Space-efficient Verifiable Secret Sharing Using Polynomial Interpolation

SPACE-EFFICIENT VERIFIABLE SECRET SHARING
USING POLYNOMIAL INTERPOLATION
Abstract—Preserving data confidentiality in clouds is a key issue. Secret Sharing,
a cryptographic primitive for the distribution of a secret among a group of n
participants designed so that only subsets of shareholders of cardinality 0 < t _ n
are allowed to reconstruct the secret by pooling their shares, can help mitigating
and minimizing the problem. A desirable feature of Secret Sharing schemes is
cheater detection, i.e. the ability to detect one or more malicious shareholders
trying to reconstruct the secret by obtaining legal shares from the other
shareholders while providing them with fake shares. Verifiable Secret Sharing
schemes solve this problem by allowing shareholders verifying the others’ shares.
We present new verification algorithms providing arbitrary secret sharing schemes
with cheater detection capabilities, and prove their space efficiency with regard to
other schemes appeared in the literature. We also introduce, in one of our schemes,
the Exponentiating Polynomial Root Problem (EPRP), which is believed to be NP-
Intermediate and therefore difficult.
EXISTING SYSTEM:

In this Section, we discuss related work. We begin by reviewing commitments, and
then proceed analyzing hashing, the schemes based on homomorphic commitments
proposed by Feldman Pedersen and Benaloh and the set coherence verification
method, introduced by Harn and Lin. A commitment is a statement that proves
knowledge of some information, without revealing the information itself. A formal
definition follows:
Definition 2.1 (Commitment). Given a value x, a commitment c(x) is a value such
that the following conditions are satisfied:
• Hiding: By knowledge of c(x), it is impossible (or very difficult) to obtain x —
c(x) hides x;
• Binding: It is infeasible or impossible to find another value y for which c(y) =
c(x) — c(x) binds to x.
The two properties just defined may refer to the computational or to the
unconditional security setting: if an attacker with infinite computing power can
break the former or the latter, the scheme is said to be, respectively,
computationally hiding or computationally binding. Otherwise, a commitment
scheme is said to be unconditionally hiding or unconditionally binding. More
precisely, it can be proved that a commitment scheme cannot be simultaneously

unconditionally hiding and unconditionally binding. Commitments can be
implemented via one-way functions, as a basis for verification schemes.
PROPOSED SYSTEM:
One important issue in the design of a secret sharing protocol is its robustness
against cheaters: common solutions proposed in literature rely on checking
consistency of the secret information after reconstruction from more than one
group of shareholders, or on adding helpful data to the shares in order to detect
and/or identify mistrustful behavior. Verifiable Secret Sharing (VSS) is therefore
secret sharing augmented with features that allow only detection or also
identification of any cheater in a coalition, unconditionally or with respect to the
scheme parameters(threshold value, total number of dishonest shareholders, etc.).
Several VSS schemes have been proposed, including, for instance, Publicly
Verifiable Secret Sharing (PVSS) or schemes focusing on Asynchronous
Verifiable Secret Sharing (AVSS) such as. In this work, we present new
verification algorithms based on commitments providing arbitrary secret sharing
schemes with cheater detection capabilities, and prove their data efficiency with
regard to other schemes appeared in the literature. Our approach belongs to the
Honest-Dealer VSS scheme category, since it requires a one-time honest dealer.

Our contribution is three-fold: (i) we present space efficient verification protocols
that does not even require storing public data for verification; (ii) our schemes can
be used in conjunction with arbitrary secret sharing schemes, and provide cheater
detection capabilities; (iii) we also introduce, in one of our schemes, a new
computational problem, namely the Exponentiating Polynomial Root Problem
(EPRP), which generalizes the Discrete Logarithm Problem (DLP).
Module 1
Privacy and Security in cloud
This section addresses the core theme of this chapter, i.e., the security and privacy-
related challenges in cloud computing. There are numerous security issues for
cloud computing as it encompasses many technologies including networks,
databases, operating systems, virtualization, resource scheduling, transaction
management, load balancing, concurrency control and memory management.
Therefore, security issues for many of these systems and technologies are
applicable to cloud computing. For example, the network that interconnects the
systems in a cloud has to be secure. Furthermore, virtualization paradigm in cloud
computing leads to several security concerns. For example, mapping the virtual
machines to the physical machines has to be carried out securely. Data security

