robust password protected secret sharing
play

Robust Password- Protected Secret Sharing Michel Abdalla, Mario - PowerPoint PPT Presentation

Sep 16, 2022 •161 likes •919 views

Robust Password- Protected Secret Sharing Michel Abdalla, Mario Cornejo, Anca Ni ulescu, David Pointcheval cole Normale Suprieure, CNRS and INRIA, Paris, France R E S E A R C H U N I V E R S I T Y PPSS: Motivation Cloud provider

  1. Robust Password- Protected Secret Sharing Michel Abdalla, Mario Cornejo, Anca Ni ţ ulescu, David Pointcheval École Normale Supérieure, CNRS and INRIA, Paris, France R E S E A R C H U N I V E R S I T Y

  2. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  3. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  4. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents Everyone might have access to the data

  5. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  6. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents Provider still has access to the data

  7. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  8. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  9. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents • We can remember just low-entropy passwords (and not too many). • Humans cannot remember large secret keys. • Provider/authorities might perform an offline dictionary attack.

  10. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents • USB Tokens might not be always available. • Tokens might fall into the wrong hands. • Large keys give better security.

  11. PPSS: Password-Protected Secret Sharing Cloud provider taxes

  12. PPSS: Password-Protected Secret Sharing Cloud provider • User creates a cryptographic key. taxes

  13. PPSS: Password-Protected Secret Sharing Cloud provider • User creates a cryptographic key. • Encrypts her data using this key. taxes

  14. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … • User creates a cryptographic key. • Encrypts her data using this key. • Stores her secret key into servers n by using her password and some public information. taxes

  15. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … taxes • User creates a cryptographic key. • Encrypts her data using this key. • Stores her secret key into servers n by using her password and some public information. • Stores the data into the provider.

  16. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … • After interactions using her t + 1 password, the user can recover her secret key taxes

  17. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … • After interactions using her t + 1 password, the user can recover her secret key taxes

  18. PPSS: Properties • A PPSS scheme defines two steps: Initialization : Secret & password are processed Reconstruction : The user can recover the secret by interacting with a subset of servers. t + 1 • Additional properties: Soundness : Even if the adversary cannot make the user recover a different secret. Robustness : The recovery is guaranteed if there are s non-corrupt servers. t + 1

  19. PPSS: Instantiations of PPSS Scheme Messages Client inter-server Robust ZKP BJSL11 4 PKI PKI No Costly CLLN14 10 Std PKI No Costly JKK14 2 CRS None Yes Costly JKKX16 2 CRS None No No

  20. PPSS: Instantiations of PPSS Scheme Messages Client inter-server Robust ZKP BJSL11 4 PKI PKI No Costly CLLN14 10 Std PKI No Costly JKK14 2 CRS None Yes Costly JKKX16 2 CRS None No No This work 2 CRS None Yes No

  21. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  22. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  23. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  24. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  25. PPSS: Secret Sharing Scheme s 1 s 2 Secret s 3 … s n

  26. PPSS: Secret Sharing Scheme s 1 s 2 Secret s 3 … s n

  27. PPSS: Robust Gap Secret Sharing Scheme How do we implement robustness?

  28. PPSS: Robust Gap Secret Sharing Scheme Assume a set of valid shares from a Threshold SSS s 1 s 2 s 3 … s n ( s 1 , . . . , s n )

  29. PPSS: Robust Gap Secret Sharing Scheme Fingerprint function: Hash function s 1 σ 1 s 2 σ 2 s 3 σ 3 … s n σ n ( s 1 , . . . , s n ) ( σ 1 , . . . , σ n )

  30. PPSS: Robust Gap Secret Sharing Scheme 2 2 k ( n − t r )+1 < N ≤ 2 2 k ( n − t r )+2 Generate a prime number N s 1 σ 1 s 2 σ 2 × S s 3 σ 3 … s n σ n S = Q n ( s 1 , . . . , s n ) ( σ 1 , . . . , σ n ) i =1 σ i mod N

  31. PPSS: Robust Gap Secret Sharing Scheme 2 2 k ( n − t r )+1 < N ≤ 2 2 k ( n − t r )+2 Generate a prime number N s 1 σ 1 Output: s 2 σ 2 … s 1 s 2 s 3 { s k } n = s n × S s 3 σ 3 SSInfo = ( S , N ) { } S N … , s n σ n S = Q n ( s 1 , . . . , s n ) ( σ 1 , . . . , σ n ) i =1 σ i mod N

