Results 1 
8 of
8
General Secure MultiParty Computation from any Linear SecretSharing Scheme
, 2000
"... Abstract. We show that verifiable secret sharing (VSS) and secure multiparty computation (MPC) among a set of n players can efficiently be based on any linear secret sharing scheme (LSSS) for the players, provided that the access structure of the LSSS allows MPC or VSS at all. Because an LSSS neith ..."
Abstract

Cited by 122 (20 self)
 Add to MetaCart
Abstract. We show that verifiable secret sharing (VSS) and secure multiparty computation (MPC) among a set of n players can efficiently be based on any linear secret sharing scheme (LSSS) for the players, provided that the access structure of the LSSS allows MPC or VSS at all. Because an LSSS neither guarantees reconstructability when some shares are false, nor verifiability of a shared value, nor allows for the multiplication of shared values, an LSSS is an apparently much weaker primitive than VSS or MPC. Our approach to secure MPC is generic and applies to both the informationtheoretic and the cryptographic setting. The construction is based on 1) a formalization of the special multiplicative property of an LSSS that is needed to perform a multiplication on shared values, 2) an efficient generic construction to obtain from any LSSS a multiplicative LSSS for the same access structure, and 3) an efficient generic construction to build verifiability into every LSSS (always assuming that the adversary structure allows for MPC or VSS at all). The protocols are efficient. In contrast to all previous informationtheoretically secure protocols, the field size is not restricted (e.g, to be greater than n). Moreover, we exhibit adversary structures for which our protocols are polynomial in n while all previous approaches to MPC for nonthreshold adversaries provably have superpolynomial complexity. 1
Optimal BlackBox Secret Sharing over Arbitrary Abelian Groups
 In Proc. of CRYPTO '02, LNCS 2442
, 2002
"... Abstract. A blackbox secret sharing scheme for the threshold access structure Tt,n is one which works over any finite Abelian group G. Briefly, such a scheme differs from an ordinary linear secret sharing scheme (over, say, a given finite field) in that distribution matrix and reconstruction vector ..."
Abstract

Cited by 25 (7 self)
 Add to MetaCart
Abstract. A blackbox secret sharing scheme for the threshold access structure Tt,n is one which works over any finite Abelian group G. Briefly, such a scheme differs from an ordinary linear secret sharing scheme (over, say, a given finite field) in that distribution matrix and reconstruction vectors are defined over Z and are designed independently of the group G from which the secret and the shares are sampled. This means that perfect completeness and perfect privacy are guaranteed regardless of which group G is chosen. We define the blackbox secret sharing problem as the problem of devising, for an arbitrary given Tt,n, a scheme with minimal expansion factor, i.e., where the length of the full vector of shares divided by the number of players n is minimal. Such schemes are relevant for instance in the context of distributed cryptosystems based on groups with secret or hard to compute group order. A recent example is secure general multiparty computation over blackbox rings. In 1994 Desmedt and Frankel have proposed an elegant approach to the blackbox secret sharing problem based in part on polynomial interpolation over cyclotomic number fields. For arbitrary given Tt,n with 0 < t < n − 1, the expansion factor of their scheme is O(n). This is the best previous general approach to the problem. Using certain low degree integral extensions of Z over which there exist pairs of sufficiently large Vandermonde matrices with coprime determinants, we construct, for arbitrary given Tt,n with 0 < t < n − 1, a blackbox secret sharing scheme with expansion factor O(log n), which we show is minimal. 1
Hierarchical threshold secret sharing
 Proc. of the Theory of Cryptography Conference 2004, MIT
, 2004
"... Abstract. We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings, the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of part ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
Abstract. We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings, the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k0 members from the highest level, as well as at least k1> k0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past, none of the existing solutions addresses the simple setting where, say, a bank transfer should be signed by three employees, at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that, unlike most secret sharing schemes that are suitable for hierarchical structures, is ideal. As in Shamir’s scheme, the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently, our scheme uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In the course of this discussion, we borrow some results from the theory of Birkhoff interpolation over R and import them to the context of finite fields. 1
On Arithmetic Branching Programs
 IN PROC. OF THE 13TH ANNUAL IEEE CONFERENCE ON COMPUTATIONAL COMPLEXITY
, 1998
"... The model of arithmetic branching programs is an algebraic model of computation generalizing the model of modular branching programs. We show that, up to a polynomial factor in size, arithmetic branching programs are equivalent to complements of dependency programs, a model introduced by Pudl'ak ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
The model of arithmetic branching programs is an algebraic model of computation generalizing the model of modular branching programs. We show that, up to a polynomial factor in size, arithmetic branching programs are equivalent to complements of dependency programs, a model introduced by Pudl'ak and Sgall [20]. Using this equivalence we prove that dependency programs are closed under conjunction over every field, answering an open problem of [20]. Furthermore, we show that span programs, an algebraic model of computation introduced by Karchmer and Wigderson [16], are at least as strong as arithmetic programs; every arithmetic program can be simulated by a span program of size not more than twice the size of the arithmetic program. Using the above results we give a new proof that NL/poly ` \PhiL/poly, first proved by Wigderson [25]. Our simulation of NL/poly is more efficient, and it holds for logspace counting classes over every field.
