Secret Share Dissemination across a Networknihars/publications/SecretSharing... · Secret Share...

1
Secret Share Dissemination across a Network Nihar B. Shah K. V. Rashmi Kannan Ramchandran New Algorithm Shamir’s Secret Sharing Scheme Literature Toy Example of the Algorithm Applications Secure mul)party func)on computa)on Secure key distribu)on General Byzan)ne agreement between all nodes Archival storage Genera)ng common random number across a network Proac)ve secret sharing References Distributed Determinis)c (guaranteed) Communica)on op)mal Computa)on efficient Dis)nc)ve instance of a networkcoding algorithm that is both distributed and determinis)c Solu)on to nodal eavesdropping Works for a wide subclass of networks Using pairwise agreement protocols (above) Another op)on: network coding Eavesdropping nodes: hard A dealer has a secret s Distribute shares (functions of s) to n participants such that - any k can recover s - any (k-1) get no information about s 3 4 2 1 6 dealer 5 Example: k = 2 Most protocols assume dealer has direct links to all participants Problem What if they are part of a general communication network ? s +4r + r 4 r 4 s +4r + r 4 r 4 s +4r + r 4 1 2 3 4 5 6 dealer s +5r + r 5 r 5 s +5r + r 5 r 5 s +5r + r 5 r 5 1 2 3 4 5 6 dealer s +6r + r 6 r 6 s +6r + r 6 r 6 s +6r + r 6 r 6 s +6r + r 6 1 2 3 4 5 6 dealer 1 2 3 4 5 6 dealer s +3r + r 3 r 3 s +3r + r 3 r 3 1 2 3 4 5 6 dealer s + r s +2r 1 2 3 4 5 6 dealer s + r,r + r a s +2r,r +2r a (s +2r )+3(r +2r a ) (=(s +3r )+2(r +3r a )) (s +3r )+4(r +3r a ) (=(s +3r )+3(r +3r a )) (s +4r )+5(r +4r a ) (=(s +5r )+4(r +5r a )) (s +4r )+6(r +4r a ) (=(s +6r )+4(r +6r a )) (s +5r )+6(r +5r a ) (=(s +6r )+5(r +6r a )) 1 2 3 4 5 6 dealer s + r,r + r a s +2r,r +2r a (=(s +3r )+(r +3r )) (s +2r )+3(r +2r a ) (=(s +3r )+2(r +3r a )) (s +3r )+4(r +3r a ) (=(s +3r )+3(r +3r a )) (s +3r )+5(r +3r a ) (=(s +5r )+3(r +5r a )) (s +4r )+5(r +4r a ) (=(s +5r )+4(r +5r a )) (=(s +6r )+4(r +6r )) (s +5r )+6(r +5r a ) (=(s +6r )+5(r +6r a )) 1 2 3 4 5 6 dealer s + r,r + r a s +2r,r +2r a (s + r )+3(r + r a ) (=(s +3r )+(r +3r a )) (s +2r )+3(r +2r a ) (=(s +3r )+2(r +3r a )) (s +2r )+4(r +2r a ) (=(s +4r )+2(r +4r a )) (s +3r )+4(r +3r a ) (=(s +3r )+3(r +3r a )) (s +4r )+5(r +4r a ) (=(s +5r )+4(r +5r a )) (=(s +6r )+4(r +6r )) (s +5r )+6(r +5r a ) (=(s +6r )+5(r +6r a )) 1 2 3 4 5 6 dealer s + r,r + r a s +2r,r +2r a (s + r )+3(r + r a ) (=(s +3r )+(r +3r )) (s +2r )+3(r +2r a ) (=(s +3r )+2(r +3r a )) (s +2r )+4(r +2r a ) (s +3r )+4(r +3r a ) (=(s +3r )+3(r +3r a )) (s +4r )+5(r +4r a ) (=(s +5r )+4(r +5r a )) (=(s +6r )+4(r +6r )) (s +5r )+6(r +5r a ) (=(s +6r )+5(r +6r a )) 1 2 3 4 5 6 dealer s + r,r + r a s +2r,r +2r a (=(s +3r )+(r +3r )) (s +2r )+3(r +2r a ) (=(s +3r )+2(r +3r a )) (s +3r )+4(r +3r a ) (=(s +3r )+3(r +3r a )) (s +4r )+5(r +4r a ) (=(s +5r )+4(r +5r a )) (=(s +6r )+4(r +6r )) (s +5r )+6(r +5r a ) (=(s +6r )+5(r +6r a )) 1 2 3 4 5 6 dealer “Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction”, K. V. Rashmi, N. B. Shah and P. V. Kumar, IEEE Transactions on Information Theory, August 2011. “Information-theoretically Secure Regenerating Codes for Distributed Storage”, N. B. Shah, K. V. Rashmi, and P. V. Kumar, Globecom 2011. “How to share a secret,” A. Shamir, Communications of the ACM, Nov. 1979. “Completeness theorems for non-cryptographic fault-tolerant distributed computation,” M. Ben-Or, S. Goldwasser, and A. Wigderson, STOC 1988. “Secret share dissemination across a network,” N. B. Shah, K. V. Rashmi, K. Ramchandran, available on arXiv.

