non malleable secret sharing against bounded joint
play

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks - PowerPoint PPT Presentation

Jul 20, 2023 •273 likes •1.02k views

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio Faonio Gianluca Brian Maciej Obremski IMDEA Software Institute Sapienza University of Rome National University of Singapore Madrid, Spain Rome,

  1. Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio Faonio Gianluca Brian Maciej Obremski IMDEA Software Institute Sapienza University of Rome National University of Singapore Madrid, Spain Rome, Italy Singapore, Singapore (Now at EUROCOM) Mark Simkin Daniele Venturi Aarhus University Sapienza University of Rome Aarhus, Denmark Rome, Italy CRYPTO 2020 Online version 1 / 11

  2. Secret Sharing Dealer Parties s 1 s 2 s 3 m Share s 4 · · · s n 2 / 11

  3. Secret Sharing Dealer Parties s 1 Unauthorized s 2 s 3 m Share s 4 · · · Authorized s n Access structure: t -out-of- n 2 / 11

  4. Secret Sharing Dealer Parties s 1 Unauthorized s 2 s 3 m Share s 4 · · · m Authorized s n Access structure: t -out-of- n Correctness: at least t parties are able to reconstruct the secret. s i 1 s i 2 s i 3 Rec m s i 4 s i j ∈ A 2 / 11

  5. Secret Sharing Dealer Parties s 1 ??? Unauthorized s 2 s 3 m Share s 4 · · · m Authorized s n Access structure: t -out-of- n Correctness: at least t parties are able to reconstruct the secret. Privacy: less than t parties should not be able to learn any information about the secret. s i 1 s i 1 s i 2 s i 2 s i 3 s i 3 Rec m ??? s i 4 s i 4 s i j s i j ∈ A ∈ A / 2 / 11

  6. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s 1 s 2 s 3 m Share s 4 · · · s n 3 / 11

  7. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s 1 s 2 s 3 m Share s 4 · · · g ∈ G s n Λ = g ( s 1 , ..., sn ) Side channel attacks: partial information from all the shares may reveal some information about the message! SECURITY BREACH! 3 / 11

  8. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s ′ s 1 1 s ′ s 2 2 s ′ s 3 3 m m ′ Share Rec s ′ s 4 4 · · · · · · f ∈ F g ∈ G s ′ s n T n Λ = g ( s 1 , ..., sn ) Side channel attacks: partial information from all the shares may reveal some information about the message! Tampering attacks: m ′ may be related to m ! SECURITY BREACH!!! 3 / 11

  9. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s ′ s 1 1 s ′ s 2 2 s ′ s 3 3 m m ′ Share Rec s ′ s 4 4 · · · · · · f ∈ F g ∈ G s ′ s n T n Λ = g ( s 1 , ..., sn ) Side channel attacks: partial information from all the shares may reveal some information about the message! Tampering attacks: m ′ may be related to m ! SECURITY BREACH!!! Leakage Resilient Secret Sharing [KMS18] : Λ reveals nothing about m for a restricted family G . 3 / 11

  10. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s ′ s 1 1 s ′ s 2 2 s ′ s 3 3 m m ′ Share Rec s ′ s 4 4 · · · · · · f ∈ F g ∈ G s ′ s n T n Λ = g ( s 1 , ..., sn ) Side channel attacks: partial information from all the shares may reveal some information about the message! Tampering attacks: m ′ may be related to m ! SECURITY BREACH!!! Leakage Resilient Secret Sharing [KMS18] : Λ reveals nothing about m for a restricted family G . Non-Malleable Secret Sharing [GK18] : m ′ is unrelated to m for a restricted family F . 3 / 11

