SlideShare una empresa de Scribd logo

Secret Sharing Cs416

Akash Chandrayan
Akash Chandrayan
1 de 29
Descargar para leer sin conexión
Secret Sharing and its Application to Electronic Voting Akash Chandrayan (08d17015) Appu R P (08D17007) Prathamesh Dashpute (08D04007)
Secret sharing Secret sharing refers to method for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number of shares are combined together; individual shares are of no use on their own.
History*
Map of Space*
Blakley’s Scheme • Secret is encoded as a point in a space. • Keys are given as hyper planes rotated around the point in space. Therefore the intersection of t hyper planes will be the key.
Problems with Blakley’s Scheme • Not secure- If three keys are required having two lets someone know the secret is on a line. • Less space efficient- Keys are t times larger than the original secret, where t is the number of keys needed to get the secret.
Shamir’s Scheme • Mathematically the goal is to divide some data D into n pieces D1,…, Dn. • The following criteria are met • Knowledge of any k or more Di pieces makes D computable. • Knowledge of any k-1 or fewer Di pieces leaves D completely undetermined. • This scheme is called (k , n) threshold scheme.
Shamir’s Scheme • The scheme turns the secret into a polynomial of degree k, where k is the number of keys needed to get the secret.
Shamir’s Scheme • Choose at random k-1 coefficients a1 ,…, ak-1 and let a0 be the secret. f(x)=a0 +a1x+…+ ak-1 xk-1 • Select randomly any n points out of it (i , f(i)). • Every participant is given a point.
Verifiable Secret Sharing(VSS) In verifiable secret sharing (VSS) the object is to resist malicious players, such as (i) a dealer sending incorrect shares to some or all of the participants, and (ii) participants submitting incorrect shares during the reconstruction protocol In publicly verifiable secret sharing (PVSS), it is an explicit goal that not just the participants can verify their own shares, but that anybody can verify that the participants received correct shares.
Publically Verifiable Secret Sharing(PVSS) • Proof of correctness for each share released . • No private channels between the dealer and the participants are assumed. • All communication is done over (authenticated) public channels using public key encryption.
Model for non-interactive PVSS Initialization • Generation of system parameters. • Registration of Participants. The actual set of participants taking part in a run of the PVSS scheme must be a subset of the registered participants. Distribution • The distribution of a secret s is performed by the dealer D. • The dealer first generates the respective shares si for participant Pi For each participant Pi the dealer publishes the encrypted share Ei(si). • The dealer also publishes a string PROOFD to show that each Ei encrypts a share si. • The string PROOFD commits the dealer to the value of secret s, and it guarantees that the reconstruction protocol will result in the same value s.
Model for non-interactive PVSS Verification of the shares. • Any party knowing the public keys for the encryption methods Ei may verify the shares. • For each participant Pi a non-interactive verification algorithm can be run on PROOFD to verify that Ei(si) is a correct encryption of a share for Pi. If verifications fail => dealer fails, protocol is aborted.
Model for non-interactive PVSS Reconstruction The protocol consists of two steps: 1.Decryption of the shares. The participants decrypt their shares si from Ei(si). It is not required that all participants succeed in doing so, as long as a qualified set of participants is successful. These participants release si plus a string PROOFPi that shows that the released share is correct. 2. Pooling the shares. The strings PROOFPi are used to exclude the participants which are dishonest or fail to reproduce their share si correctly. Reconstruction of the secret s can be done from the shares of any qualified set of participants.
The Math The prover knows α such that h1 = g1α and h2 = g2α : 1. The prover sends a1 = g1w and a2 = g2w to the verifier, 2. The verifier sends a random challenge c to the prover. 3. The prover responds with r = w − α c (mod q). 4. The verifier checks that a1 = g1rh1c and a2 = g1rh1c
