A new multi-use multi-secret sharing scheme based on the duals of minimal linear codes
|
|
- Frederick McBride
- 5 years ago
- Views:
Transcription
1 SEURITY AND OMMUNIATION NETWORKS Security omm Networks 215; 8: Published online 19 March 214 in Wiley Online Library (wileyonlinelibrarycom) 972 RESEARH ARTILE A new multi-use multi-secret sharing scheme based on the duals of minimal linear codes Yun Song 1, Zhihui Li 1 *, Yongming Li 1 and Jing Li 2 1 ollege of Mathematics and Information Science, Shaanxi Normal University, Xi an, 7162, hina 2 State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 1876, hina ABSTRAT There are several methods to construct multi-secret sharing schemes, one of which is based on coding theory Generally, however, it is very hard to determine the minimal access structures of the schemes based on linear codes In this paper, we first propose the concept of minimal linear codes so as to make it easier to determine the access structures of the schemes based on the duals of minimal linear codes It is proved that the shortening codes of minimal linear codes are also minimal ones Then we present the algorithm to determine whether a class of linear codes are minimal On the basis of our aforementioned studies, we further devise a new multi-use multi-secret sharing scheme based on the dual code of a minimal linear code, where each participant has to carry only one share Furthermore, we study the minimal access structures of the multi-secret sharing scheme and present specific examples through programming opyright 214 John Wiley & Sons, Ltd KEYWORDS multi-secret sharing; minimal linear codes; minimal access structures; j- minimal codewords; irreducible cyclic codes *orrespondence Zhihui Li, ollege of Mathematics and Information Science, Shaanxi Normal University, Xi an, 7162, hina lizhihuisnnueducn 1 INTRODUTION 11 Single-secret sharing schemes In 1979, Shamir [1] and Blakley [2] independently introduced secret sharing schemes for the original motivation of safeguarding cryptographic keys from loss Because of their important roles in protecting secret information, the Single-secret sharing schemes (SSSS) have been studied by several authors [3 6] A secret sharing scheme allows one to split a secret s into different pieces, called shares, which are distributed to the set of participants P such that only certain authorized subsets of participants are able to reconstruct the secret by using their respective shares The collection of these authorized sets of participants is called the access structure A group of participants is called a minimal authorized subset if they can recover the secret with their shares, and any of its proper subgroups cannot do so Then the access structure is determined by the family of minimal authorized subsets ( ) min 12 Multi-secret sharing schemes However, the schemes [1 6] dealt with a single secret, and once the secret was updated to a new one, the system had to reissue a new share to each participant To eliminate this weakness, several schemes have been proposed for multiple secret sharing [7 14] Multi-secret sharing can be seen as a natural generalization of single-secret sharing schemes In 1994, Blundo et al [15] studied the more general case in which the set of participants share more than one secret and different secrets are associated with different access structures Let =( 1, :::, n ) be the n-tuple of access structures on P, and let S 1 S 2 S n be the set from which the secrets are chosen, where for any 1 j n, each secret s j to be shared is chosen in S j In the definition of a multi-secret sharing scheme (MSSS), an n-tuple of secrets (s 1, :::, s n ) 2 S 1 S n is shared in an n-tuple =( 1, :::, n ) of access structures on P in such a way that, for each 1 j n, the set of all subsets of P in the access structure j can recover secret s j In a multi-use MSSS, each participant only needs to keep one share, and many secrets can be shared independently without refreshing the share In order to recover the secret, every involved participant only needs to submit a pseudo-secret share computed from the real share instead of the real share itself Several (t, n) multi-use MSSS based on Shamir s secret sharing have been presented [8 12] In 2, hien et al [16] proposed a new type of (t, n) multi- 22 opyright 214 John Wiley & Sons, Ltd
2 Y Song et al Multi-use multi-secret sharing based on minimal linear codes use MSSS based on the systematic block codes However, little work has been carried out on the construction of multi-use MSSS based on the coding theory In 1993, Massey utilized linear codes to construct SSSS and pointed out the relationship between the access structure and the minimal codewords of the dual code of the underlying code [17,18] Then many SSSS based on coding theory have been studied by several authors [19 22] Unfortunately, determining the minimal codewords is extremely hard for general linear codes, which means that it is hard to obtain the minimal access structure of the SSSS based on general linear codes [19,2] Because of this, there are few studies on MSSS based on linear codes This paper puts forward the concept of the minimal linear code whose minimal codewords are easier to obtain than the other codes Thus, looking for and constructing minimal linear codes become the key point to this problem 13 Our results In this paper, we present the construction of minimal linear codes and study the algorithm to determine the minimality of a class of linear codes Then we propose a new multi-use MSSS based on the dual code of a minimal linear code, in which each secret can be reconstructed independently and different secrets corresponding to different access structures may be shared We establish a one-toone correspondence between the family of minimal access structures and the sets of j-minimal codewords in the minimal linear code for 1 j n, which can not only lead to a higher utilization rate of codewords than that of Massey s scheme but also make it easier to determine the minimal access structures because j-minimal codewords (1 j n) can be found exactly in the minimal linear code Furthermore, we discuss the minimal access structures of MSSS based on the duals of a class of minimal linear codes And finally, the algorithm applied to obtain minimal access structures is presented 2 MINIMAL LINEAR ODES AND THEIR ONSTRUTION Throughout this paper, let q = p s,where p is a prime and s a positive integer A linear [n, k, d; q] code is a k- dimensional subspace with minimum (Hamming) distance d Let G = (g 1, g 2, :::, g n ) be a generator matrix of an [n, k, d; q] code, that is, the row vectors of G generate the linear subspace Definition 21 ([2]) The support of a vector c 2 Fq n is defined to be { i n 1 : c i } A codeword c 2 covers a codeword c 1 if the support of c 2 contains that of c 1 Definition 22 Let 1 j n A codeword c is called a j- minimal codeword if its j-th coordinator is 1 and it covers no other codeword whose j-th coordinator is 1 Definition 23 ([19]) If a nonzero codeword c covers only its multiples, but no other nonzero codewords, then it is called a minimal vector Based on the preceding discussions, it is clear that a j- minimal codeword must be a minimal vector, but a minimal vector may not be a j-minimal codeword Definition 24 A linear code is called minimal if every column vector of any generator matrix is nonzero and each of the nonzero codewords in the linear code is a minimal vector Theorem 25 Let be an [n, k; q] linear code If is minimal, then there are altogether q k 1 j-minimal