Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
On ELFs, Deterministic Encryption, and Correlated-Input Security Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Towards Optimal Robust Secret Sharing with Security Against a Rushing Adversary

verfasst von : Serge Fehr, Chen Yuan

Erschienen in: Advances in Cryptology – EUROCRYPT 2019

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Robust secret sharing enables the reconstruction of a secret-shared message in the presence of up to t (out of n) incorrect shares. The most challenging case is when \(n = 2t+1\), which is the largest t for which the task is still possible, up to a small error probability \(2^{-\kappa }\) and with some overhead in the share size.
Recently, Bishop, Pastro, Rajaraman and Wichs [3] proposed a scheme with an (almost) optimal overhead of \(\widetilde{O}(\kappa )\). This seems to answer the open question posed by Cevallos et al. [6] who proposed a scheme with overhead of \(\widetilde{O}(n+\kappa )\) and asked whether the linear dependency on n was necessary or not. However, a subtle issue with Bishop et al.’s solution is that it (implicitly) assumes a non-rushing adversary, and thus it satisfies a weaker notion of security compared to the scheme by Cevallos et al. [6], or to the classical scheme by Rabin and BenOr [13].
In this work, we almost close this gap. We propose a new robust secret sharing scheme that offers full security against a rushing adversary, and that has an overhead of \(O(\kappa n^\varepsilon )\), where \(\varepsilon > 0\) is arbitrary but fixed. This \(n^\varepsilon \)-factor is obviously worse than the \(\mathrm {polylog}(n)\)-factor hidden in the \(\widetilde{O}\) notation of the scheme of Bishop et al. [3], but it greatly improves on the linear dependency on n of the best known scheme that features security against a rushing adversary (when \(\kappa \) is substantially smaller than n).
A small variation of our scheme has the same \(\widetilde{O}(\kappa )\) overhead as the scheme of Bishop et al. and achieves security against a rushing adversary, but suffers from a (slightly) superpolynomial reconstruction complexity.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Secret-Sharing Schemes for General and Uniform Access Structures
Nächstes Kapitel Simple Schemes in the Bounded Storage Model
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
In particular, [3, 7, 9, 11] use partly similar tools than we do but achieve weaker or incomparable results.
 
2
One might feel uncomfortable about that there seems to be some circularity there; but it turns out that this is no issue.
 
3
The actual scheme is significantly more involved than the simplifies exposition given here, e.g., the identities of the parties that \(P_j\) can verify are authenticated as well, and the authentication tags are not stored “locally” but in a “robust and distributed” manner, but the issue pointed out here remains.
 
4
This may look artificial at first glance, but one motivation comes from the fact that in some applications one might want to do the reconstruction among the parties, where then each party individually plays the role of R (and performs the local computation that the reconstruction protocol prescribes). In this case, every party sends his share to every other party, and thus the corrupt parties unavoidably get to see the shares of the honest parties and can decide on the incorrect shares depending on those.
 
5
On the other hand, this is why the additional privacy property of the MAC is necessary, since the robust distributed storage does not offer privacy, and thus the tags are (potentially) known.
 
6
This is for the privacy purpose.
 
7
The crucial point here is that \(H_i\) is determined by the \(E_j\)’s with \(j \in H_{i-1}\) only.
 
8
The size of \(H_{i-1}\) is negligible compared to \(H_i\); indeed, \(|H_i| = \varOmega (d|H_{i-1}|)\) and thus \(|H_i \setminus H_{i-1}| = (1-o(1))|H_i|\). So, we may ignore the difference between \(H_i\) and \(H'_i\).
 
9
Here, we hide the poly(\(\log \log n\)) in \(\widetilde{O}(\cdot )\).
 
Literatur
1.
Auger, A., Doerr, B.: Theory of Randomized Search Heuristics. World Scientific, Singapore (2011)CrossRef
2.
3.
4.
Blakley, G.R.: Safeguarding cryptographic keys. In: International Workshop on Managing Requirements Knowledge, AFIPS, pp. 313–317, November 1979
5.
6.
7.
Cheraghchi, M.: Nearly optimal robust secret sharing. In: 2016 IEEE International Symposium on Information Theory, ISIT, pp. 2509–2513, July 2016
8.
9.
10.
Guruswami, V., Rudra, A.: Explicit codes achieving list decoding capacity: error-correction with optimal redundancy. IEEE Trans. Inf. Theory 54(1), 135–150 (2008)MathSciNetCrossRef
11.
Hemenway, B., Ostrovsky, R.: Efficient robust secret sharing from expander graphs. Cryptogr. Commun. 10(1), 79–99 (2018)MathSciNetCrossRef
12.
Kopparty, S., Ron-Zewi, N., Saraf, S., Wootters, M.: Improved decoding of folded Reed-Solomon and multiplicity codes. Electron. Colloq. Comput. Complex. (ECCC) 25, 91 (2018)
13.
Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washington, USA, 14–17 May 1989, pp. 73–85 (1989)
14.
Metadaten
Titel
Towards Optimal Robust Secret Sharing with Security Against a Rushing Adversary
verfasst von
Serge Fehr
Chen Yuan
Copyright-Jahr
2019
Buch
Advances in Cryptology – EUROCRYPT 2019

Print ISBN: 978-3-030-17658-7

Electronic ISBN: 978-3-030-17659-4

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-17659-4_16

Premium Partner

    Bildnachweise