The Math Distribution & Verification • Distribution of the shares. The dealer picks a random polynomial p of degree at most t − 1 with coefficients in Zq The dealer shows that the encrypted shares are consistent by producing a proof of knowledge of the unique p(i), 1 <= i <= n, satisfying
The Math Reconstruction • Decryption of the shares: Using its private key xi, each participant finds the share Si = Gp(i) which comes from • Proof :
Homomorphic Secret Sharing • Benaloh [Ben87a]
Electronic Voting • An election proceeds in two phases – Ballot Casting- Voters post their vote in encrypted form. The validity of the vote can be publically verified. – Tallying- The talliers use their private keys to collectively compute the final tally corresponding with the accumulation of all valid ballots. • Technically each voter will act as a dealer in the PVSS scheme.
Ballot Casting • A voter casts a vote v 0 or 1 and encrypts it as U= Gs+v where s is a random number. • The voter constructs a PROOFU showing that v Ɛ {0,1} without revealing any information on v. PROOFU refer to the value of C0=gs which is also published.
Tallying • The tallying protocol uses the reconstruction protocol of special PVSS scheme and homomorphic property. • Accumulate all respective share and compute the values Yi*, where j ranges over all voters.
Tallying • Next each tallier Ai applies the reconstruction protocol to the value Yi*, which will produce • Combining with we obtain • From this the tally can be computed efficiently.
Example* The following example illustrates a sample voting with 5 voters among which 2 are talliers. <Z*13,*13> is the cyclic group under which we shall be working. Generators used are g=2 and G=7.Note that all the computations henceforth are mod 13 Private Public Vote S(random U (encrypted votes) gs Keys Keys numbers) 1 7 0 7 6 11 2 10 1 8 8 9 3 5 1 1 10 2 4 9 0 2 10 4 5 11 0 11 2 7 The value of C0 = gs is published as part of the PVSS distribution protocol, and shows that logG U = logg C0 OR logG U = 1 + logg C0 (Vote is 0 or 1)
Example contd. Now since there are 2 talliers which implies that all the votes can be combined iff all of them agrees to tally. For this to work, the curves used would simply be straight lines with the constant term as the secret values s. Polynomial pi(x) pi(1) pi(2) 3x+7 10 13 4x+8 12 16 x+1 2 3 11x+2 13 24 7x+11 18 25 Note that the voters do not publish pi(1) or pi(2). They publish Yij which is yipj(i) yi is the public key of tallier i, since we have only 2 talliers, I have computed the values of pi(1) and p2(2) in the table itself and avoided yipj(i) for clarity.
Example contd. Next we compute the values of Y1* and Y2*. Y1* = 7(10+12+2+13+18) = 755 = 6 Y2* = 10(13+16+3+24+25) = 1081 = 12 Now the values of S1 and S2 can be computed by respective talliers by using their private keys x1 = 1 and x2 = 2. Therefore S1 = (Y1*)1/x1 = 6 and S2 = (Y2*)1/x2 = 121/2 = 5. Next comes the homomorphic combination of secrets by computing λ1 = 2 , λ2 = -1 ; Gs = 62 . 5-1 = 9/2 = 9*7 = 63 = 11
Example contd. Now lets combine the encrypted votes (Uj = Gjs+v) Gs+v = 6*8*10*10*2 = 9600 = 6. Almost there , Gs+v/Gs = Gv = 6/11 = 6*6 = 10, Gv = 10 => 7v = 10 => v= 2 , because 49 (72 mod 13 = 10). Which verifies with the vote count given in the table. That is it!
Few other application Revocable Electronic Cash Software Key Escrow Bank Accounts Confidential data Cloud Computing*
References* • A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting - Berry Schoenmakers, Department of Mathematics and Computing Science, Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands. berry@win.tue.nl | Springer-Verlag , 1999. • How to share a secret. Commm. of ACM , volume 22 (1979). • http://en.wikipedia.org/wiki/Secret_sharing • http://www.cs.uml.edu/~zkissel/secretshare.html • http://en.wikipedia.org/wiki/Secure_multiparty_computation • http://www.proproco.co.uk/million.html • http://www.cs.tau.ac.il/~bchor/Shamir.html *were not mentioned during presentation
Thank You!