  32. PPSS: Robust Gap Secret Sharing Scheme How can we decide which are the valid sets of shares to reconstruct?

  33. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , s 1 s 2 s 3 … s n

  34. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , s 1 τ 1 s 2 τ 2 s 3 τ 3 … s n τ n

  35. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , s 1 τ 1 s 2 τ 2 × T s 3 τ 3 … s n τ n

  36. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T γ = S

  37. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T … τ 2 τ 3 τ n τ 1 γ = = S … σ 2 σ 3 σ n σ 1

  38. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1

  39. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 | gcd( τ 1 , ) | ≈ 1 T 0

  40. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 Correct fingerprint! | gcd( τ 1 , ) | ≈ 1 T 0

  41. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 Correct fingerprint! | gcd( τ 1 , ) | ≈ 1 T 0 | gcd( ) | ≈ Incorrect fingerprint! T 0 k τ 2 ,

  42. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 Correct fingerprint! | gcd( τ 1 , ) | ≈ 1 T 0 | gcd( ) | ≈ Incorrect fingerprint! T 0 k τ 2 , Correct fingerprint! | gcd( ) | ≈ 1 T 0 τ 3 ,

  43. PPSS: Oblivious PRF sk pw F F ( sk , pw ) • The output is indistinguishable from random • The server learns nothing

  44. PPSS: Password-Protected Secret Sharing Initialization phase

  45. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) …

  46. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) pw

  47. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) pw

  48. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) pw

  49. PPSS: Initialization Each share is encrypted using the each PRF evaluation ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) R = K || r pw { π k } n { pk k } n

  50. PPSS: Initialization Each share is encrypted using the each PRF evaluation ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) R = K || r ( s 1 , . . . , s n , SSInfo ) ← ShareGen ( R ) pw { π k } n { pk k } n

  51. PPSS: Initialization Each share is encrypted using the each PRF evaluation ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) R = K || r ( s 1 , . . . , s n , SSInfo ) ← ShareGen ( R ) σ k = π k ⊕ s k pw { π k } n { pk k } n

  52. PPSS: Initialization The user computes a commitment ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … C = Commit ( pw, H ( { pk k } n , { σ k } n , SSInfo , K ); r ) pw { π k } n { pk k } n { σ k } n K r SSInfo

  53. PPSS: Initialization The user uploads the encrypted data ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … PInfo PInfo PInfo PInfo = ( { pk k } n , { σ k } n , SSInfo , C ) pw { π k } n { pk k } n { σ k } n K r SSInfo C

  54. PPSS: Password-Protected Secret Sharing Reconstruction phase

  55. PPSS: Reconstruction The user interacts with the server ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … PInfo PInfo PInfo π 1 = F sk 1 ( pw ) PInfo pw

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro Columbia University April 2, 2015 Lewko, Pastro (Columbia) RSSS &amp; Loc Advs April 2, 2015 1 / 22 Secret Sharing (Informal) (Share , Rec) pair of

505 views • 47 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion &amp; UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

790 views • 75 slides
Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013 Outline 1. Introduction 2. Shamir Secret Sharing and Habeeb-Kahrobaei-Shpilrain secret sharing 3. Adjustments to HKS secret sharing and analysis

444 views • 27 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and Dominique Schrder Friedrich-Alexander University Erlangen-Nrnberg Homomorphic Secret Sharing A secret-sharing scheme allows a client to share his

247 views • 14 slides
Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod Vaikuntanathan Hoeteck Wee MIT MIT CNRS and ENS May 6, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret s { 0 , 1 }

1.02k views • 85 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with Vipul Goyal, Raghu Meka, and Amit Sahai Secret Sharing secret s n s 1 s i Correctness: Any out of parties can

1.72k views • 144 slides
A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su, Xiaoguang Liu, Gang Wang, (Nankai University) and Sheng Lin (Tianjin University of Technology). September 12, 2014 Secret sharing schemes Secret