codewords for every 1 j n Proof By Definition 24, every column vector of any generator matrix is nonzero Hence, g j Thus, the inner product ug j takes on each element of F q exactly q k 1 times when u ranges over all elements of Fq k Therefore, there are altogether q k q k 1 codewords in whose j-th coordinator is nonzero Because each nonzero codeword is a minimal vector, a codeword covers the other one if and only if they are multiples of each other So the total number of j-minimal codewords is (q k q k 1 )/(q 1) = q k 1 for every 1 j n Next, we will show how to construct the new minimal linear codes by shortening the codewords in original minimal linear codes Let be an [n, k; q] linear code with its generator matrix 1 g 11 g 12 g 1,n 1 g 1,n G = B g 21 g 22 g 2,n 1 g 2,n A g k1 g k2 g k,n 1 g k,n Lemma 26 Let be an [n, k; q] code, and two columns of its generator matrix G are linearly independent Let (n) ={c =(c 1, c 2,, c n 1, ) c 2 }, then (a) (n) is an [n, k 1;q] code (b) The first n 1columns of the generator matrix G(n) of (n) are nonzero Proof (a) Note that every column vector of G is nonzero We assume that g 1,n, multiply the first row of G by g 1 1,n g l,n for all 2 l k, and then add the correspondent results to the l-th row We have 1 g 11 g 12 g 1,n 1 g 1,n g G 1 = B 21 g 22 g 2,n 1 A g k1 g k2 g k,n 1 Security omm Networks 215; 8: John Wiley & Sons, Ltd 23
3 Multi-use multi-secret sharing based on minimal linear codes Y Song et al g 21 g 22 g 2,n 1 1 G(n) = A g k1 g k2 g k,n 1 It is clear that G(n) is a generator matrix of an [n, k 1; q] linear code, which is contained in (n), so dim((n)) k 1 On the other hand, (g 11, g 12, :::, g 1,n ), so dim((n)) k 1 The conclusion then follows (b) Suppose the i-th column of G(n) is zero for 1 i n 1, 1 1 then if and only if B g 2,i g k,i A = B A g 2,i g 1 1,n g 1 1 2,ng 1,i B A = B A g k,i g 1 1,n g k,ng 1,i 1 g 2,i B g k,i A = g 1 1 g 2,n 1,n g B 1,i g k,n A if and only if 1 1 g 1,i g 1,n g 1,i B A = g 1 1,n g g 2,n 1,i B A g k,i g k,n Hence, the i-th and n-th columns of G are multiples of each other, which is a contradiction Lemma 27 Let (n)[n 1] = {c = (c 1, c 2, :::, c n 1 ) (c 1, c 2, :::, c n 1,) 2 (n)} If is an [n, k; q] code, then (a) G(n)[n 1]is a generator matrix of (n)[n 1]and g 2,1 g 2,2 g 1 2,n 1 G(n)[n 1]= A g k,1 g k,21 g k,n 1 where G(n)[n 1]is a matrix formed by the first n 1 columns of G(n); and (b) (n)[n 1]is an [n 1,k 1;q] code Proof According to the proof of Lemma 26, G(n)[n 1] is a matrix of (n)[n 1] Hence, (n)[n 1]isan[n 1,k 1; q] code Theorem 28 If is an [n, k; q] minimal linear code, then (n)[n 1]is an [n 1,k 1;q] minimal linear code Proof By Lemma 27, (n)[n 1]isan[n 1,k 1;q] code Suppose (n)[n 1] is not a minimal linear code; then there exists a nonzero codeword c =(c 1, c 2, :::, c n 1 ) 2 (n)[n 1], which is not minimal Namely, there would exist a nonzero c =(c 1, c 2, :::, c,n 1 ) 2 (n)[n 1] such that c can cover c, and they are not multiples of each other onsequently, because c =(c 1, c 2, :::, c n 1, ) can cover c =(c 1, c 2,, c,n 1, ) in the linear code, c is not a minimal vector, and the linear code is not minimal This is contrary to the assumption that is a minimal linear code We need to introduce the following mark: (n, n 1,, n i) = {c = (c 1, c 2, :::, c n i 1,,:::, ) c 2 }( i n k 2) Then, (n, n 1,:::, n i)[n i 1] = {c =(c 1, :::, c n i 1 ) (c 1, :::, c n i 1,,:::,) 2 } It is easier to show that (n, n 1, :::, n i) and (n, n 1, :::, n i)[n i 1] are [n, k i 1;q] and [n i 1,k i 1;q] linear codes, respectively Then we have (n, n 1,:::, k +2) (n, n 1,:::, n i) (n), where (n) denotes that (n) is a subcode of Theorem 29 If is an [n, k; q] minimal linear code, and minimum (Hamming) distance of the dual code? >2, i n k 2,then (a) No column vector of the generator matrix of (n, n 1, :::, n i)[n i 1]is the zero vector; and (b) (n, n 1,:::, n i)[n i 1]is an [n i 1,k i 1;q] minimal linear code Proof (a) We first consider the relationship between (n, n 1, :::, n i)[n i 1]? and (n, n 1,:::, n i)[n i 2]? Let (x 1, x 2, :::, x n i 2 ) 2 (n, n 1,:::, n i 1)[n i 2]?, then x 1 c 1 + x 2 c x n i 2 c n i 2 = For any (c 1, c 2, :::, c n i 2 ) 2 (n, n 1,:::, n i 1)[n i 2]; then x 1 c 1 +x 2 c 2 ++x n i 2 c n i 2 +c n i 1 = For any (c 1, c 2, :::, c n i 2, c n i 1 ) 2 (n, n 1,:::, n i)[n i 1], we have (x 1, x 2, :::, x n i 2,) 2 (n, n 1,:::, n i)[n i 1]? ( i n k 2) Note that the minimum (Hamming) distance of? > 2 By the above, it suffices to show that the minimum (Hamming) distance of (n, n 1,:::, n i)[n i 1]? > 2 Hence, two columns of the generator matrix of (n, n 1,:::, n i)[n i 1] are linearly independent (b) If is an [n, k; q] minimal linear code, then (n, n 1, :::, n i)[n i 1]isan[n i 1,k i 1;q] linear code whose codewords are all minimal vectors The conclusion then follows In Theorems 28 and 29, the new class of minimal liner codes can be constructed by shortening all codewords of 24 Security omm Networks 215; 8: John Wiley & Sons, Ltd
4 Y Song et al Multi-use multi-secret sharing based on minimal linear codes the original minimal linear codes, which will be illustrated and used in the last two sections 3 AN ALGORITHM TO DETERMINE A LASS OF MINIMAL LINEAR ODES First, by means of the concept of the minimal linear code, we state Proposition 3 in [2] by the following theorem Theorem 31 In an [n, k; q] code, let W min and W max be minimum and maximum nonzero weights, respectively If W min /W max > q 1/q and every column vector of the generator matrix of is nonzero, then is a minimal linear code It is obvious that any 1-weight linear code is minimal in terms of Theorem 31 Next, we will present an algorithm to determine whether a class of linear codes is minimal Recall that q = p s,where p is a prime and s a positive integer Let r = q m and m be a positive integer Definition 32 ([2]) Let N > 1 be an integer dividing r 1, and put n = (r 1)/N Let be a primitive element of F q m and = N The set (q, m, N) = {(Tr r/q (ˇ), Tr r/q (ˇ), :::, Tr r/q (ˇ n 1 )) ˇ 2 F r } (1) is called an irreducible cyclic code over F q,where Tr is the trace function from F r onto F q We will study the algorithm to determine whether a given irreducible cyclic code (q, m, N) is minimal for different N by Theorem 31 Remark 1 We implement Algorithm 1 by using Mathematica 7 on a laptop with a frequency of 32 GHz and 2-GB memory The time complexity of Algorithm 1 is O(n 2 ) where n denotes the length of each minimal codeword in (q, m, N) Example 33 The set (2, 6, 3) is a [21, 6; 2] linear code over F 2 After running Algorithm 1, the operating results are shown as follows: W min =7,W max =11 This linear code is minimal It turned out that Algorithm 1 is possible and effective in determining minimality of irreducible cyclic codes 4 MULTI-SERET SHARING SHEMES FROM MINIMAL LINEAR ODES In this section, we will devise a multi-use MSSS based on the dual code of a minimal linear code, in which each participant also acts as a dealer We firstly define an n- tuple = ( 1, :::, n ) of access structures for a set of participants P ={P 1, P 2, :::, P n } 41 Definition of the minimal access structures Let be an [n, k; q] linear code and? be minimal Seeing that any minimal authorized subset in different minimal access structures ( j ) min carries different target secret, there are all n secrets s 1, :::, s n such that for any 1 j n, each secret s j distributed by P j is associated with an access structure ( j ) min on P Then we can define such an n-tuple =( 1, :::, n ) as follows: ( j ) min ={A P i 2 A i th coordinator of a j-minimal codeword in? is nonzero for all 1 i n, i j}, 1 j n Note that the proposed scheme presents a one-to-one correspondence between the family of minimal access structures and the sets of j-minimal codewords(1 j n) By Definitions 22 and 24, a codeword in a minimal linear code is j-minimal if and only if its j-th component is 1, so the j-minimal codeword can be obtained easily Hence, for a fixed j, in order to determine the minimal access structure ( j ) min of our MSSS based on, we only need to determine the set of j-minimal codewords of the dual code?, which is difficult for general linear codes but easy for minimal linear codes For any 1 j n, now we describe Algorithm 2 applied to obtain all the minimal authorized subsets in ( j ) min of the MSSS based on the duals of the minimal irreducible cyclic code (q, m, N) validated by Algorithm 1 Security omm Networks 215; 8: John Wiley & Sons, Ltd 25