Recomendados

Shamir Secret Sharing Presentation
Shamir Secret Sharing PresentationShamir Secret Sharing Presentation
Shamir Secret Sharing PresentationKaliel Williamson
 
How to Share a Secret
How to Share a SecretHow to Share a Secret
How to Share a SecretKelum Senanayake
 
Classical cryptography
Classical cryptographyClassical cryptography
Classical cryptographyAravindharamanan S
 
Conventional Encryption NS2
Conventional Encryption NS2Conventional Encryption NS2
Conventional Encryption NS2koolkampus
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 

Recomendados

Shamir Secret Sharing Presentation
Shamir Secret Sharing PresentationShamir Secret Sharing Presentation
Shamir Secret Sharing PresentationKaliel Williamson
 
How to Share a Secret
How to Share a SecretHow to Share a Secret
How to Share a SecretKelum Senanayake
 
Classical cryptography
Classical cryptographyClassical cryptography
Classical cryptographyAravindharamanan S
 
Conventional Encryption NS2
Conventional Encryption NS2Conventional Encryption NS2
Conventional Encryption NS2koolkampus
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Secret sharing schemes
Secret sharing schemesSecret sharing schemes
Secret sharing schemeswonloser
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)Alex Pruden
 
Homomorphic encryption
Homomorphic encryptionHomomorphic encryption
Homomorphic encryptionCysinfo Cyber Security Community
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
1524 elliptic curve cryptography
1524 elliptic curve cryptography1524 elliptic curve cryptography
1524 elliptic curve cryptographyDr Fereidoun Dejahang
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmSrinadh Muvva
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipherVasuki Ramasamy
 
Aes
AesAes
AesMuhammad Asif
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
AES Cryptosystem
AES CryptosystemAES Cryptosystem
AES Cryptosystemهيثم فرج
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys101 Blockchains
 
Image secret sharing using Shamir's Algorithm
Image secret sharing using Shamir's AlgorithmImage secret sharing using Shamir's Algorithm
Image secret sharing using Shamir's AlgorithmNikita Kasar
 
secret sharing schemes
secret sharing schemessecret sharing schemes
secret sharing schemeswonloser
 

Más contenido relacionado

La actualidad más candente

Secret sharing schemes
Secret sharing schemesSecret sharing schemes
Secret sharing schemeswonloser
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)Alex Pruden
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipherVasuki Ramasamy
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 

La actualidad más candente (20)

Secret sharing schemes
Secret sharing schemesSecret sharing schemes
Secret sharing schemes
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
 
Homomorphic encryption
Homomorphic encryptionHomomorphic encryption
Homomorphic encryption
 
Kerberos
KerberosKerberos
Kerberos
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
1524 elliptic curve cryptography
1524 elliptic curve cryptography1524 elliptic curve cryptography
1524 elliptic curve cryptography
 
Ip security
Ip security Ip security
Ip security
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipher
 
Aes
AesAes
Aes
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
AES Cryptosystem
AES CryptosystemAES Cryptosystem
AES Cryptosystem
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
 

Destacado

Image secret sharing using Shamir's Algorithm
Image secret sharing using Shamir's AlgorithmImage secret sharing using Shamir's Algorithm
Image secret sharing using Shamir's AlgorithmNikita Kasar
 
secret sharing schemes
secret sharing schemessecret sharing schemes
secret sharing schemeswonloser
 
Image secret sharing using Shamir's scheme with Steganography
Image secret sharing using Shamir's scheme with SteganographyImage secret sharing using Shamir's scheme with Steganography
Image secret sharing using Shamir's scheme with Steganography2510stk
 
Folklore: Introduction and Terms
Folklore: Introduction and TermsFolklore: Introduction and Terms
Folklore: Introduction and TermsAlicia Garcia
 
Folklore Notes
Folklore NotesFolklore Notes
Folklore NotesBMS
 
Visual Cryptography
Visual CryptographyVisual Cryptography
Visual CryptographyAneeshGKumar
 
Steganography using visual cryptography
Steganography using visual cryptographySteganography using visual cryptography
Steganography using visual cryptographySaurabh Nambiar
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 

Destacado (10)

Image secret sharing using Shamir's Algorithm
Image secret sharing using Shamir's AlgorithmImage secret sharing using Shamir's Algorithm
Image secret sharing using Shamir's Algorithm
 
secret sharing schemes
secret sharing schemessecret sharing schemes
secret sharing schemes
 
Image secret sharing using Shamir's scheme with Steganography
Image secret sharing using Shamir's scheme with SteganographyImage secret sharing using Shamir's scheme with Steganography
Image secret sharing using Shamir's scheme with Steganography
 
Folklore: Introduction and Terms
Folklore: Introduction and TermsFolklore: Introduction and Terms
Folklore: Introduction and Terms
 
Folklore Notes
Folklore NotesFolklore Notes
Folklore Notes
 
Visual Cryptography
Visual CryptographyVisual Cryptography
Visual Cryptography
 
Steganography using visual cryptography
Steganography using visual cryptographySteganography using visual cryptography
Steganography using visual cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 

Similar a Secret Sharing Cs416

Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupNational Chengchi University
 
Convolution presentation
Convolution presentationConvolution presentation
Convolution presentationSoham Mondal
 