involves encrypting the data as well as ensuring that appropriate policies are
enforced for data sharing. In addition,
resource allocation and memory management algorithms have to be secure.
Finally, data mining techniques may be applicable for malware detection in the
clouds – an approach which is usually adopted in intrusion detection systems
(IDSs) (Sen & Sengupta, 2005; Sen et al., 2006b; Sen et al., 2008; Sen, 2010a;
Sen, 2010b; Sen 2010c). There are six specific areas of the cloud computing
environment where equipment and software require substantial security attention
(Trusted Computing Group’s White Paper, 2010). These six areas are: (1) security
of data at rest, (2) security of data in transit, (3) authentication of
users/applications/ processes, (4) robust separation between data belonging to
different customers, (5) cloud legal and regulatory issues, and (6) incident
response. For securing data at rest, cryptographic encryption mechanisms are
certainly the best options. The hard drive manufacturers are now shipping self-
encrypting drives that implement trusted storage standards of the trusted
computing group (Trusted Computing Group’s White Paper, 2010). These self-
encrypting drives build encryption hardware into the drive, providing automated
encryption with minimal cost or performance impact. Although software
encryption can also be used for protecting data, it makes the process slower and

less secure since it may be possible for an adversary to steal the encryption key
from the machine without being detected.
Module 2
Space-efficientverifiability
In this Section, we introduce our construction of a new verification method for
threshold secret sharing. It is not designed for a particular scheme, nor does it
require any assumption on the shares. The designed verification algorithm is non-
interactive (verification does not require receiving additional data from other
shareholders, besides the shares), requires a one-time honest dealer, and belongs to
the family of commitment-based methods, since it relies on one way functions. It
will be shown that, under certain hypotheses, it is more space-efficient than the
already illustrated homomorphic VSS extensions.
Definitions Notations related to mathematical and string operators are listed
below. The following convention will be used: any operator defined for a bitstring
is valid for an unsigned integer type, and vice-versa.
Module 3

Designing a space-efficientVSS extension
The verification scheme that is going to be designed will be the result of
incremental refinements of partially secure techniques. The main goal to achieve
during the design will be the reduction of verification data. Labels of the form VSS-
X will be used to better identify and distinguish the variants obtained. Moreover,
since the final result is a commitment scheme, the security analysis will develop
around the two security properties of hiding and binding.
Module 4
Security assumptions
• There is a single, one-time, honest dealer, that distributes data to all of the n
shareholders involved in the scheme instance;
• There is no trusted shareholder in the underlying network, and no storage of
shared or public data. That is, once provided with their shares and verification data,
shareholders do not need any other information for secret reconstruction and
cheater identification;

• Secure bidirectional channels can be established between pairs of entities - any
external attacker can only be passive, so man-in-the-middle attacks are not
considered in this model; security against these kinds of attack is assumed to be
addressed by the protocols that establish communication between the parties over a
network (e.g., TLS or SSL);
• Client machines are fully trusted. All of the entities (the dealer and the
shareholders) run their respective protocol steps on their client machines where
keys and certificates required for encryption/ decryption and authentication are
stored. If a CSP (Cloud Service Provider) has to be used for share storage,
shareholders encrypt their shares using a symmetric cipher before uploading them.
Similarly, shareholders download shares from CSPs to their clients and decrypt
them before engaging in secret reconstruction and cheater identification;
• CSPs are semi-trusted and modeled as Honest- But-Curious adversaries.
Therefore, they act according to their prescribed actions in all of the protocols they
are involved in (they do not, as malicious users do, try to alter stored data and
communications), but it is assumed that CSPs are interested in learning the
contents of shares stored by shareholders, and can fully access everything stored on
their cloud storage infrastructure.
Module 5