5 Multi-use multi-secret sharing based on minimal linear codes Y Song et al (1) Randomly choose a vector u j =(u j1, :::, u jk ) 2 F k q such that s j = u j g j (2) Treat u j as an information vector and compute the corresponding codeword t j =(t j1, t j2, :::, t jn )=u j G (3) Send each (t ji ) e i mod n i to other participants P i publicly for i = 1,2,:::, n, i j, and note that t jj = u j g j = s j (Table I) In Table I, the blank in each column is P j s secret, which will be shared among the other participants P i, and the other public information in each column is what P j gives P i for secret sharing, where i =1,2,:::, n, i j Note that the real share of each participant P j is d j Remark 2 We implement Algorithm 2 by using Mathematica 7 on a laptop with a frequency of 32 GHz and 2- GB memory The time complexity of Algorithm 2 is O(n 2 ) where n denotes the length of each minimal codeword in (q, m, N) A specific application of Algorithm 2 that derives minimal access structures is presented in Section 5 42 onstruction of our scheme 421 Initialization phase In the secret sharing scheme constructed from an [n, k; q] code with generator matrix G = (g 1, g 2, :::, g n ) kn, s 1, :::, s n denote n secrets to be shared among n participants, where (s 1, :::, s n ) 2 S 1 S n Let 1 j n Firstly, each participant P j chooses two large primes p j1 and p j2, computes n j = p j1 p j2, and ensures min j '(n j ) > q It is certainly necessary that n j must be large enough that factoring it will be computational infeasible Then P j chooses a small integer e j, which is coprime to '(n j ) and computes the integer d j such that e j d j 1 (mod '(n j )) d j is P j s share, and each participant P j publishes {n j, e j } 422 Distribution phase Each participant P j performs the following steps: 423 Reconstruction phase In Section 41, we show that there is a one-to-one correspondence between the minimal authorized subsets in ( j ) min and the set of j-minimal codewords of the dual code?, for each 1 j n Note that the dual code? is minimal According to the definition of the minimal access structures, {P i1, :::, P im } is a minimal authorized subset in ( j ) min of the MSSS based on if there exists a j-minimal codeword (, :::,,c i1, 1,,:::,,c j im,,:::,) in?, where c i` for at least one `,1 i 1 < < i m n 1 and 1 m n 1 Then the vector g j is a linear combination of g i1, :::, g im, namely, g j = P m`=1 c i`g i` Fix 1 j n IfP j acts as a dealer, then her or his secret s j can be recovered by participants P i1, :::, P im as follows: (1) Participants P i1,, P im pool their pseudo-secret shares [(t ji`) e i` ] d i` mod n i` from Table I, for 1 (2) ` m mx c i` (tji`) e i` di` mod n i` `=1 mx = c i` (uj g i`) e i` di` mod n i` `=1 mx = c i`(u j g i`) mod n i` `=1 X m = u j c i`g i` = s j `=1 Table I The public information that P j sends to other participants, for each 1 j n P 1 P 2 P 3 P n P 1 (t 21 ) e1 mod n 1 (t 31 ) e1 mod n 1 (t n1 ) e1 mod n 1 P 2 (t 12 ) e2 mod n 2 (t 32 ) 2e mod n 2 (t n2 ) e2 mod n 2 P 3 (t 13 ) e3 mod n 3 (t 23 ) e3 mod n 3 (t n3 ) e3 mod n 3 P n (t 1n ) en mod n n (t 2n ) en mod n n (t 3n ) en mod n n 26 Security omm Networks 215; 8: John Wiley & Sons, Ltd
6 Y Song et al Multi-use multi-secret sharing based on minimal linear codes Because each shareholder can act as a dealer that shares her or his secret among the other participants, this scheme can be applied to the multi-proxy signature scheme based on general access structures, which plays an important role in electronic commerce A concrete application is considered as follows In the company s board of directors, each board member P j (1 j n) has a proxy agent in terms of access structures of the proposed scheme, and only the cooperation of members in the proxy agent can sign this file on behalf of P j (who is unable to sign it for some reasons) Therefore, our scheme is of cardinal theory significance and practical application values 5 THE AESS STRUTURES OF THE MSSS BASED ON THE DUALS OF MINIMAL LINEAR ODES Now we shall discuss the access structures of our scheme specifically Theorem 51 Let be an [n,k;q] minimal linear code, and let G = (g 1, g 2, :::, g n ) be its generator matrix Then, in the MSSS based on?, there are altogether q k 1 minimal authorized subsets in ( j ) min for each 1 j n In addition, for a fixed 1 j n, we have the following: (a) If g i is a multiple of g j, 1 i n, i j, then participant P i must be in every minimal authorized subset in ( j ) min Such a participant is called an s j -dictatorial participant (b) If g i is not a multiple of g j, 1 i n, i j, then participant P i must be in (q 1)q k 2 out of q k 1 minimal authorized subsets in ( j ) min Proof By Theorem 25, we can prove that the total number of minimal authorized subsets in ( j ) min is q k 1 for each 1 j n Fix 1 j n For any 1 i n and i j, ifg i = bg j for some b 2 F q *, then ug j = 1 implies that ug i = b Hence, participant P i is in every minimal authorized subset For any 1 i n, i j, ifg i and g j are linearly independent, (ug i, ug j ) takes on each element of F 2 q qk 2 times when the vector u ranges over F k q Thus, {u : ug j = 1 and ug i } = (q 1)q k 2, which is the number of minimal authorized subsets in which P i is involved in ( j ) min We have the following theorems in terms of Theorem 51, which not only present the interesting access structures of the proposed scheme based on the duals of a minimal irreducible cyclic code but also indicate that the MSSS obtained are democratic in the sense that every participant is involved in the same number of minimal authorized subsets Theorem 52 Let 1 j n and let be an [n, k;2]irreducible cyclic code If is a minimal linear code, then in the MSSS based on?, there are altogether 2 k 1 minimal authorized subsets in ( j ) min and n 1participants except P j serve in 2 k 2 out of 2 k 1 minimal authorized subsets in ( j ) min Namely, there exists no s j -dictators for any j Proof By Theorem 51(b), we only need to prove that the dual code? has a minimum distance of at least 3 On the contrary, suppose that? have a codeword of Hamming weight 2 Then there would exist two distinct integers i n 1 and l n 1 such that Tr L/K (ˇ i )=Tr L/K (ˇ l ) for all ˇ 2 F r This implies that i = l and then i = l This is contrary to the assumption that i and l are distinct The conclusion then follows from Theorem 51 Example 53 Let N = 3 and 1 j 21 (2, 6, 3) is a [21, 6; 2] minimal linear code by Algorithm 1 In the MSSS based on? (2, 6, 3), all the 32 authorized subsets in ( j ) min can be obtained according to Algorithm 2 As an illustration, we investigate authorized subsets in ( 3 ) min in which the participants can recover P 3 s