Novel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsaNovel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsaSoham Mondal
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...FahmiOlayah
 
Learning multifractal structure in large networks (KDD 2014)
Learning multifractal structure in large networks (KDD 2014)Learning multifractal structure in large networks (KDD 2014)
Learning multifractal structure in large networks (KDD 2014)Austin Benson
 
Advance data structure & algorithm
Advance data structure & algorithmAdvance data structure & algorithm
Advance data structure & algorithmK Hari Shankar
 
Image encryption using aes key expansion
Image encryption using aes key expansionImage encryption using aes key expansion
Image encryption using aes key expansionSreeda Perikamana
 
Ceng232 Decoder Multiplexer Adder
Ceng232 Decoder Multiplexer AdderCeng232 Decoder Multiplexer Adder
Ceng232 Decoder Multiplexer Addergueste731a4
 
combinational circuits dispositivos .ppt
combinational circuits dispositivos .pptcombinational circuits dispositivos .ppt
combinational circuits dispositivos .pptFilibertoMoralesGarc
 
combinational-circuit presenmtation .ppt
combinational-circuit presenmtation .pptcombinational-circuit presenmtation .ppt
combinational-circuit presenmtation .pptFilibertoMoralesGarc
 
combinational-circuit.ppt
combinational-circuit.pptcombinational-circuit.ppt
combinational-circuit.pptShivamRathod34
 
Specialized indexing for NoSQL Databases like Accumulo and HBase
Specialized indexing for NoSQL Databases like Accumulo and HBaseSpecialized indexing for NoSQL Databases like Accumulo and HBase
Specialized indexing for NoSQL Databases like Accumulo and HBaseJim Klucar
 
combinational-circuit.pptx it tis creative study of digital electronics for ...
combinational-circuit.pptx it tis creative study of digital electronics for ...combinational-circuit.pptx it tis creative study of digital electronics for ...
combinational-circuit.pptx it tis creative study of digital electronics for ...RishabhSingh308993
 
Number system
Number systemNumber system
Number systemAmit Shaw
 
Assignment 2 (1) (1).docx
Assignment 2 (1) (1).docxAssignment 2 (1) (1).docx
Assignment 2 (1) (1).docxpinstechwork
 
CD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdf
CD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdfCD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdf
CD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdfRajJain516913
 
chapter1.pdf ......................................
chapter1.pdf ......................................chapter1.pdf ......................................
chapter1.pdf ......................................nourhandardeer3
 

Similar a Secret Sharing Cs416 (20)

Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
 
Convolution presentation
Convolution presentationConvolution presentation
Convolution presentation
 
Novel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsaNovel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsa
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...
 
One round threshold ecdsa with identifiable abort
One round threshold ecdsa with identifiable abortOne round threshold ecdsa with identifiable abort
One round threshold ecdsa with identifiable abort
 
Learning multifractal structure in large networks (KDD 2014)
Learning multifractal structure in large networks (KDD 2014)Learning multifractal structure in large networks (KDD 2014)
Learning multifractal structure in large networks (KDD 2014)
 
Teknik Simulasi
Teknik SimulasiTeknik Simulasi
Teknik Simulasi
 
Advance data structure & algorithm
Advance data structure & algorithmAdvance data structure & algorithm
Advance data structure & algorithm
 
Image encryption using aes key expansion
Image encryption using aes key expansionImage encryption using aes key expansion
Image encryption using aes key expansion
 
Ceng232 Decoder Multiplexer Adder
Ceng232 Decoder Multiplexer AdderCeng232 Decoder Multiplexer Adder
Ceng232 Decoder Multiplexer Adder
 
combinational circuits dispositivos .ppt
combinational circuits dispositivos .pptcombinational circuits dispositivos .ppt
combinational circuits dispositivos .ppt
 
combinational-circuit presenmtation .ppt
combinational-circuit presenmtation .pptcombinational-circuit presenmtation .ppt
combinational-circuit presenmtation .ppt
 
combinational-circuit.ppt
combinational-circuit.pptcombinational-circuit.ppt
combinational-circuit.ppt
 
Specialized indexing for NoSQL Databases like Accumulo and HBase
Specialized indexing for NoSQL Databases like Accumulo and HBaseSpecialized indexing for NoSQL Databases like Accumulo and HBase
Specialized indexing for NoSQL Databases like Accumulo and HBase
 
combinational-circuit.pptx it tis creative study of digital electronics for ...
combinational-circuit.pptx it tis creative study of digital electronics for ...combinational-circuit.pptx it tis creative study of digital electronics for ...
combinational-circuit.pptx it tis creative study of digital electronics for ...
 