  11. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s ′ s 1 1 s ′ s 2 2 s ′ s 3 3 m m ′ Share Rec s ′ s 4 4 · · · · · · f ∈ F g ∈ G s ′ s n T n Λ = g ( s 1 , ..., sn ) Side channel attacks: partial information from all the shares may reveal some information about the message! Tampering attacks: m ′ may be related to m ! SECURITY BREACH!!! Leakage Resilient Secret Sharing [KMS18] : Λ reveals nothing about m for a restricted family G . Non-Malleable Secret Sharing [GK18] : m ′ is unrelated to m for a restricted family F . Leakage-resilient non-malleability: the best of both worlds. 3 / 11

  12. Leakage Resilient and Non-malleable Secret Sharing Dealer Parties s ′ s 1 1 s ′ s 2 2 s ′ s 3 3 m m ′ Share Rec s ′ s 4 4 · · · · · · f ∈ F g ∈ G s ′ s n T n Λ = g ( s 1 , ..., sn ) Side channel attacks: partial information from all the shares may reveal some information about the message! Tampering attacks: m ′ may be related to m ! SECURITY BREACH!!! Leakage Resilient Secret Sharing [KMS18] : Λ reveals nothing about m for a restricted family G . Non-Malleable Secret Sharing [GK18] : m ′ is unrelated to m for a restricted family F . Leakage-resilient non-malleability: the best of both worlds. Limitations: Impossible for arbitrary families G and F . 3 / 11

  13. Our contributions Our model Joint leakage and tampering (selective partitioning, semi-adaptive partitioning). 4 / 11

  14. Our contributions Our model Joint leakage and tampering (selective partitioning, semi-adaptive partitioning). Bounded leakage: the total leakage amounts to at most ℓ bits. 4 / 11

  15. Our contributions Our model Joint leakage and tampering (selective partitioning, semi-adaptive partitioning). Bounded leakage: the total leakage amounts to at most ℓ bits. Selective partitioning Any one-time statistically non-malleable secret sharing scheme is also leakage resilient. 4 / 11

  16. Our contributions Our model Joint leakage and tampering (selective partitioning, semi-adaptive partitioning). Bounded leakage: the total leakage amounts to at most ℓ bits. Selective partitioning Any one-time statistically non-malleable secret sharing scheme is also leakage resilient. Corollary: lower bounds for the size of the shares of non-malleable secret sharing schemes using [NS20]. 4 / 11

  17. Our contributions Our model Joint leakage and tampering (selective partitioning, semi-adaptive partitioning). Bounded leakage: the total leakage amounts to at most ℓ bits. Selective partitioning Any one-time statistically non-malleable secret sharing scheme is also leakage resilient. Corollary: lower bounds for the size of the shares of non-malleable secret sharing schemes using [NS20]. Semi-adaptive partitioning We construct a one-time non-malleable secret-sharing scheme against joint leakage and tampering under semi-adaptive partitioning. 4 / 11

  18. Our contributions Our model Joint leakage and tampering (selective partitioning, semi-adaptive partitioning). Bounded leakage: the total leakage amounts to at most ℓ bits. Selective partitioning Any one-time statistically non-malleable secret sharing scheme is also leakage resilient. Corollary: lower bounds for the size of the shares of non-malleable secret sharing schemes using [NS20]. Semi-adaptive partitioning We construct a one-time non-malleable secret-sharing scheme against joint leakage and tampering under semi-adaptive partitioning. Both settings Corollary: construction of a p -time non-malleable secret sharing scheme from known techniques [OPVV18, BFV19]. compiler Computational p -NMSS Statistical 1-NMSS 4 / 11

  19. Security against selective partitioning s 1 s 2 s 3 s 4 s 5 s 6 s 7 s 8 s 9 · · · s n 5 / 11

  20. Security against selective partitioning s 1 s 2 s 3 s 4 s 5 s 6 s 7 s 8 s 9 · · · s n T = { 1 , 4 , 5 , 7 , 8 , 9 , . . . } 5 / 11

  21. Security against selective partitioning s 1 s 2 s 3 s 4 s 5 s 6 s 7 s 8 s 9 · · · s n s 1 s 5 s 4 s 7 s 8 s 9 · · · s n 5 / 11

