructions which can be seen as 2-out-of-2 non-malleable secret sharing schemes. These constructions have already found a number of applications in cryptography. We investigate the natural question of constructing t-out-of-n non-malleable secret sharing schemes. Such a secret sharing scheme ensures that only a set consisting of t or more shares can reconstruct the secret, and, additionally guarantees non-malleability under an attack where potentially every share maybe tampered with. Techniques used for obtaining split-state non-malleable codes (or 2-out-of-2 non-malleable secret sharing) are (in some form) based on two-source extractors and seem not to generalize to our setting. Our first result is the construction of a t-out-of-n non-malleable secret sharing scheme against an adversary who arbitrarily tampers each of the shares independently. Our construction is unconditional and features statistical non-malleability. As our main technical result, we present t-out-of-n non-malleable secret sharing scheme in a stronger adversarial model where an adversary may jointly tamper multiple shares. Our construction is unconditional and the adversary is allowed to jointly-tamper subsets of up to (t−1) shares. We believe that the techniques introduced in our construction may be of independent interest. Inspired by the well studied problem of perfectly secure message transmission introduced in the seminal work of Dolev et. al (J. of ACM’93), we also initiate the study of non-malleable message transmission. Non-malleable message transmission can be seen as a natural generalization in which the goal is to ensure that the receiver either receives the original message, or, the original message is essentially destroyed and the receiver receives an “unrelated” message, when the network is under the influence of an adversary who can byzantinely corrupt all the nodes in the network. As natural applications of our non-malleable secret sharing schemes, we propose constructions for non-malleable message transmission.

[1]  Silas Richelson,et al.  Textbook non-malleable commitments , 2016, STOC.

[2]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Vipul Goyal,et al.  Non-malleable extractors and codes, with their many tampered extensions , 2015, IACR Cryptol. ePrint Arch..

[5]  Stefan Dziembowski,et al.  Intrusion-Resilient Secret Sharing , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[6]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[7]  Yongge Wang,et al.  Perfectly Secure Message Transmission Revisited , 2002, IEEE Transactions on Information Theory.

[8]  Kaoru Kurosawa,et al.  Truly Efficient $2$-Round Perfectly Secure Message Transmission Scheme , 2009, IEEE Transactions on Information Theory.

[9]  K. Srinathan,et al.  Optimal Perfectly Secure Message Transmission , 2004, CRYPTO.

[10]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[11]  Wen-Guey Tzeng,et al.  Extracting randomness from multiple independent sources , 2005, IEEE Transactions on Information Theory.

[12]  Yevgeniy Dodis,et al.  Non-malleable Encryption: Simpler, Shorter, Stronger , 2016, Journal of Cryptology.

[13]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[14]  Xin Li,et al.  Improved non-malleable extractors, non-malleable codes and independent source extractors , 2016, Electron. Colloquium Comput. Complex..

[15]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[16]  Stefan Dziembowski,et al.  Non-Malleable Codes from Two-Source Extractors , 2013, IACR Cryptol. ePrint Arch..

[17]  Vipul Goyal,et al.  Witness Signatures and Non-Malleable Multi-Prover Zero-Knowledge Proofs , 2015, IACR Cryptol. ePrint Arch..

[18]  Moti Yung,et al.  Perfectly secure message transmission , 1993, JACM.

[19]  Kaoru Kurosawa,et al.  Truly efficient 2-round perfectly secure message transmission scheme , 2009, IEEE Trans. Inf. Theory.

[20]  Gil Cohen,et al.  Non-Malleable Extractors - New Tools and Improved Constructions , 2016, Electron. Colloquium Comput. Complex..

[21]  Stefan Dziembowski,et al.  Leakage-Resilient Non-malleable Codes , 2015, TCC.

[22]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[23]  Shachar Lovett,et al.  Non-malleable codes from additive combinatorics , 2014, STOC.

[24]  Allison Bishop,et al.  Storing Secrets on Continually Leaky Devices , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[25]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[26]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[27]  Stefan Dziembowski,et al.  Non-Malleable Codes , 2018, ICS.

[28]  Venkatesan Guruswami,et al.  Non-malleable Coding Against Bit-Wise and Split-State Tampering , 2013, Journal of Cryptology.

[29]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[30]  Kannan Srinathan,et al.  On the Price of Proactivizing Round-Optimal Perfectly Secret Message Transmission , 2018, IEEE Transactions on Information Theory.

[31]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[32]  Ran Raz,et al.  Extractors with weak random seeds , 2005, STOC '05.

[33]  Vipul Goyal,et al.  Non-Malleable Multi-Prover Interactive Proofs and Witness Signatures , 2016 .

[34]  Feng-Hao Liu,et al.  Tamper and Leakage Resilience in the Split-State Model , 2012, IACR Cryptol. ePrint Arch..

[35]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[36]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[37]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[38]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.