secret s 3, which are given as follows: {1, 2, 6, 7, 8, 9, 1, 11, 13, 14, 18}, {1, 4, 5, 6, 11, 13, 14, 15, 17, 19, 21}, {4, 7, 1, 12, 18, 19, 21}, {1, 6, 7, 1, 13, 15, 21}, {1, 2, 4, 9, 11, 12, 13, 15, 17, 19, 2}, {4, 5, 6, 7, 8, 1, 11, 15, 19, 2, 21}, {1, 2, 8, 1, 11, 12, 14, 16, 18, 19, 21}, {2, 4, 5, 6, 7, 9, 1, 14, 18, 19, 2}, {5, 11, 12, 14, 17, 18, 21}, {1, 2, 4, 5, 6, 8, 9, 13, 17, 18, 19}, {2, 6, 9, 11, 17, 18, 2}, {1, 2, 4, 5, 7, 8, 12, 16, 17, 18, 21}, {1, 2, 4, 6, 7, 11, 15, 16, 17, 2, 21}, {1, 2, 5, 6, 1, 14, 15, 16, 19, 2, 21}, {5, 6, 7, 11, 13, 14, 16, 17, 18, 29}, {6, 8, 14, 15, 17, 2, 21}, {1, 4, 8, 12, 13, 14, 17, 18, 19, 2, 21}, {1, 4, 5, 7, 9, 11, 12, 14, 15, 16, 17}, {2, 7, 11, 12, 13, 16, 17, 18, 19, 2, 21}, {2, 4, 5, 1, 12, 13, 14, 16, 18, 2, 21}, {2, 4, 6, 8, 1, 11, 13, 14, 15, 16, 21}, {1, 2, 5, 7, 9, 1, 12, 13, 14, 15, 2}, {1, 9, 1, 12, 15, 16, 19}, {1, 5, 7, 8, 1, 11, 12, 13, 18, 2, 21}, {7, 8, 9, 12, 13, 14, 15, 16, 17, 19, 2}, {1, 5, 6, 8, 9, 1, 11, 16, 18, 19, 2}, {1, 4, 6, 7, 8, 9, 14, 16, 17, 18, 2}, {4, 5, 8, 9, 1, 11, 12, 13, 15, 16, 2}, {4, 6, 9, 1, 13, 16, 18}, {2, 5, 6, 7, 8, 13, 15, 16, 17, 19, 21}, {2, 4, 7, 8, 9, 1, 11, 12, 14, 15, 19}, {2, 5, 8, 9, 12, 15, 17}, Security omm Networks 215; 8: John Wiley & Sons, Ltd 27
7 Multi-use multi-secret sharing based on minimal linear codes Y Song et al where {2, 5, 8, 9, 12, 15, 17} denotes the authorized subset {P 2, P 5, P 8, P 9, P 12, P 15, P 17 } Each of the 2 participants except P 3 serves in 16 out of 32 minimal authorized subsets in ( 3 ) min without s 3 -dictators By Theorems 28 and 29, the shortening code of the minimal linear code (21) in Example 53 is a [21 i 1,k i 1; 2] minimal linear code (21, :::,21 i)[21 i 1] ( i 4) We might take i = 2 as an example and then obtain all minimal codewords in (21, 2, 19)[18] through programming as follows: then n 2 participants except P j serve in 23 k 2 minimalauthorized subsets in ( j ) min, and there exists one dictator P (n/2)+j in ( j ) min Proof Fix 1 j n For 1 i n and i j, g i is a multiple of g j if and only if i j 2 F 3 and = 2, where is a primitive element of F 3 m, namely, ord( 2(i j) ) 2 Note that ord( 2(i j) ) = 3 m 1/(3 m 1,2(i j)) If 3 m 1 = (3 m 1,2(i j)), which is a contradiction If 3 m 1 = 2(3 m 1,2(i (1, 1, 1,,, 1, 1, 1, 1, 1, 1,, 1, 1,,,, 1), (1, 1,, 1,,, 1, 1,,, 1,,, 1,, 1,, ), (, 1,, 1, 1, 1,, 1,, 1,, 1, 1,, 1, 1, 1, 1), (1,, 1, 1, 1,, 1,, 1,, 1, 1,, 1, 1, 1, 1, ), (1,,,, 1, 1, 1,,, 1, 1, 1, 1, 1, 1,, 1, 1), (,, 1, 1,, 1,,, 1, 1,,, 1,,, 1,, 1), (, 1, 1,, 1,,, 1, 1,,, 1,,, 1,, 1, ) In the MSSS based on (21, 2, 19)[18]?, there are four minimal authorized subsets in ( 3 ) min without s 3 -dictators Theorem 54 Let 1 j n (3, m,2)is an irreducible cyclic code with length n and dimension k If (3, m,2)is a minimal linear code, in the MSSS based on? (3, m,2), there are altogether 3 k 1 minimal authorized subsets in ( j ) min If2 n, then n 1participants except P j serve in 2 3 k 2 minimal authorized subsets in ( j ) min If2 n, j)), then i j = n/2, and there exists one dictator P (n/2)+j The conclusion then follows from Theorem 51 Example 55 Let N = 2 and 1 j 4 (3, 4, 2) is a [4, 4; 3] minimal linear code by Algorithm 1 In the MSSS based on? (3, 4, 2), all the 27 authorized subsets in ( j ) min can be obtained according to Algorithm 2 As an illustration, we investigate authorized subsets in ( 3 ) min in which the participants can recover P 3 s secret s 3, which are given as follows: {1, 2, 4, 5, 6, 7, 8, 9, 12, 14, 15, 16, 18, 2, 21, 22, 23, 24, 25, 26, 27, 28, 29, 32, 34, 35, 36, 38, 4}, {1, 4, 6, 1, 11, 13, 14, 15, 18, 19, 2, 21, 23, 24, 26, 3, 31, 33, 34, 35, 38, 39, 4}, {1, 2, 4, 5, 6, 7, 8, 11, 13, 14, 15, 17, 19, 2, 21, 22, 23, 24, 25, 26, 27, 28, 31, 33, 34, 35, 37, 39, 4}, {2, 5, 9, 1, 12, 13, 14, 17, 18, 19, 2, 22, 23, 25, 29, 3, 32, 33, 34, 37, 38, 39, 4}, {1, 2, 4, 5, 6, 7, 1, 12, 13, 14, 16, 18, 19, 2, 21, 22, 23, 24, 25, 26, 27, 3, 32, 33, 34, 36, 38, 39, 4}, {1, 2, 4, 5, 6, 9, 11, 12, 13, 15, 17, 18, 19, 2, 21, 22, 23, 24, 25, 26, 29, 31, 32, 33, 35, 37, 38, 39, 4}, {1, 7, 8, 1, 11, 12, 15, 16, 17, 18, 2, 21, 23, 27, 28, 3, 31, 32, 35, 36, 37, 38, 4}, {1, 2, 4, 5, 8, 1, 11, 12, 14, 16, 17, 18, 19, 2, 21, 22, 23, 24, 25, 28, 3, 31, 32, 34, 36, 37, 38, 39, 4}, {1, 2, 4, 7, 9, 1, 11, 13, 15, 16, 17, 18, 19, 2, 21, 22, 23, 24, 27, 29, 3, 31, 33, 35, 36, 37, 38, 39, 4}, {1, 2, 6, 8, 9, 1, 12, 14, 15, 16, 17, 18, 19, 2, 21, 22, 23, 26, 28, 29, 3, 32, 34, 35, 36, 37, 38, 39, 4}, {4, 6, 7, 8, 11, 12, 13, 14, 16, 17, 19, 23, 24, 26, 27, 28, 31, 32, 33, 34, 36, 37, 39}, {2, 5, 6, 7, 1, 11, 12, 13, 15, 16, 18, 22, 23, 25, 26, 27, 3, 31, 32, 33, 35, 36, 38}, {5, 6, 7, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 2, 23, 25, 26, 27, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 4}, {1, 4, 5, 8, 9, 1, 11, 13, 14, 16, 2, 21, 23, 24, 25, 28, 29, 3, 31, 33, 34, 36, 4}, {1, 4, 5, 7, 9, 1, 11, 12, 13, 14, 15, 16, 17, 18, 21, 23, 24, 25, 27, 29, 3, 31, 32, 33, 34, 35, 36, 37, 38}, {2, 4, 7, 8, 9, 1, 12, 13, 15, 19, 2, 22, 23, 24, 27, 28, 29, 3, 32, 33, 35, 39, 4}, {2, 4, 6, 8, 9, 1, 11, 12, 13, 14, 15, 16, 17, 2, 22, 23, 24, 26, 28, 29, 3, 31, 32, 33, 34, 35, 36, 37, 4}, {1, 2, 6, 7, 8, 9, 11, 12, 14, 18, 19, 21, 22, 23, 26, 27, 28, 29, 31, 32, 34, 38, 39}, {1, 2, 5, 7, 8, 9, 1, 11, 12, 13, 14, 15, 16, 19, 21, 22, 23, 25, 27, 28, 29, 3, 31, 32, 33, 34, 35, 36, 39}, {1, 5, 6, 7, 8, 9, 1, 11, 12, 13, 14, 17, 19, 2, 21, 23, 25, 26, 27, 28, 29, 3, 31, 32, 33, 34, 37, 39, 4}, 28 Security omm Networks 215; 8: John Wiley & Sons, Ltd
8 Y Song et al Multi-use multi-secret sharing based on minimal linear codes {4, 5, 6, 8, 9, 11, 15, 16, 18, 19, 2, 23, 24, 25, 26, 28, 29, 31, 35, 36, 38, 39, 4}, {2, 4, 5, 7, 8, 1, 14, 15, 17, 18, 19, 22, 23, 24, 25, 27, 28, 3, 34, 35, 37, 38, 39}, {1, 4, 5, 6, 7, 8, 9, 1, 11, 12, 15, 17, 18, 19, 21, 23, 24, 25, 26, 27, 28, 29, 3, 31, 32, 35, 37, 38, 39}, {1, 2, 4, 6, 7, 9, 13, 14, 16, 17, 18, 21, 22, 23, 24, 26, 27, 29, 33, 34, 36, 37, 38}, {2, 4, 5, 6, 7, 8, 9, 1, 11, 14, 16, 17, 18, 2, 22, 23, 24, 25, 26, 27, 28, 29, 3, 31, 34, 36, 37, 38, 4}, {1, 2, 5, 6, 8, 12, 13, 15, 16, 17, 2, 21, 22, 23, 25, 26, 28, 32, 33, 35, 36, 37, 4}, {1, 2, 4, 5, 6, 7, 8, 9, 1, 13, 15, 16, 17, 19, 21, 22, 23, 24, 25, 26, 27, 28, 29, 3, 33, 35, 36, 37, 39}, each of the 38 participants serves in 18 out of 27 minimal authorized subsets in ( 3 ) min with one dictator P 23 From Examples 53 and 55, we conclude that the minimal authorized subsets of the MSSS based on the duals of minimal linear codes are more vivid than those of (t, n) threshold For instance, the number of the participants involved in minimal authorized subsets in Example 53 is 11 or 7 6 PERFORMANE AND SEURITY ANALYSIS 61 Security analysis In this section, we determine the security of our scheme in the following The security of our scheme can be analyzed from the following different views (1) Our scheme will not disclose participants real secret share even after multiple secret reconstructions For 1 i n, 1 j n, and i j, even though all pseudo-secret shares [(t ji ) e i] d imod n i have been exposed among many co-operating participants, each participant s real secret share d i is well protected by the RSA cryptosystem In order to share the next n secrets, each participant who also acts as a dealer recalculates the data in each column of Table I without renewing every participant s secret share d i (2) Our scheme employs the public key cryptographic process, that is, RSA cryptosystem, which shows that a secret channel is not necessary at all in this