Unconditionally-Secure Robust Secret Sharing with Compact Shares

We consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3≤t<n/2, where reconstruction of a shared secret in the presence of faulty shares is possible, but only with an increase in the share size, and only if one admits a small failure probability. The goal of this work is to minimize this overhead in the share size. Known schemes either have a Ω(κn)-overhead in share size, where κ is the security parameter, or they have a close-to-optimal overhead of order O(κ+n) but have an exponential running time (in n). In this paper, we propose a new scheme that has a close-to-optimal overhead in the share size of order O(κ + n), and a polynomial running time. Interestingly, the shares in our new scheme are prepared in the very same way as in the well-known scheme by Rabin and Ben-Or, which relies on message authentication, but we use a message authentication code with short tags and keys and with correspondingly weak security. The short tags and keys give us the required saving in the share size. Surprisingly, we can compensate for the weakened security of the authentication and achieve an exponentially small (in κ) failure probability by means of a more sophisticated reconstruction procedure.

[1]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[2]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[3]  Rafail Ostrovsky,et al.  Secure Message Transmission with Small Public Discussion , 2010, EUROCRYPT.

[4]  Tor Helleseth Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[5]  Henri Gilbert Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[6]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[7]  Madhu Sudan,et al.  Highly Resilient Correctors for Polynomials , 1992, Inf. Process. Lett..

[8]  Bert den Boer A Simple and Key-Economical Unconditional Authentication Scheme , 1993, J. Comput. Secur..

[9]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[10]  Douglas R. Stinson Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[11]  Rafail Ostrovsky,et al.  Secure Message Transmission by Public Discussion: A Brief Survey , 2011, IWCC.

[12]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[13]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[14]  Andrew Odlyzko Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[15]  Martin Tompa,et al.  How to share a secret with cheaters , 2005, Journal of Cryptology.

[16]  Robin Milner An Action Structure for Synchronous pi-Calculus , 1993, FCT.

[17]  Larry Carter,et al.  New classes and applications of hash functions , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Kaoru Kurosawa,et al.  Almost Secure (1-Round, n-Channel) Message Transmission Scheme , 2007, ICITS.

[20]  Nigel P. Smart Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[21]  Richard Taylor An Integrity Check Value Algorithm for Stream Ciphers , 1993, CRYPTO.

[22]  Joan Feigenbaum Advances in Cryptology-Crypto 91 , 1992 .

[23]  Thomas Johansson,et al.  On the Relation between A-Codes and Codes Correcting Independent Errors , 1993, EUROCRYPT.

[24]  Rafail Ostrovsky,et al.  Identifying Cheaters without an Honest Majority , 2012, TCC.

[25]  Yeow Meng Chee,et al.  Coding and Cryptology, Second International Workshop, IWCC 2009, Zhangjiajie, China, June 1-5, 2009. Proceedings , 2009, IWCC.

[26]  Bengt Jonsson,et al.  CONCUR ’94: Concurrency Theory , 1994, Lecture Notes in Computer Science.

[27]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[28]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[29]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[30]  C. Padró,et al.  Secret Sharing Schemes with Detection of Cheaters for a General Access Structure , 2002 .

[31]  Kaoru Kurosawa,et al.  Optimum Secret Sharing Scheme Secure against Cheating , 1996, EUROCRYPT.