Number system
Number systemNumber system
Number system
 
Assignment 2 (1) (1).docx
Assignment 2 (1) (1).docxAssignment 2 (1) (1).docx
Assignment 2 (1) (1).docx
 
CD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdf
CD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdfCD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdf
CD504 CGM_Lab Manual_004e08d3838702ed11fc6d03cc82f7be.pdf
 
529 199-206
529 199-206529 199-206
529 199-206
 
chapter1.pdf ......................................
chapter1.pdf ......................................chapter1.pdf ......................................
chapter1.pdf ......................................
 

Secret Sharing Cs416

  • 1. Secret Sharing and its Application to Electronic Voting Akash Chandrayan (08d17015) Appu R P (08D17007) Prathamesh Dashpute (08D04007)
  • 2. Secret sharing Secret sharing refers to method for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number of shares are combined together; individual shares are of no use on their own.
  • 5. Blakley’s Scheme • Secret is encoded as a point in a space. • Keys are given as hyper planes rotated around the point in space. Therefore the intersection of t hyper planes will be the key.
  • 6. Problems with Blakley’s Scheme • Not secure- If three keys are required having two lets someone know the secret is on a line. • Less space efficient- Keys are t times larger than the original secret, where t is the number of keys needed to get the secret.
  • 7. Shamir’s Scheme • Mathematically the goal is to divide some data D into n pieces D1,…, Dn. • The following criteria are met • Knowledge of any k or more Di pieces makes D computable. • Knowledge of any k-1 or fewer Di pieces leaves D completely undetermined. • This scheme is called (k , n) threshold scheme.
  • 8. Shamir’s Scheme • The scheme turns the secret into a polynomial of degree k, where k is the number of keys needed to get the secret.
  • 9. Shamir’s Scheme • Choose at random k-1 coefficients a1 ,…, ak-1 and let a0 be the secret. f(x)=a0 +a1x+…+ ak-1 xk-1 • Select randomly any n points out of it (i , f(i)). • Every participant is given a point.
  • 10. Verifiable Secret Sharing(VSS) In verifiable secret sharing (VSS) the object is to resist malicious players, such as (i) a dealer sending incorrect shares to some or all of the participants, and (ii) participants submitting incorrect shares during the reconstruction protocol In publicly verifiable secret sharing (PVSS), it is an explicit goal that not just the participants can verify their own shares, but that anybody can verify that the participants received correct shares.
  • 11. Publically Verifiable Secret Sharing(PVSS) • Proof of correctness for each share released . • No private channels between the dealer and the participants are assumed. • All communication is done over (authenticated) public channels using public key encryption.
  • 12. Model for non-interactive PVSS Initialization • Generation of system parameters. • Registration of Participants. The actual set of participants taking part in a run of the PVSS scheme must be a subset of the registered participants. Distribution • The distribution of a secret s is performed by the dealer D. • The dealer first generates the respective shares si for participant Pi For each participant Pi the dealer publishes the encrypted share Ei(si). • The dealer also publishes a string PROOFD to show that each Ei encrypts a share si. • The string PROOFD commits the dealer to the value of secret s, and it guarantees that the reconstruction protocol will result in the same value s.
  • 13. Model for non-interactive PVSS Verification of the shares. • Any party knowing the public keys for the encryption methods Ei may verify the shares. • For each participant Pi a non-interactive verification algorithm can be run on PROOFD to verify that Ei(si) is a correct encryption of a share for Pi. If verifications fail => dealer fails, protocol is aborted.
  • 14. Model for non-interactive PVSS Reconstruction The protocol consists of two steps: 1.Decryption of the shares. The participants decrypt their shares si from Ei(si). It is not required that all participants succeed in doing so, as long as a qualified set of participants is successful. These participants release si plus a string PROOFPi that shows that the released share is correct. 2. Pooling the shares. The strings PROOFPi are used to exclude the participants which are dishonest or fail to reproduce their share si correctly. Reconstruction of the secret s can be done from the shares of any qualified set of participants.