scheme and our scheme is computationally secure and efficient (3) Each participant selects her or his secret share by herself or himself; thus, it is impossible for the dealer to cheat 62 Dynamic multi-secret sharing In our proposed scheme, the participant and the secret can be dynamically operated without updating any participant s share This is a very important question with a lot of practical applications In this section, we discuss the scheme by considering a dynamic refresh, delete, and addition in accordance with practical settings Let be an [n, k; q] code If the number of the participants is less than n, then we can construct the MSSS from an [n i, k i; q] code (n, n 1,:::, n i + 1)[n i] for 1 i n k 2 (1) Fix 1 i n k 2 When a new participant P n i+1 joins the network, she or he selects her or his own share d n i+1 and publishes {n n i+1, e n i+1 } The dealer P j computes and publishes (u j g n i+1 ) e n i+1, for 1 j n i The new participant P n i+1 publishes (u n i+1 g j ) e j to the other n i participants P j for sharing her or his secret s n i+1 In this case, the MSSS is based on the code (n, n 1,:::, n i+2)[n i + 1] (2) Fix 1 i n k 2 When we need to delete a participant P n i, each of the dealer P j only needs to erase (u j g n i ) e n i, for 1 j n i 1 In this case, the MSSS is based on the code (n, n 1,:::, n i)[n i 1] 63 Performance analysis In this section, we will discuss some important properties of the proposed scheme (1) Each participant can share any secrets with other participants by holding only one shadow; that is, our scheme is an MSSS Besides, because each shareholder can act as a dealer that shares her or his secret among the other participants, this scheme can be applied to the multi-proxy signature among all the members (2) The shadow of each participant will never be disclosed in the recovery and verification phases, and its reuse is secure Each participant P j (1 j n) who also acts as a dealer only has to choose a new vector u j such that s j = u j g j in order to perform recovery phase to publish some information of the renewed secrets In other words, the real secret shares do not need to change, and reuse of them is secure for the next construction phases Therefore, the proposed scheme is multi-use (3) ompared with Massey s scheme [17,18], our scheme presents a one-to-one correspondence between the family of minimal access structures and Security omm Networks 215; 8: John Wiley & Sons, Ltd 29
9 Multi-use multi-secret sharing based on minimal linear codes Y Song et al Table II The comparisons among the schemes in [9,16] and our scheme Features Type1 [9] Type2 [9] Scheme in [16] Our scheme Each participant holds only one share to share multi-secrets Yes Yes Yes Yes The share is reusable when participants are joining/quitting the group Yes Yes Yes Yes The share is reusable when shared secrets are reconstructed Yes Yes Yes Yes Recover multi-secrets by Lagrange interpolating polynomials Yes Yes No No The distribution phase is relevant to the coding theory No No Yes Yes Different secrets are associated with different access structures No No No Yes Access structures possess more vivid authorized sets No No No Yes No security channel Yes Yes No Yes Each participant selects her or his secret share by herself or himself Yes Yes No Yes The dealer does not know the share of each participant No Yes No Yes the sets of j-minimal codewords(1 j n) instead of the only 1-minimal codewords For this reason, the utilization rate of codewords in our scheme is much higher than that of Massey s scheme (4) The schemes in [9] and [16] are also having almost the same features as that of the proposed scheme We give a comparison of these three schemes with the proposed one in Table II Remark 3 The validity of the shares can be verified in a verifiable secret sharing scheme; thus, participants are not able to cheat Based on our scheme, we can further construct a verifiable MSSS by adding the existing verifiability methods where the intractability of a discrete logarithm problem is frequently employed [9 11] 7 ONLUSION We proposed the concept of minimal linear codes and studied the algorithm to determine whether irreducible cyclic codes are minimal Furthermore, we devised an MSSS based on the theory of minimal linear codes and characterized the access structures of the scheme The major characteristics of its construction are multi-use of the shares and that each participant acts as a dealer whose secret can be shared among the other participants, which provides more flexibility Besides, our MSSS based on minimal linear codes possess more vivid access structures depending on the diversity of the weight distribution, which may be desirable in certain applications because participants in such schemes become more democratic and powerful Because the number of participants of the minimal authorized subsets of the schemes based on minimal linear codes is relevant to the weight of minimal codewords, we shall work on the study of minimal linear codes with three weights or more than three weights in future work AKNOWLEDGEMENTS This work was supported by the National Natural Science Foundation of hina (grant no ) and the Key Technologies R & D Program of Shaanxi Province (grant no 213k611) REFERENES 1 Shamir A How to share a secret ommunications of the AM 1979; 22(11): Blakley GR Safeguarding cryptographic keys In Proceedings of AFIPS National omputer onference, Vol 48 AFIPS Press: New York, USA, 1979; Jin Y, Ding S Secret sharing schemes from three classes of linear codes IEEE Transactions on Information Theory 26; 52(1): Giulietti M, Vincenti R Three-level secret sharing schemes from the twisted cubic Discrete Mathematics 21; 31(22): Parakh A, Kak S Space efficient secret sharing for implicit data security Information Science 211; 181 (2): sirmaz L, Tardos G On-line secret sharing Designs, odes and ryptography 212; 63(1): Harn L Secure secret reconstruction and multisecret sharing schemes with unconditional security Security and ommunication Networks 213, doi: 12/sec758 8 Yang, hang TY, Hwang MS A (t, n) multi-secret sharing scheme Applied Mathematics and omputation 24; 151(2): Dehkordi MH, Mashhadi S New efficient and practical verifiable multi-secret sharing schemes Information Sciences 28; 178(9): Zhao JJ, Zhang JJ, Zhao R A practical verifiable multi-secret sharing scheme omputer Standards and Interfaces 27; 29(1): Dehkordi MH, Mashhadi S An efficient threshold verifiable multi-secret sharing omputer Standards and Interfaces 28; 3(3): Pang LJ, Wang YM A new (t, n) multi-secret sharing scheme based on Shamir s secret sharing Applied Mathematics and omputation 25; 167(2): Security omm Networks 215; 8: John Wiley & Sons, Ltd
10 Y Song et al Multi-use multi-secret sharing based on minimal linear codes 13 Hu Q, Liao XF, heng XZ Verifiable multi-secret sharing based on LFSR sequences Theoretical omputer Science 212; 445(3): Herranz J, Ruiz A, Sez G New results and applications for multi-secret sharing schemes Designs, odes and ryptography 213: Blundo, Santis AD, rescenzo GD, Gaggia AG, Vaccaro U Multi-secret sharing schemes, Advances in ryptology-rypto 94, USA, 1993; hien HY, Jan JK, Tseng YM A practical (t, n) multisecret sharing schemes IEIE Transactions 2; E83-A(12): Massey JL Minimal codewords and secret sharing, The 6th Joint Swedish-Russian Workshop on Information Theory, Sweden, 1993; Massey JL Some applications of coding theory in cryptography In ryptography and oding IV Formara Ltd: England, 1995; Li ZH, Xue T, Lai H Secret sharing schemes from binary linear codes Information Science 21; 18 (22): Ding S, Jin Y overing and secret sharing with linear codes In Discrete Mathematics and Theoretical omputer Science: Lecture Notes in omputer Science, Vol 2731 Springer Verlag: Berlin Heidelberg, 23; hen Q, Pei DY, Tang M, et al A note on ramp secret sharing schemes from error-correcting codes Mathematical and omputer Modelling 213; 57 (11-12): ruz RD, Wang HX heating-immune secret sharing schemes from codes and cumulative arrays ryptography and ommunications 213; 5 (1): Security omm Networks 215; 8: John Wiley & Sons, Ltd 211
