Some Secret Sharing Schemes and Further Studies Some Secret Shari… · Visual Cryptography...

Some Secret Sharing Schemes and Further Studies

Avishek Adhikariwebsite: www.imbic.org/avishek.html

Research Team MembersPartha Sarathi Roy, Angsuman Das,Ushnish Sarkar, Sabyasachi Dutta

Department of Pure MathematicsUniversity of Calcutta, Kolkata.

TWC 2011Avishek Adhikari (University of Calcutta) Secret Sharing Schemes 16.07.11 1 / 39

Introduction to Secret Sharing What is secret sharing?

What is secret sharing?

Avishek Adhikari (University of Calcutta) Secret Sharing Schemes 16.07.11 2 / 39


(t ,w) threshold scheme

Let t and w be two positive integers, such that t ≤ w .A (t ,w) threshold scheme is a method of sharing ascheme key k among a set of w participants in such away that any t participants can compute the value ofk , but no group of (t − 1) participants can do so.



Simple Way!



Perfectly Secure (2,2)-SSS


Introduction to Secret Sharing Shamir’s (t, n) threshold scheme

Shamir’s (k ,n)-Secret Sharing Scheme

It takes two points to define a straight line,three points to fully define a quadratic, fourpoints to define a cubic, and so on.One can fit a unique polynomial of degree(k − 1) to any set of k points that lie on thepolynomial.



Shamir’s (3, 4) threshold scheme

Let P={P1,P2,P3,P4} be a set of 4participants.The key set, K=Zp, where p = 5 is a prime &p > n Ket the secret be 1.The set of all possible shares, S=Z5.The dealer constructs a random polynomialf (x) ∈ Z5[x ] of degree t − 1 = 3− 1 = 2, inwhich the constant term is the secret K = 1.

f (x) = 1 + 2x + 3x2



Shamir’s (3, 4) threshold scheme

Every participant Pi obtains a point (xi , yi) on this polynomial,where yi = f (xi) and distinct xi ∈ Zp.P1 gets (1,a(1)=6=1), (P2) gets (2,2), P3 gets (3,4) and P4 gets(4,2).

Recovery of Secret

Suppose a subset B of t = 3 participants wants to recollect thesecret.Let the participants P1,P2,P3 want to determine K = 1.They know that 1 = f (1), 2 = f (2) and 4 = f (3).They will assume the form of the secret polynomial asy = f (x) = a0 + a1x + a2x2, where a0,a1 and a2 are unknown andbelong to Z.Thus, these participants can obtain 3 linear equations in the 3unknowns a0,a1,a2.



Shamir’s (t, n) threshold scheme

1 1 12

1 2 22

1 3 32

a0a1a2

=

f (1)f (2)f (3)

Now, the coefficient matrix A is the so called Vandermonde’smatrix.

detA =∏

1≤j<k≤t

(xik−xij ) mod p = (1−2)(2−3)(3−1) = 4∗4∗2 = 2 6= 0

Thus multiplying both sides by the inverse of A, we can find the a0 = 1.


Visual Cryptography Shamir’s Scheme

Example of (2,2)-VCS



Visual Cryptography

The Visual cryptographic scheme, introduced byNaor and Shamir in 1994, for a set P of nparticipants is a cryptographic paradigm that enablesa secret image to be split into n shadow images calledshares, where each participant in P receives oneshare. Certain qualified subsets of participants can“visually" recover the secret image with some loss ofcontrast, but other forbidden sets of participants haveno information about the secret image.



(2,2)-VCS

For Black pixel

For White pixel

S1 =

[0 11 0

]and S0 =

[0 10 1

].



Relative contrast

Let us consider a (2,n)-VCS on a set P ={1,2, . . . ,n}of n participants with basis matrices S0 and S1 andhaving pixel expansion m. Then the relative contrastfor the participants corresponding to X , X ⊆ P, isdenoted by αX (m) and is defined as

w(S1X )− w(S0

X )

m.