1.43k views • 86 slides
access-list 103 remark VTY Telnet Access ACL access-list 103 permit tcp host &lt;IP address&gt;

access-list 103 remark VTY Telnet Access ACL access-list 103 permit tcp host &lt;IP address&gt;

Router Device Security Lab Configuring Secure Passwords 1. Configure the enable secret and password enable password TRUSTME enable secret letmein Look at the configuration: show config terminal Note the difference between the number 5 and

375 views • 5 slides
Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa Starting to record Nuclear launch codes A judge, president and general receive shares ! , &quot; , # of a secret from a

473 views • 35 slides
ADC simula+on tools ProtoDUNE Simula+on and Reconstruc+on David

ADC simula+on tools ProtoDUNE Simula+on and Reconstruc+on David

ADC simula+on tools ProtoDUNE Simula+on and Reconstruc+on David Adams BNL May 5, 2017 Introduc+on I have been looking at ADC test data taken at

390 views • 18 slides
lgebra Linear e Aplicaes RECTANGULAR SYSTEMS AND ECHELON FORMS Rectangular systems

lgebra Linear e Aplicaes RECTANGULAR SYSTEMS AND ECHELON FORMS Rectangular systems

lgebra Linear e Aplicaes RECTANGULAR SYSTEMS AND ECHELON FORMS Rectangular systems General linear system a 11 x 1 + a 12 x 2 + a 1 n x n = b 1 a 21 x 1 + a 22 x 2 + a 2 n x n = b 2 . . . a m 1 x 1 + a m 2 x 2 +

439 views • 29 slides
Optimal Nearest Neighbor Queries in Sensor Networks Gokarna Sharma and Costas Busch Division of

Optimal Nearest Neighbor Queries in Sensor Networks Gokarna Sharma and Costas Busch Division of

Optimal Nearest Neighbor Queries in Sensor Networks Gokarna Sharma and Costas Busch Division of Computer Science and Eng. Louisiana State University 1 Problem Description Distributed sensor network 2 Problem Description Objects are tracked

667 views • 42 slides
14. Stochastic Processes Introduction Let denote the random outcome of an experiment. To

14. Stochastic Processes Introduction Let denote the random outcome of an experiment. To

14. Stochastic Processes Introduction Let denote the random outcome of an experiment. To every such outcome suppose a waveform X ( t , ) ( X t , ) is assigned. The collection of such X ( t , ) waveforms

1.08k views • 49 slides
Linking the Deep Web to the Linked Data Web Rahul Parundekar, Craig A. Knoblock and Jos Luis

Linking the Deep Web to the Linked Data Web Rahul Parundekar, Craig A. Knoblock and Jos Luis

Linking the Deep Web to the Linked Data Web Rahul Parundekar, Craig A. Knoblock and Jos Luis Ambite {parundek, knoblock, ambite} @isi.edu University of Southern California/Information Sciences Institute Motivation Large amount of data is

479 views • 20 slides
Bargaining and Coalition Formation Dr James Tremewan (james.tremewan@univie.ac.at) Experiments on

Bargaining and Coalition Formation Dr James Tremewan (james.tremewan@univie.ac.at) Experiments on

Bargaining and Coalition Formation Dr James Tremewan (james.tremewan@univie.ac.at) Experiments on Cooperative Solution Concepts Experiments on Cooperative Solution Concepts Experiments on Cooperative Solution Concepts A test of the core,

735 views • 28 slides
Hidden Markov Models Bhiksha Raj 10 Nov 2016 11755/18797 1 Prediction : a holy grail

Hidden Markov Models Bhiksha Raj 10 Nov 2016 11755/18797 1 Prediction : a holy grail

Machine Learning for Signal Processing Hidden Markov Models Bhiksha Raj 10 Nov 2016 11755/18797 1 Prediction : a holy grail Physical trajectories Automobiles, rockets, heavenly bodies Natural phenomena Weather Financial

1.35k views • 113 slides
Who is SUSS? Singapores newest Autonomous University ) SUSS: A Quick Snapshot

Who is SUSS? Singapores newest Autonomous University ) SUSS: A Quick Snapshot

Who is SUSS? Singapores newest Autonomous University ) SUSS: A Quick Snapshot A wide range of degree programmes and modular courses available, regardless of demographic Centre for Fresh Working Adults Continuing &amp;

308 views • 17 slides

More recommend