Designfeatures
The main features design attempts will insist on, are summarized below:
• Commitments on shares: Verification routines ensure that shares are legal
independently from the secret they are generated from– unlike homomorphic
commitment schemes, that guarantees that a share correspondsto some secret;
• Non-interactivity: Verification algorithms can be carried out in one interaction,
that is, no further communication with other parties is required after receiving the
shares;
• Private verification: each shareholder is able to verify the others’ shares, but not
its one: this is not necessary since this interaction model assumes a one-time honest
dealer; moreover, verification is performed differently by each shareholder – by
taking as additional input a secret parameter.
CONCLUSIONS
We have presented new verification schemes enhancing arbitrary secret sharing
schemes by adding cheater detection capabilities. Our main effort was devoted to
reducing the amount of verification data for a secret sharing scheme without

worsening the security properties; a new computational problem, EPRP, supposed
to be harder than the DLP, has been introduced, but the derived verification
schemes, missing the homomorphic property, are not extensible to additional
shareholders, and the dealer must be a trusted entity, since any malicious behavior
of this party cannot be detected. Further research should be carried out on the
possibility of modifying the proposed problem in order to augment it with the
homomorphic property, so that a resulting VSS scheme would present shareholder
extensibility, and to investigate if this kind of problem can be also exploited in
interactive proofs for authenticating the dealer’s integrity and in publickey based
cryptosystems. Another possible direction for future work could regard
investigating additional runtime efficiency refinements. Finally, proving the NP-
hardness of EPRP by deriving a suitable poly-time reduction would result in a
substantial breakthrough in computer science.
REFERENCES
[1] A. Shamir, “How to share a secret.,” Communications of the ACM, vol. 22, no.
11, pp. 612–613, 1979.

[2] G. Blakley, “Safeguarding cryptographic keys,” in Proceedings of the 1979
AFIPS National Computer Conference, (Monval, NJ, USA), pp. 313–317, AFIPS
Press, 1979.
[3] M. Mignotte, “How to share a secret,” in Proceedings of the 1982 Conference
on Cryptography, (Berlin, Heidelberg), pp. 371–375, Springer-Verlag, 1983.
[4] C. Asmuth and J. Bloom, “A modular approach to key safeguarding,” IEEE
Trans. Inf. Theor., vol. 29, pp. 208– 10, Sept. 2006.
[5] P. Tysowski and M. Hasan, “Hybrid attribute- and reencryption- based key
management for secure and scalable mobile applications in clouds,” Cloud
Computing, IEEE Transactions on, vol. 1, pp. 172–186, July 2013.
[6] B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, “Verifiable secret sharing
and achieving simultaneity in the presence of faults,” in Foundations of Computer
Science, 1985., 26th Annual Symposium on, pp. 383–395, 1985. [7] M. Stadler,
“Publicly verifiable secret sharing,” in Advances in Cryptology EUROCRYPT 96
(U. Maurer, ed.), vol. 1070 of Lecture Notes in Computer Science, pp. 190–199,
Springer Berlin Heidelberg, 1996.
[8] E. Fujisaki and T. Okamoto, “A practical and provably secure scheme for
publicly verifiable secret sharing and its applications,” in Advances in Cryptology
EUROCRYPT’98 (K. Nyberg, ed.), vol. 1403 of Lecture Notes in Computer
Science, pp. 32–46, Springer Berlin Heidelberg, 1998.

[9] B. Schoenmakers, “A simple publicly verifiable secret sharing scheme and its
application to electronic,” in Proceedings of the 19th Annual International
Cryptology Conference on Advances in Cryptology, CRYPTO ’99, pp. 148–164,
Springer-Verlag, 1999.

Space-efficient Verifiable Secret Sharing Using Polynomial Interpolation

More Related Content

What's hot (18)

Viewers also liked (18)

Similar to Space-efficient Verifiable Secret Sharing Using Polynomial Interpolation (20)

Recently uploaded (20)

Space-efficient Verifiable Secret Sharing Using Polynomial Interpolation