(2,n)-VCS by Naor and Shamir

S0 =

1 0 0 01 0 0 01 0 0 01 0 0 0

and S1 =

1 0 0 00 1 0 00 0 1 00 0 0 1

.Here the relative contrast for any two participants is 1

4and the pixel expansion is 4.



(2,n)-VCS by Stinson at el

Let v , k and λ be positive integers such thatv > k ≥ 2.a (v , k , λ)-balanced incomplete block design(BIBD) is a pair ( X ,A) such that the followingproperties are satisfied :

1 X is a set of v elements called points,2 A is a collection of subsets of X called block,3 each block contains exactly k points,and4 every pair of distinct points is contained in exactly λ blocks.



(2,n)-VCS by Stinson at el

Example of a (v = 7,b = 7, r = 3, k = 3, λ = 1)-BIBD:X = {1,2,3,4,5,6,7}.A= {{1,2,4}, {2,3,5}, {3,4,6},{4,5,7}, {1,5,6}, {2,6,7}, {1,3,7}}.

the incidence matrix is :

1 0 0 0 1 0 11 1 0 0 0 1 00 1 1 0 0 0 11 0 1 1 0 0 00 1 0 1 1 0 00 0 1 0 1 1 00 0 0 1 0 1 1



Example of a (2,7)-VCS using BIBD

S1 =

1 0 0 0 1 0 11 1 0 0 0 1 00 1 1 0 0 0 11 0 1 1 0 0 00 1 0 1 1 0 00 0 1 0 1 1 00 0 0 1 0 1 1

& S0 =

1 1 1 0 0 0 01 1 1 0 0 0 01 1 1 0 0 0 01 1 1 0 0 0 01 1 1 0 0 0 01 1 1 0 0 0 01 1 1 0 0 0 0

Here the pixel expansion is 7 and the relative contrastis 2/7.


Visual Cryptography Our Proposed Scheme

Example of a (2,6)-VCS

S1 =

1 1 0 01 0 1 01 0 0 10 1 1 00 1 0 10 0 1 1

and S0 =

1 1 0 01 1 0 01 1 0 01 1 0 01 1 0 01 1 0 0

.

Clearly, pixel expansion is 4 (m = 4) and the relativecontrast is either 1

2 or 14.



(2,6)-VCS using PBIBD

Secret image Share 1

Share 2 Share 6

Share 1 + Share 6 Share 1 + Share 2



General Access Structure


DNA Secret Sharing

Introduction

Secret Sharing Schemes,DNA Computing,Mathematics.Statistics.


DNA Secret Sharing

Aim of Our Work

Suppose we want to distribute a secret binary stringto a set {P1,P2, . . . ,Pn} of n participants in such away that certain designated set of participants canreveal the secret by pulling their shares, but noforbidden set of participants has any informationabout the secret binary string.


DNA Secret Sharing

Why DNA?

The very small size,The huge storage capacity,Easy to carry or hide,Made up of A, T, G, C,Huge parallel computing,Stable as a DNA doublestrand,High longevity,Easy to get synthesizedDNA


DNA Secret Sharing

DNA encoding of binary strings

a binary string can be represented as a set ofintegers that corresponds the positions where thebits are 1 from left to right.1011 can be represented as a set {1,3,4},each integer i can be represented in a DNAdouble strand notation as followsdsi =l (GAATT )i .

if α = 1011, the DNA double strand representationof α is the test tube T [α] = {ds1, ds3, ds4}.


DNA Secret Sharing

Mixing operation

Take the content of two testtubes.Mixing can be done bydehydrating the tubecontents (if not already insolution) and thencombining the fluidstogether into a new tube, bypouring and pumping.


DNA Secret Sharing

Bio-mathematical operations

Boolean “or” operation betweentwo binary stringsif α = 1011 and β = 1001,the binary “or” of two strings willbe 1011.T [α] (T [β]) the test tubecorresponding to the binary stringα (β).pore the contents of the two testtubes to get binary “or ′′.