Secret-sharing with a class of ternary codes
Theoretical Computer Science 246 (2000) 285 298 www.elsevier.com/locate/tcs Note Secret-sharing with a class of ternary codes Cunsheng Ding a, David R Kohel b, San Ling c; a Department of Computer Science,
More informationSecret Sharing Schemes from a Class of Linear Codes over Finite Chain Ring
Journal of Computational Information Systems 9: 7 (2013) 2777 2784 Available at http://www.jofcis.com Secret Sharing Schemes from a Class of Linear Codes over Finite Chain Ring Jianzhang CHEN, Yuanyuan
More informationSecret Sharing for General Access Structures
SECRET SHARING FOR GENERAL ACCESS STRUCTURES 1 Secret Sharing for General Access Structures İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Abstract Secret sharing schemes (SSS) are used to distribute
More informationAn Efficient Lattice-based Secret Sharing Construction
An Efficient Lattice-based Secret Sharing Construction Rachid El Bansarkhani 1 and Mohammed Meziani 2 1 Technische Universität Darmstadt Fachbereich Informatik Kryptographie und Computeralgebra, Hochschulstraße
More informationDetection of Cheaters in Non-interactive Polynomial Evaluation
Detection of Cheaters in Non-interactive Polynomial Evaluation Maki Yoshida 1 and Satoshi Obana 2 1 Osaka University, Japan 2 Hosei University, Japan Abstract. In this paper, we consider both theoretical
More informationIntroduction to Modern Cryptography Lecture 11
Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00
More informationCompartmented Threshold RSA Based on the Chinese Remainder Theorem
Compartmented Threshold RSA Based on the Chinese Remainder Theorem Sorin Iftene Department of Computer Science, Al. I. Cuza University, 700483 Iasi, Romania siftene@info.uaic.ro Manuela Grindei LSV, ENS
More informationOptimal XOR based (2,n)-Visual Cryptography Schemes
Optimal XOR based (2,n)-Visual Cryptography Schemes Feng Liu and ChuanKun Wu State Key Laboratory Of Information Security, Institute of Software Chinese Academy of Sciences, Beijing 0090, China Email:
More informationSELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION
Journal of Applied Mathematics and Computational Mechanics 2016, 15(1), 39-47 www.amcm.pcz.pl p-issn 2299-9965 DOI: 10.17512/jamcm.2016.1.04 e-issn 2353-0588 SELECTED APPLICATION OF THE CHINESE REMAINDER
More informationThreshold Undeniable RSA Signature Scheme
Threshold Undeniable RSA Signature Scheme Guilin Wang 1, Sihan Qing 1, Mingsheng Wang 1, and Zhanfei Zhou 2 1 Engineering Research Center for Information Security Technology; State Key Laboratory of Information
More informationPerfect Secret Sharing Schemes from Room Squares
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 1998 Perfect Secret Sharing Schemes from Room Squares G. R. Chaudhry University
More informationPerfect Secret Sharing Schemes Based on Generalized Kirkman Squares
Applied Mathematical Sciences, Vol. 6, 2012, no. 56, 2785-2790 Perfect Secret Sharing Schemes Based on Generalized Kirkman Squares Wang Changyuan School of Mathematics and Statistics Zaozhuang University,
More informationWeighted Threshold Secret Sharing Based on the Chinese Remainder Theorem
Weighted Threshold Secret Sharing Based on the Chinese Remainder Theorem Sorin Iftene and Ioana Boureanu Faculty of Computer Science Al. I. Cuza University Iaşi, Romania {siftene,iboureanu}@infoiasi.ro
More informationSecret sharing schemes
Secret sharing schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction Shamir s secret sharing scheme perfect secret
More informationVisual Cryptography Schemes with Optimal Pixel Expansion
Visual Cryptography Schemes with Optimal Pixel Expansion Carlo Blundo, Stelvio Cimato and Alfredo De Santis Dipartimento di Informatica ed Applicazioni Università degli Studi di Salerno, 808, Baronissi
More informationINFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING
INFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING Changlu Lin State Key Lab. of Information Security, Graduate University of Chinese Academy of Sciences, China Key Lab. of Network Security
More informationPerfect Secret Sharing Schemes from Room. Squares. Ghulam-Rasool Chaudhry. Centre for Computer Security Research. University of Wollongong
Perfect Secret Sharing Schemes from Room Squares Ghulam-Rasool Chaudhry Hossein Ghodosi Jennifer Seberry Department of Computer Science Centre for Computer Security Research University of Wollongong Wollongong,
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationUniversity Alexandru Ioan Cuza of Iaşi Faculty of Computer Science. Threshold RSA Based on the General Chinese Remainder Theorem
University Alexandru Ioan Cuza of Iaşi Faculty of Computer Science T E C H N I C A L R E P O R T Threshold RSA Based on the General Chinese Remainder Theorem Sorin Iftene TR 05-05, August 2005 ISSN 1224-9327
More informationOn Locating-Dominating Codes in Binary Hamming Spaces
Discrete Mathematics and Theoretical Computer Science 6, 2004, 265 282 On Locating-Dominating Codes in Binary Hamming Spaces Iiro Honkala and Tero Laihonen and Sanna Ranto Department of Mathematics and
More informationVisual cryptography schemes with optimal pixel expansion
Theoretical Computer Science 369 (2006) 69 82 wwwelseviercom/locate/tcs Visual cryptography schemes with optimal pixel expansion Carlo Blundo a,, Stelvio Cimato b, Alfredo De Santis a a Dipartimento di
More informationCryptanalysis of Threshold-Multisignature Schemes
Cryptanalysis of Threshold-Multisignature Schemes Lifeng Guo Institute of Systems Science, Academy of Mathematics and System Sciences, Chinese Academy of Sciences, Beijing 100080, P.R. China E-mail address:
More informationOptimal Linear Secret Sharing Schemes for Graph Access Structures on Six Participants
Optimal Linear Secret Sharing Schemes for Graph Access Structures on Six Participants Motahhareh Gharahi Shahram Khazaei Abstract We review the problem of finding the optimal information ratios of graph
More informationHow to Build Robust Shared Control Systems
Designs, Codes and Cryptography, 15, 111?? (1998) c 1998 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands. How to Build Robust Shared Control Systems ROSS ANDERSON rja14@cl.cam.ac.uk
More informationCompartmented Secret Sharing Based on the Chinese Remainder Theorem
Compartmented Secret Sharing Based on the Chinese Remainder Theorem Sorin Iftene Faculty of Computer Science Al. I. Cuza University Iaşi, Romania siftene@infoiasi.ro Abstract A secret sharing scheme starts
More informationarxiv: v3 [cs.cr] 15 Jun 2017
Use of Signed Permutations in Cryptography arxiv:1612.05605v3 [cs.cr] 15 Jun 2017 Iharantsoa Vero RAHARINIRINA ihvero@yahoo.fr Department of Mathematics and computer science, Faculty of Sciences, BP 906
More informationCorrecting Codes in Cryptography
EWSCS 06 Palmse, Estonia 5-10 March 2006 Lecture 2: Orthogonal Arrays and Error- Correcting Codes in Cryptography James L. Massey Prof.-em. ETH Zürich, Adjunct Prof., Lund Univ., Sweden, and Tech. Univ.
