1 / 31

How to Collaborate between Threshold Secret Sharing Schemes

How to Collaborate between Threshold Secret Sharing Schemes. Introduction. Outline. Introduction. Threshold Secret Sharing Scheme. A Simple Case with Two Secrets. (3,5) and (4,6) Scheme Construction. General Scheme Construction. Cases with More Than Two Secrets.

zaide
Download Presentation

How to Collaborate between Threshold Secret Sharing Schemes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Collaborate between Threshold Secret Sharing Schemes

  2. Introduction Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets Demonstration of Security in Different Situation More General Cases Conclusion

  3. Introduction Shamir’s (k, n)-Threshold Secret Sharing Scheme (only one Dealer) S (a0) S (a0) Distribution Reconstruction • S can be reconstructed by k or more than shares • Cannot obtain any information of S for k-1 shares or fewer

  4. Introduction ? Traditional Method Our Approach Each common participant keep only one share. Each common participant must keep two or more shares which can be a burden.

  5. A Simple Case with Two Secrets Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets Demonstration of Security in Different Situation More General Cases Conclusion

  6. An Example of Two Secrets Bank1 Bank2 Collaborate key2 (4, 6) key1 (3, 5)

  7. A Simple Case with Two Secrets Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets Demonstration of Security in Different Situation More General Cases Conclusion

  8. Curve Construction for (3, 5) and (4, 6) Schemes

  9. Curve construction for (3, 5) and (4, 6) Schemes

  10. Curve construction for (3, 5) and (4, 6) Schemes Figure 1 shows the cross points between two curves, f1(x) and f2(x) Figure 1. The red curve shows polynomial f1(x) and the blue curve shows f2(x).

  11. A Simple Case with Two Secrets Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets Demonstration of Security in Different Situation More General Cases Conclusion

  12. General construction

  13. General Scheme Construction

  14. Cases with More Than Two Secrets Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets Demonstration of Security in Different Situation More General Cases Conclusion

  15. Cases with More Than Two Secrets Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets Demonstration Different Situations for common participants More General Cases Conclusion

  16. Demonstration Different Situations for common participants Consider three schemes, a (3, 5) scheme , a (4, 6) scheme and a (5, 7) scheme . The participants of are and . The participants of are and . The participants of are and . Case1: When and are the common participants involved all three schemes, i.e., , . It is secure from the point of view of , since none of the other schemes or dealers can reveal the secret of .

  17. Demonstration Different Situations for common participants Case2:

  18. Demonstration of Security in Different Situation Case3:

  19. (3,5), (4,6) and (5,7) Scheme Construction • Curve Construction • Secret Reconstruction

  20. Curve Construction Collaboration among a (3, 5) scheme, a (4, 6) scheme and a (5, 7) scheme Suppose a1,0 =1, a2,0 =3, a3,0 =5 . • Step 1:Dealer 1 constructs a (3, 5) scheme for Secret a1,0 (integer 1). For p : ,where For p1 : ,where This curve produces next six points, respectively: (0, 1), (1, 6), (2, 4), (3, 6), (4, 1), (5, 0) for p (0, 1),(1, 6),(2, 1),(3, 0),(4, 3),(5, 3) for p1

  21. Curve Construction • Step 2: Dealer 2 constructs a (4, 6) scheme for Secret a2,0(integer 3). has three points:(0, 3), (1, 6), and (2, 4) with the same prime p; ( (0, 3), (1, 6) and (2, 1) for p2 . He needs one more point and chooses (3, y ). y∈Z. i.e., ((3, f2(3)=3) . Using Lagrange interpolation, • When • obtain next points: (0, 3), (1, 6), (2, 4), (3, 3), (4, 9), (5, 6), (6, 0); • When q=p2=7 Dealer 2 uses the four points (0, 3), (1, 6), (2, 1)and (3, 3) to obtain • this curve produces seven points: (0, 3), (1, 6), (2, 1), (3, 3), (4, 6), (5, 4), (6, 5).

  22. Curve Construction • Step 3:Dealer 3 constructs a (5, 7) scheme for Secret a3,0 (integer 5). Witha3,0=5, has four points: (0, 5), (1, 6), (2, 4)and (3, 6)with the same prime p (0, 5), (1, 6), (2, 1) and (3, 0) for p3. He needs one more pointand chooses another point, i.e. . we can obtain using Lagrange interpolation : • When then obtain (0, 5), (1, 6), (2, 4), (3, 6), (4, 3), (5, 3), (6, 9), (7, 8),. • When Dealer 3 gets And has (0, 5), (1, 6), (2, 1), (3, 0), (4, 3), (5, 0), (6, 4), (7, 7).

  23. Curve Construction Figure 2. the same p Figure 3. differentp Figure 2 shows the cross points among three curves with the same p. Figure 3 shows the cross points among three curves with the different p. f1(x) (red curve), f2(x) (blue curve) and f3(x) (green curve)

  24. (3,5), (4,6) and (5,7) Scheme Construction • Curve Construction • Secret Reconstruction

  25. Secret Reconstruction

  26. Cases with More Than Two Secrets Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets DemonstrationDifferent Situations for common participants More General Cases Conclusion

  27. More General Cases • Suggestion: • The dealer of a scheme should always try to allow a minimumnumber of shares to be known toother dealers, in order to minimize the exposure to the outside. • When a dealer receives one or more shares from a collaborating scheme to distribute to his participants, he may want to use these very shares as his first choice to give out to other dealers, instead of giving out his own more “private” shares that no other dealers know already.

  28. More General Cases When there are s (s≥2)secrets to be protected, multiple threshold schemes{(t1,n1), (t2,n2),…, (ts, ns)} can be used. If there are u common participants, we can construct s polynomials f1(x), f2(x), …, fs(x) with u common crossover points, where u≤min (t1, t2, …, ts)-1 . Here, the polynomials are The value of p in these s polynomials f1(x), f2(x), …, fs(x) may not be the same, ,it is possible that when

  29. Conclusion Outline Introduction Threshold Secret Sharing Scheme A Simple Case with Two Secrets (3,5) and (4,6) Scheme Construction General Scheme Construction Cases with More Than Two Secrets (3,5), (4,6) and (5,7) Scheme Construction Demonstration of Security in Different Situation Conclusion

  30. Conclusion • This paper proposes a basic collaboration mechanism for two or more threshold schemes to insure that each common participant keeps only one share. • The scheme collaboration raises a number of other issues. • the security concerns involving dishonest common participants and dealers of different schemes and the situation where other dealers becoming participants of a scheme • various combinations and risks exist in this more “open” environment • tracing traders could become more difficult than in the traditional single scheme situation

  31. Thank you for your attention !

More Related