DNA Secret Sharing

Automated DNA Sequencing

To read the DNA double strands in the test tubewe need the process called DNA sequencing.


DNA Secret Sharing Proposed DNA Secret Sharing Scheme

Outlay of our scheme

Consider the secret sharing scheme onP = {1,2,3,4} of 4 participants, whereΓ0 = {{1,2}, {2,3}, {2,4}, {1,4}}.ΓQual = {Y ⊆ P : X ⊆ Y for some X ∈ Γ0} andΓForb = 2P \ ΓQual .let the secret binary string be x = x1x2x3 = 011.Assume that the DNA encoding, the mixingprocess are public.



Share Distribution

The dealer chooses two Boolean matrices

G0 =

0 1 0 10 1 0 10 1 0 00 0 0 1

and G1 =

1 0 1 00 1 1 01 0 0 00 0 0 1

.

Since x1 = 0, the dealer considers the matrix G0

and apply a random permutation to the columns ofG0 and produces a matrix M1.Similarly, for x2 and x3 on G1 to produce matricesM2 and M3.Assume that the DNA encoding, the mixingprocess are public.



Share Distribution

Let M = M1||M2||M3.first row of M is α1 = 010110101010. Similarlyα2 = 010101100110, α3 = 010010001000 andα4 = 000100010001.dealer converts the binary strings to DNArepresentations to get the test tubesT [α1] = {ds2,ds4,ds5,ds7,ds9,ds11},T [α2] = {ds2,ds4,ds6,ds7,ds10,ds11},T [α3] = {ds2,ds4,ds5,ds9},T [α4] = {ds4,ds8,ds12},



Share Distribution

T [αi ] is given to the participants Pi , i = 1,2, . . . ,nthrough a secret channel.Also the values m = 4 and k = 3 are given to theparticipants even through an insecure channel.



Decryption by the Qualified participants

Let P1,P2 come together.They use mixing procedure with test tubes T [α1]and T [α2] to get T [α1] ∪ T [α2] ={ds2,ds4,ds5,ds6,ds7,ds9,ds10,ds11}.Execute automated DNA sequencing method toread the DNA double strands.With the knowledge of decoding the DNArepresentation to the binary string, the values ofk = 3 and m = 4, the participants P1 and P2 canconvert the DNA representation to the binarystring y = 010111101110.



Decryption by the Qualified participants

Since, the value of m is known to the participants,P1 and P2 can break y asy = (0101)(1110)(1110).Next they will find the value of w as 3 and thenthey will compute z = 011, as BW (0101) < 3,BW (1110) = 3. Thus P1 and P2 can recover thesecret 011.



Forbidden set of participants

Let Y = {P3,P4} come together.They use mixing procedure with test tubes T [α3]and T [α4] to getT [α1] ∪ T [α2] = {ds2,ds4,ds5,ds8,ds9,ds12}.they will convert the DNA representation to thebinary string y = (0101)(1001)(1001).Thus looking at those it is not possible to predictwhether they correspond to 0 or 1.


Further Studies Secure Multiparty Computation

Secure Multiparty Computation: An Example

Yao’s Two Millionaires Problem


Further Studies Verifiable Secret Sharing

Verifiable Secret Sharing

The dealer distributes a secret value “s”among the players, where the dealer and/orsome of the players may be cheating.It is guaranteed that if the dealer is honest,then the cheaters obtain no informationabout s, and all honest players are later ableto reconstruct s, even against the actions ofcheating players.Even if the dealer cheats, a unique suchvalue s will be determined already atdistribution time, and again this value isreconstructable even against the actions ofthe cheaters.



Questions

Questions???


Some Secret Sharing Schemes and Further Studies Some Secret Shari… · Visual Cryptography...

Documents

Transcript of Some Secret Sharing Schemes and Further Studies Some Secret Shari… · Visual Cryptography...