More information1-Resilient Boolean Function with Optimal Algebraic Immunity
1-Resilient Boolean Function with Optimal Algebraic Immunity Qingfang Jin Zhuojun Liu Baofeng Wu Key Laboratory of Mathematics Mechanization Institute of Systems Science, AMSS Beijing 100190, China qfjin@amss.ac.cn
More informationA Knapsack Cryptosystem Based on The Discrete Logarithm Problem
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem By K.H. Rahouma Electrical Technology Department Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationCyclotomic Cosets, Codes and Secret Sharing
Malaysian Journal of Mathematical Sciences 11(S) August: 59-73 (017) Special Issue: The 5th International Cryptology and Information Security Conference (New Ideas in Cryptology) MALAYSIAN JOURNAL OF MATHEMATICAL
More informationComputers and Mathematics with Applications
Computers and Mathematics with Applications 61 (2011) 1261 1265 Contents lists available at ScienceDirect Computers and Mathematics with Applications journal homepage: wwwelseviercom/locate/camwa Cryptanalysis
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationCryptanalysis of a Knapsack Based Two-Lock Cryptosystem
Cryptanalysis of a Knapsack Based Two-Lock Cryptosystem Bin Zhang 1,2, Hongjun Wu 1, Dengguo Feng 2, and Feng Bao 1 1 Institute for Infocomm Research, Singapore 119613 2 State Key Laboratory of Information
More informationRandomized Component and Group Oriented (t,m,n)-secret Sharing
Randomized Component and Group Oriented (t,m,n)-secret Sharing Miao Fuyou School of Computer Sci. & Tech.,USTC 2016.4.10 Outline (t,n)-secret Sharing 2 Attacks Against (t,n)-ss Randomized Component (t,m,n)-group
More informationVector spaces. EE 387, Notes 8, Handout #12
Vector spaces EE 387, Notes 8, Handout #12 A vector space V of vectors over a field F of scalars is a set with a binary operator + on V and a scalar-vector product satisfying these axioms: 1. (V, +) is
More informationConstructing Verifiable Random Number in Finite Field
Jun Ye 1, Xiaofeng Chen 2, and Jianfeng Ma 2 1 School of Science, Sichuan University of Science and Engineering Zigong, Sichuan, China yejun@suseeducn 2 School of Telecommunication Engineering, Xidian
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationSecure RAID Schemes from EVENODD and STAR Codes
Secure RAID Schemes from EVENODD and STAR Codes Wentao Huang and Jehoshua Bruck California Institute of Technology, Pasadena, USA {whuang,bruck}@caltechedu Abstract We study secure RAID, ie, low-complexity
More information9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationA New Algorithm to Compute Terms in Special Types of Characteristic Sequences
A New Algorithm to Compute Terms in Special Types of Characteristic Sequences Kenneth J. Giuliani 1 and Guang Gong 2 1 Dept. of Mathematical and Computational Sciences University of Toronto at Mississauga
More informationThreshold Cryptography
Threshold Cryptography Cloud Security Mechanisms Björn Groneberg - Summer Term 2013 09.07.2013 Threshold Cryptography 1 ? 09.07.2013 Threshold Cryptography 2 Threshold Cryptography Sharing Secrets Treasure
More informationSome results on the existence of t-all-or-nothing transforms over arbitrary alphabets
Some results on the existence of t-all-or-nothing transforms over arbitrary alphabets Navid Nasr Esfahani, Ian Goldberg and Douglas R. Stinson David R. Cheriton School of Computer Science University of
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More information(Reprint of pp in Proc. 2nd Int. Workshop on Algebraic and Combinatorial coding Theory, Leningrad, Sept , 1990)
(Reprint of pp. 154-159 in Proc. 2nd Int. Workshop on Algebraic and Combinatorial coding Theory, Leningrad, Sept. 16-22, 1990) SYSTEMATICITY AND ROTATIONAL INVARIANCE OF CONVOLUTIONAL CODES OVER RINGS
More informationA New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm
A New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm Min-Shiang Hwang Cheng-Chi Lee Shiang-Feng Tzeng Department of Management Information System National Chung Hsing University
More informationMultipartite Secret Sharing Based on CRT
Wireless Pers Commun DOI 10.1007/s11277-014-1751-x Multipartite Secret Sharing Based on CRT Ching-Fang Hsu Lein Harn Springer Science+Business Media New York 2014 Abstract Secure communication has become
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationConstruction of quasi-cyclic self-dual codes
Construction of quasi-cyclic self-dual codes Sunghyu Han, Jon-Lark Kim, Heisook Lee, and Yoonjin Lee December 17, 2011 Abstract There is a one-to-one correspondence between l-quasi-cyclic codes over a
More information} has dimension = k rank A > 0 over F. For any vector b!
FINAL EXAM Math 115B, UCSB, Winter 2009 - SOLUTIONS Due in SH6518 or as an email attachment at 12:00pm, March 16, 2009. You are to work on your own, and may only consult your notes, text and the class
More informationDifferential properties of power functions
Differential properties of power functions Céline Blondeau, Anne Canteaut and Pascale Charpin SECRET Project-Team - INRIA Paris-Rocquencourt Domaine de Voluceau - B.P. 105-8153 Le Chesnay Cedex - France
More informationCryptanalysis of a Group Key Transfer Protocol Based on Secret Sharing: Generalization and Countermeasures
Cryptanalysis of a Group Key Transfer Protocol Based on Secret Sharing: Generalization and Countermeasures Kallepu Raju, Appala Naidu Tentu, V. Ch. Venkaiah Abstract: Group key distribution protocol is
More informationLecture 4: Linear Codes. Copyright G. Caire 88
Lecture 4: Linear Codes Copyright G. Caire 88 Linear codes over F q We let X = F q for some prime power q. Most important case: q =2(binary codes). Without loss of generality, we may represent the information
More informationVerifiable Secret Redistribution
Verifiable Secret Redistribution Theodore M. Wong Jeannette M. Wing October 2001 CMU-CS-01-155 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Abstract We present a new protocol
More informationDecomposing Bent Functions
2004 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 49, NO. 8, AUGUST 2003 Decomposing Bent Functions Anne Canteaut and Pascale Charpin Abstract In a recent paper [1], it is shown that the restrictions
More informationEfficient Secret Sharing Schemes Achieving Optimal Information Rate
Efficient Secret Sharing Schemes Achieving Optimal Information Rate Yongge Wang KINDI Center for Computing Research, Qatar University, Qatar and Department of SIS, UNC Charlotte, USA Email: yonggewang@unccedu
More informationSecurity in Locally Repairable Storage
1 Security in Locally Repairable Storage Abhishek Agarwal and Arya Mazumdar Abstract In this paper we extend the notion of locally repairable codes to secret sharing schemes. The main problem we consider
More informationAitken and Neville Inverse Interpolation Methods over Finite Fields
Appl. Num. Anal. Comp. Math. 2, No. 1, 100 107 (2005) / DOI 10.1002/anac.200410027 Aitken and Neville Inverse Interpolation Methods over Finite Fields E.C. Laskari 1,3, G.C. Meletiou 2,3, and M.N. Vrahatis
More informationEFFICIENT COMPUTATION OF TERMS OF LINEAR RECURRENCE SEQUENCES OF ANY ORDER
#A39 INTEGERS 8 (28) EFFIIENT OMPUTATION OF TERMS OF LINEAR REURRENE SEQUENES OF ANY ORDER Dmitry I. Khomovsky Lomonosov Moscow State University, Moscow, Russia khomovskij@physics.msu.ru Received: /2/6,
More informationQuantum secret sharing based on quantum error-correcting codes
Quantum secret sharing based on quantum error-correcting codes Zhang Zu-Rong( ), Liu Wei-Tao( ), and Li Cheng-Zu( ) Department of Physics, School of Science, National University of Defense Technology,
More informationTheoretical Cryptography, Lecture 13
Theoretical Cryptography, Lecture 13 Instructor: Manuel Blum Scribe: Ryan Williams March 1, 2006 1 Today Proof that Z p has a generator Overview of Integer Factoring Discrete Logarithm and Quadratic Residues
More informationCheating Detection and Cheater Identification in CRT-based Secret Sharing Schemes
Cheating Detection and Cheater Identification in CRT-based Secret Sharing Schemes Daniel Pasailă, Vlad Alexa, Sorin Iftene Department of Computer Science Al I Cuza University Iasi, Romania Email: {danielpasaila,vladalexa,siftene}@infouaicro
More informationQuantum algorithms for computing short discrete logarithms and factoring RSA integers