Multipartite Secret Sharing by Bivariate Interpolation
 33rd International Colloquium on Automata, Languages and Programming, ICALP 2006, Lecture Notes in Comput. Sci. 4052
, 2006
"... Abstract. Given a set of participants that is partitioned into distinct compartments, a multipartite access structure is an access structure that does not distinguish between participants that belong to the same compartment. We examine here three types of such access structures compartmented access ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Abstract. Given a set of participants that is partitioned into distinct compartments, a multipartite access structure is an access structure that does not distinguish between participants that belong to the same compartment. We examine here three types of such access structures compartmented access structures with lower bounds, compartmented access structures with upper bounds, and hierarchical threshold access structures. We realize those access structures by ideal perfect secret sharing schemes that are based on bivariate Lagrange interpolation. The main novelty of this paper is the introduction of bivariate interpolation and its potential power in designing schemes for multipartite settings, as different compartments may be associated with different lines in the plane. In particular, we show that the introduction of a second dimension may create the same hierarchical effect as polynomial derivatives and Birkhoff interpolation were shown to do in [13].
Efficient Construction of the Dual Span Program
, 1999
"... We consider monotone span programs as a tool for representing, we will say computing, general access structures. It is known that if an access structure \Gamma is computed by a monotone span program M, then the dual access structure \Gamma is computed by a monotone span program M of the same size. ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We consider monotone span programs as a tool for representing, we will say computing, general access structures. It is known that if an access structure \Gamma is computed by a monotone span program M, then the dual access structure \Gamma is computed by a monotone span program M of the same size. We will strengthen this result by proving that such an M not only exists, but can be efficiently computed from M. 1 Introduction Monotone span programs, introduced by Karchmer and Wigderson in [KW93], are a model of computation, based on linear algebra, for computing monotone functions. Since there is a natural onetoone correspondence between monotone functions f0; 1g n ! f0; 1g and access structures over the set P = f1; : : : ; ng, every access structure \Gamma can be represented, we will say computed, by a monotone span program M. Every access structure \Gamma has a natural dual access structure \Gamma . This concept was first defined in [SJM91] and found various occurances like...
Multiparty computation unconditionally secure against Q² adversary structures
, 1998
"... We present here a generalization of the work done by Rabin and BenOr in [RBO]. We give a protocol for multiparty computation which tolerates any active adversary structure based on the existence of a broadcast channel, secure communication between each pair of participants, and a monotone span p ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We present here a generalization of the work done by Rabin and BenOr in [RBO]. We give a protocol for multiparty computation which tolerates any active adversary structure based on the existence of a broadcast channel, secure communication between each pair of participants, and a monotone span program with multiplication tolerating the structure. The secrecy achieved is unconditional although we allow an exponentially small probability of error. This is possible due to a protocol for computing the product of two values already shared by means of a homomorphic commitment scheme which appeared originally in [CEvdG]. 1
Share Computing Protocols over Fields and Rings
"... In this thesis, we explain linear secret sharing schemes, in particular multiplicative threshold linear secret sharing schemes, over fields and rings in a compact and concise way. We explain two characterisations of linear secret sharing schemes, and in particular, we characterise threshold linear s ..."
Abstract
 Add to MetaCart
In this thesis, we explain linear secret sharing schemes, in particular multiplicative threshold linear secret sharing schemes, over fields and rings in a compact and concise way. We explain two characterisations of linear secret sharing schemes, and in particular, we characterise threshold linear secret sharing schemes. We develop an algorithm to generate all multiplicative (t + 1)outofn threshold linear secret sharing schemes over a field Zp. For the ring Z232, we explain the generation of secret sharing schemes for threshold access structures and prove the nonexistence of (t+1)outofn threshold