  22. Security against selective partitioning s 1 s 2 s 3 s 4 s 5 s 6 s 7 s 8 s 9 · · · s n s 1 s 5 s 4 s 7 s 8 s 9 · · · s n . . . g 1 g 2 . . . Λ 1 Λ 2 5 / 11

  23. Security against selective partitioning s 1 s 2 s 3 s 4 s 5 s 6 s 7 s 8 s 9 · · · s n s 1 s 5 s 4 s 7 s 8 s 9 · · · s n . . . g 1 g 2 . . . Λ 1 Λ 2 . . . f 1 f 2 ˜ ˜ ˜ ˜ ˜ ˜ · · · ˜ s 1 s 5 s 4 s 7 s 8 s 9 s n ˜ m Rec 5 / 11

  24. A non-malleable secret sharing is also leakage resilient Any one-time ǫ/ 2 ℓ -non-malleable secret sharing scheme is also a ℓ -bounded leakage resilient one-time ǫ -non-malleable secret sharing scheme. m 0 or m 1 ? 6 / 11

  25. A non-malleable secret sharing is also leakage resilient Any one-time ǫ/ 2 ℓ -non-malleable secret sharing scheme is also a ℓ -bounded leakage resilient one-time ǫ -non-malleable secret sharing scheme. Proof strategy: complexity leveraging. m 0 or m 1 ? 6 / 11

  26. A non-malleable secret sharing is also leakage resilient Any one-time ǫ/ 2 ℓ -non-malleable secret sharing scheme is also a ℓ -bounded leakage resilient one-time ǫ -non-malleable secret sharing scheme. Proof strategy: complexity leveraging. m 0 or m 1 ? T , B = ( B 1 , . . . , B t ) T , B = ( B 1 , . . . , B t ) 6 / 11

  27. A non-malleable secret sharing is also leakage resilient Any one-time ǫ/ 2 ℓ -non-malleable secret sharing scheme is also a ℓ -bounded leakage resilient one-time ǫ -non-malleable secret sharing scheme. Proof strategy: complexity leveraging. m 0 or m 1 ? T , B = ( B 1 , . . . , B t ) T , B = ( B 1 , . . . , B t ) Leak , ( g 1 , . . . , g t ) Randomly sample Λ 1 , . . . , Λ t (Λ 1 , . . . , Λ t ) 6 / 11

  28. A non-malleable secret sharing is also leakage resilient Any one-time ǫ/ 2 ℓ -non-malleable secret sharing scheme is also a ℓ -bounded leakage resilient one-time ǫ -non-malleable secret sharing scheme. Proof strategy: complexity leveraging. m 0 or m 1 ? T , B = ( B 1 , . . . , B t ) T , B = ( B 1 , . . . , B t ) Leak , ( g 1 , . . . , g t ) Randomly sample Λ 1 , . . . , Λ t (Λ 1 , . . . , Λ t ) Tamper , ( f 1 , . . . , f t ) � ⊥ if leakage is wrong , ˆ f i = f i ( s B i ) otherwise . ˜ ˜ m or ⊥ m or ⊥ 6 / 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with Vipul Goyal, Raghu Meka, and Amit Sahai Secret Sharing secret s n s 1 s i Correctness: Any out of parties can

1.72k views • 144 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion & UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

790 views • 75 slides
Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013 Outline 1. Introduction 2. Shamir Secret Sharing and Habeeb-Kahrobaei-Shpilrain secret sharing 3. Adjustments to HKS secret sharing and analysis

444 views • 27 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and Dominique Schrder Friedrich-Alexander University Erlangen-Nrnberg Homomorphic Secret Sharing A secret-sharing scheme allows a client to share his

247 views • 14 slides
Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod Vaikuntanathan Hoeteck Wee MIT MIT CNRS and ENS May 6, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret s { 0 , 1 }

1.02k views • 85 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su, Xiaoguang Liu, Gang Wang, (Nankai University) and Sheng Lin (Tianjin University of Technology). September 12, 2014 Secret sharing schemes Secret

1.43k views • 86 slides
Berkeley CS276 & MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 & MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 & MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa Starting to record Nuclear launch codes A judge, president and general receive shares ! , " , # of a secret from a

473 views • 35 slides
Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 + a 0 . is specified by coefficients a d ,... a 0 . Share secret among n people. Polynomials. P ( x ) contains point ( a , b ) if b = P ( a ) .