  • 15. The Math The prover knows α such that h1 = g1α and h2 = g2α : 1. The prover sends a1 = g1w and a2 = g2w to the verifier, 2. The verifier sends a random challenge c to the prover. 3. The prover responds with r = w − α c (mod q). 4. The verifier checks that a1 = g1rh1c and a2 = g1rh1c
  • 16. The Math Distribution & Verification • Distribution of the shares. The dealer picks a random polynomial p of degree at most t − 1 with coefficients in Zq The dealer shows that the encrypted shares are consistent by producing a proof of knowledge of the unique p(i), 1 <= i <= n, satisfying
  • 17. The Math Reconstruction • Decryption of the shares: Using its private key xi, each participant finds the share Si = Gp(i) which comes from • Proof :
  • 18. Homomorphic Secret Sharing • Benaloh [Ben87a]
  • 19. Electronic Voting • An election proceeds in two phases – Ballot Casting- Voters post their vote in encrypted form. The validity of the vote can be publically verified. – Tallying- The talliers use their private keys to collectively compute the final tally corresponding with the accumulation of all valid ballots. • Technically each voter will act as a dealer in the PVSS scheme.
  • 20. Ballot Casting • A voter casts a vote v 0 or 1 and encrypts it as U= Gs+v where s is a random number. • The voter constructs a PROOFU showing that v Ɛ {0,1} without revealing any information on v. PROOFU refer to the value of C0=gs which is also published.
  • 21. Tallying • The tallying protocol uses the reconstruction protocol of special PVSS scheme and homomorphic property. • Accumulate all respective share and compute the values Yi*, where j ranges over all voters.
  • 22. Tallying • Next each tallier Ai applies the reconstruction protocol to the value Yi*, which will produce • Combining with we obtain • From this the tally can be computed efficiently.
  • 23. Example* The following example illustrates a sample voting with 5 voters among which 2 are talliers. <Z*13,*13> is the cyclic group under which we shall be working. Generators used are g=2 and G=7.Note that all the computations henceforth are mod 13 Private Public Vote S(random U (encrypted votes) gs Keys Keys numbers) 1 7 0 7 6 11 2 10 1 8 8 9 3 5 1 1 10 2 4 9 0 2 10 4 5 11 0 11 2 7 The value of C0 = gs is published as part of the PVSS distribution protocol, and shows that logG U = logg C0 OR logG U = 1 + logg C0 (Vote is 0 or 1)
  • 24. Example contd. Now since there are 2 talliers which implies that all the votes can be combined iff all of them agrees to tally. For this to work, the curves used would simply be straight lines with the constant term as the secret values s. Polynomial pi(x) pi(1) pi(2) 3x+7 10 13 4x+8 12 16 x+1 2 3 11x+2 13 24 7x+11 18 25 Note that the voters do not publish pi(1) or pi(2). They publish Yij which is yipj(i) yi is the public key of tallier i, since we have only 2 talliers, I have computed the values of pi(1) and p2(2) in the table itself and avoided yipj(i) for clarity.
  • 25. Example contd. Next we compute the values of Y1* and Y2*. Y1* = 7(10+12+2+13+18) = 755 = 6 Y2* = 10(13+16+3+24+25) = 1081 = 12 Now the values of S1 and S2 can be computed by respective talliers by using their private keys x1 = 1 and x2 = 2. Therefore S1 = (Y1*)1/x1 = 6 and S2 = (Y2*)1/x2 = 121/2 = 5. Next comes the homomorphic combination of secrets by computing λ1 = 2 , λ2 = -1 ; Gs = 62 . 5-1 = 9/2 = 9*7 = 63 = 11
  • 26. Example contd. Now lets combine the encrypted votes (Uj = Gjs+v) Gs+v = 6*8*10*10*2 = 9600 = 6. Almost there , Gs+v/Gs = Gv = 6/11 = 6*6 = 10, Gv = 10 => 7v = 10 => v= 2 , because 49 (72 mod 13 = 10). Which verifies with the vote count given in the table. That is it!
  • 27. Few other application Revocable Electronic Cash Software Key Escrow Bank Accounts Confidential data Cloud Computing*
  • 28. References* • A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting - Berry Schoenmakers, Department of Mathematics and Computing Science, Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands. berry@win.tue.nl | Springer-Verlag , 1999. • How to share a secret. Commm. of ACM , volume 22 (1979). • http://en.wikipedia.org/wiki/Secret_sharing • http://www.cs.uml.edu/~zkissel/secretshare.html • http://en.wikipedia.org/wiki/Secure_multiparty_computation • http://www.proproco.co.uk/million.html • http://www.cs.tau.ac.il/~bchor/Shamir.html *were not mentioned during presentation