Quantum algorithms for computing short discrete logarithms and factoring RSA integers Martin Ekerå, Johan Håstad February, 07 Abstract In this paper we generalize the quantum algorithm for computing short
More informationEncrypting More Information in Visual Cryptography Scheme
Encrypting More Information in Visual Cryptography Scheme Feng Liu 1, Peng Li 2 and ChuanKun Wu 1 1 State Key Laboratory Of Information Security, Institute of Information Engineering, Chinese Academy of
More informationAn Unconditionally Secure Protocol for Multi-Party Set Intersection
An Unconditionally Secure Protocol for Multi-Party Set Intersection Ronghua Li 1,2 and Chuankun Wu 1 1 State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences,
More informationOn The Weights of Binary Irreducible Cyclic Codes
On The Weights of Binary Irreducible Cyclic Codes Yves Aubry and Philippe Langevin Université du Sud Toulon-Var, Laboratoire GRIM F-83270 La Garde, France, {langevin,yaubry}@univ-tln.fr, WWW home page:
More informationPREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS
PREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS JAIME GUTIERREZ, ÁLVAR IBEAS, DOMINGO GÓMEZ-PEREZ, AND IGOR E. SHPARLINSKI Abstract. We study the security of the linear generator
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationDiscrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6A Solution
CS 70 Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6A Solution 1. Polynomial intersections Find (and prove) an upper-bound on the number of times two distinct degree
More informationCyclic codes: overview
Cyclic codes: overview EE 387, Notes 14, Handout #22 A linear block code is cyclic if the cyclic shift of a codeword is a codeword. Cyclic codes have many advantages. Elegant algebraic descriptions: c(x)
More informationGraph Decompositions and Secret Sharing Schemes 1
Graph ecompositions and Secret Sharing Schemes 1. lundo and. e Santis ipartimento di Informatica Università di Salerno 84081 aronissi (S), Italy. R. Stinson omputer Science and ngineering epartment and
More informationCommunication Efficient Secret Sharing
1 Communication Efficient Secret Sharing Wentao Huang, Michael Langberg, Senior Member, IEEE, Joerg Kliewer, Senior Member, IEEE, and Jehoshua Bruck, Fellow, IEEE Abstract A secret sharing scheme is a
More informationLinear Extension Cube Attack on Stream Ciphers ABSTRACT 1. INTRODUCTION
Malaysian Journal of Mathematical Sciences 9(S) June: 139-156 (015) Special ssue: The 4 th nternational Cryptology and nformation Security Conference 014 (Cryptology 014) MALAYSAN JOURNAL OF MATHEMATCAL
More informationLecture 04: Secret Sharing Schemes (2) Secret Sharing
Lecture 04: Schemes (2) Recall: Goal We want to Share a secret s Z p to n parties, such that {1,..., n} Z p, Any two parties can reconstruct the secret s, and No party alone can predict the secret s Recall:
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationLattice Reduction Attack on the Knapsack
Lattice Reduction Attack on the Knapsack Mark Stamp 1 Merkle Hellman Knapsack Every private in the French army carries a Field Marshal wand in his knapsack. Napoleon Bonaparte The Merkle Hellman knapsack
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationx n k m(x) ) Codewords can be characterized by (and errors detected by): c(x) mod g(x) = 0 c(x)h(x) = 0 mod (x n 1)
Cyclic codes: review EE 387, Notes 15, Handout #26 A cyclic code is a LBC such that every cyclic shift of a codeword is a codeword. A cyclic code has generator polynomial g(x) that is a divisor of every
More informationNotes on Alekhnovich s cryptosystems
Notes on Alekhnovich s cryptosystems Gilles Zémor November 2016 Decisional Decoding Hypothesis with parameter t. Let 0 < R 1 < R 2 < 1. There is no polynomial-time decoding algorithm A such that: Given
More information3. Coding theory 3.1. Basic concepts
3. CODING THEORY 1 3. Coding theory 3.1. Basic concepts In this chapter we will discuss briefly some aspects of error correcting codes. The main problem is that if information is sent via a noisy channel,
More informationIdeal Hierarchical Secret Sharing Schemes
Ideal Hierarchical Secret Sharing Schemes Oriol Farràs and Carles Padró Universitat Politècnica de Catalunya, Barcelona, Spain. Abstract. Hierarchical secret sharing is among the most natural generalizations
More informationarxiv: v1 [cs.cr] 1 May 2012
A SECRET SHARING SCHEME BASED ON GROUP PRESENTATIONS AND THE WORD PROBLEM arxiv:1205.0157v1 [cs.cr] 1 May 2012 MAGGIE HABEEB, DELARAM KAHROBAEI, AND VLADIMIR SHPILRAIN Abstract. A (t, n)-threshold secret
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationSecret Sharing CPT, Version 3
Secret Sharing CPT, 2006 Version 3 1 Introduction In all secure systems that use cryptography in practice, keys have to be protected by encryption under other keys when they are stored in a physically
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationQuasi-cyclic codes. Jay A. Wood. Algebra for Secure and Reliable Communications Modeling Morelia, Michoacán, Mexico October 12, 2012
Quasi-cyclic codes Jay A. Wood Department of Mathematics Western Michigan University http://homepages.wmich.edu/ jwood/ Algebra for Secure and Reliable Communications Modeling Morelia, Michoacán, Mexico
More informationConstruction of Multiplicative Monotone Span Program
Construction of Multiplicative Monotone Span Program Yuenai Chen, Chunming Tang,2 School of Mathematics and Information Sciences, Guangzhou University, Guangzhou 50006, China 2 Key Laboratory of Mathematics
More informationSecret Sharing Schemes
Secret Sharing Schemes 1.1 Introduction 1 1 Handling secret has been an issue of prominence from the time human beings started to live together. Important things and messages have been always there to
More informationIdeals over a Non-Commutative Ring and their Application in Cryptology
Ideals over a Non-Commutative Ring and their Application in Cryptology E. M. Gabidulin, A. V. Paramonov and 0. V. Tretjakov Moscow Institute of Physics and Technology 141700 Dolgoprudnii Moscow Region,
More informationPAPER Secret Sharing Schemes Based on Linear Codes Can Be Precisely Characterized by the Relative Generalized Hamming Weight
2067 PAPER Secret Sharing Schemes Based on Linear Codes Can Be Precisely Characterized by the Relative Generalized Hamming Weight Jun KURIHARA, a), Member, Tomohiko UYEMATSU b), Senior Member, and Ryutaroh
More informationA Note on the Density of the Multiple Subset Sum Problems
A Note on the Density of the Multiple Subset Sum Problems Yanbin Pan and Feng Zhang Key Laboratory of Mathematics Mechanization, Academy of Mathematics and Systems Science, Chinese Academy of Sciences,
More informationLow complexity bit-parallel GF (2 m ) multiplier for all-one polynomials
Low complexity bit-parallel GF (2 m ) multiplier for all-one polynomials Yin Li 1, Gong-liang Chen 2, and Xiao-ning Xie 1 Xinyang local taxation bureau, Henan, China. Email:yunfeiyangli@gmail.com, 2 School
More informationApplications of Galois Geometries to Coding Theory and Cryptography
Applications of Galois Geometries to Coding Theory and Cryptography Ghent University Dept. of Mathematics Krijgslaan 281 - Building S22 9000 Ghent Belgium Albena, July 1, 2013 1. Affine spaces 2. Projective
More informationElementary 2-Group Character Codes. Abstract. In this correspondence we describe a class of codes over GF (q),
Elementary 2-Group Character Codes Cunsheng Ding 1, David Kohel 2, and San Ling Abstract In this correspondence we describe a class of codes over GF (q), where q is a power of an odd prime. These codes
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationCRYPTOGRAPHY AND LARGE PRIMES *
CRYPTOGRAPHY AND LARGE PRIMES * B. Hartley University of Manchester, England, and National University of Singapore The word "cryptography" derives from Greek and means "secret writing". Since ancient times,
More informationImpossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128
Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-8 Zheng Yuan,,, ian Li, Beijing Electronic Science & Technology Institute, Beijing 7, P.R. China zyuan@tsinghua.edu.cn, sharonlee95@6.com
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More information