221 views • 8 slides
Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini Vasudevan UC Berkeley Secret Sharing [Shamir 79, Blakley 79] Share 1 , , Reconstruction: Given at least

1.45k views • 20 slides
OEM brands available Product range includes two basic models of crushing buckets and

OEM brands available Product range includes two basic models of crushing buckets and

VIPER CRUSHING BUCKETS Made in Finland by Ajutech Oy OEM brands available Product range includes two basic models of crushing buckets and multiple variations VPCH-21 and VPCV-22 VP = Viper C = Crusher H =

334 views • 8 slides
Economics 2 Professor Christina Romer Spring 2020 Professor David Romer LECTURE 14 SUPPLY AND

Economics 2 Professor Christina Romer Spring 2020 Professor David Romer LECTURE 14 SUPPLY AND

Economics 2 Professor Christina Romer Spring 2020 Professor David Romer LECTURE 14 SUPPLY AND DEMAND MODEL OF INTERNATIONAL TRADE AND TRADE POLICY March 10, 2020 I. O VERVIEW II. R EVIEW OF THE G AINS FROM S PECIALIZATION A. The case of

540 views • 38 slides
Carbon-Pricing Instruments Carbon-Pricing Instruments EES 3310/5310 EES 3310/5310 Global

Carbon-Pricing Instruments Carbon-Pricing Instruments EES 3310/5310 EES 3310/5310 Global

Carbon-Pricing Instruments Carbon-Pricing Instruments EES 3310/5310 EES 3310/5310 Global Climate Change Global Climate Change Jonathan Gilligan Jonathan Gilligan Class #32: Class #32: Wednesday, April 1 Wednesday, April 1 2020 2020 /

692 views • 14 slides
Putting a Price on Carbon Emissions Putting a Price on Carbon Emissions EES 3310/5310 EES

Putting a Price on Carbon Emissions Putting a Price on Carbon Emissions EES 3310/5310 EES

Putting a Price on Carbon Emissions Putting a Price on Carbon Emissions EES 3310/5310 EES 3310/5310 Global Climate Change Global Climate Change Jonathan Gilligan Jonathan Gilligan Class #31: Class #31: Monday, March 30 Monday, March 30

571 views • 21 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-04-07 1 Outline Chameleon Signatures CH functions are one-time signatures sEUF-CMA from chameleon hashing Digital

585 views • 44 slides
Semantics and Pragmatics of NLP Pronouns Alex Lascarides School of Informatics University of

Semantics and Pragmatics of NLP Pronouns Alex Lascarides School of Informatics University of

Observations About Data Algorithms Semantics and Pragmatics of NLP Pronouns Alex Lascarides School of Informatics University of Edinburgh university-logo Alex Lascarides SPNLP: Pronouns Observations About Data Algorithms Outline

296 views • 26 slides
Asymptotics of arithmetic codices and towers of function fields Ignacio Cascudo CWI Amsterdam

Asymptotics of arithmetic codices and towers of function fields Ignacio Cascudo CWI Amsterdam

Asymptotics of arithmetic codices and towers of function fields Ignacio Cascudo CWI Amsterdam Joint work with Ronald Cramer (CWI/ULeiden) and Chaoping Xing(NTU) Algebraic curves over finite fields Linz, 15 November 2013 Ignacio Cascudo

359 views • 34 slides
Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at

Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at

Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Many Thanks to our Sponsor! About Advisen Advisen

530 views • 39 slides

More recommend