Transcript of Secret Share Dissemination across a Networknihars/publications/SecretSharing... · Secret Share...

Page 1: Secret Share Dissemination across a Networknihars/publications/SecretSharing... · Secret Share Dissemination across a Network Nihar B. Shah K. V. Rashmi Kannan Ramchandran New Algorithm!

Secret Share Dissemination across a Network Nihar B. Shah K. V. Rashmi Kannan Ramchandran

New Algorithm

Shamir’s Secret Sharing Scheme Literature Toy Example of the Algorithm

Applications

•  Secure  mul)party  func)on  computa)on  •  Secure  key  distribu)on  •  General  Byzan)ne  agreement  between            all  nodes  •  Archival  storage  •  Genera)ng  common  random  number            across  a  network  •  Proac)ve  secret  sharing  

References

•  Distributed  •  Determinis)c  (guaranteed)  •  Communica)on  op)mal  •  Computa)on  efficient  

•  Dis)nc)ve  instance  of  a  network-­‐coding  algorithm  that  is  both  distributed  and  determinis)c  

–  Solu)on  to  nodal  eavesdropping  

•  Works  for  a  wide  subclass  of  networks  

•  Using  pairwise  agreement  protocols  (above)  •  Another  op)on:  network  coding  –  Eavesdropping  nodes:  hard  

•  A dealer has a secret s •  Distribute shares (functions of s) to n

participants such that -  any k can recover s -  any (k-1) get no information about s

1

2

3

4

5

6

dealer

8

1

2

3

4

5

6

dealer

8

1

2

3

4

5

6

dealer

8

1

2

3

4

5

6

dealer

8

1

2

3

4

5

6

dealer

8

1

2

3

4

5

6

dealer

8

1

2

3

4

5

6

dealer

8

Example: k = 2

•  Most protocols assume dealer has direct links to all participants

Problem

What if they are part of a general communication network ?

s+4r

+r4

r4

s+ 4r + r4

r4

s+4r+r4

1

2

3

4

5

6

dealer

s+5r

+r5

r5

s+ 5r + r5

r5

s+ 5r + r5

r5

1

2

3

4

5

6

dealer

s+6r

+r6

r6

s+ 6r + r6

r6

s+ 6r + r6

r6

s+6r+r6

1

2

3

4

5

6

dealer

1

2

3

4

5

6

dealer

s+3r

+r3

r3

s+ 3r + r3

r 3

1

2

3

4

5

6

dealer

s+r

s+2r

1

2

3

4

5

6

dealer

s+r, r

+ra

s+2r,r+2r

a

(s+r)+3(r+ra)(=(s+3r)+(r+3ra))

(s+2r)+3(r+2r a

)

(=(s+3r)+2(r+3r a

))

(s+2r)+4(r+2ra)

(=(s+4r)+2(r+4ra))

(s+3r)+

4(r+3ra )

(=(s+

3r)+

3(r+3ra ))

(s+3r)+5(r+3ra)

(=(s+5r)+3(r+5ra))

(s+4r)+5(r+4ra)

(=(s+5r)+4(r+5ra))

(s+4r)+6(r+4ra)(=(s+6r)+4(r+6ra))

(s+5r)+

6(r+5ra )

(=(s+

6r)+

5(r+6ra ))

1

2

3

4

5

6

dealer

s+r, r

+ra

s+2r,r+2r

a

(s+r)+3(r+ra)(=(s+3r)+(r+3ra))

(s+2r)+3(r+2r a

)

(=(s+3r)+2(r+3r a

))

(s+2r)+4(r+2ra)

(=(s+4r)+2(r+4ra))

(s+3r)+

4(r+3ra )

(=(s+

3r)+

3(r+3ra ))

(s+3r)+5(r+3ra)

(=(s+5r)+3(r+5ra))

(s+4r)+5(r+4ra)

(=(s+5r)+4(r+5ra))

(s+4r)+6(r+4ra)(=(s+6r)+4(r+6ra))

(s+5r)+

6(r+5ra )

(=(s+

6r)+

5(r+6ra ))

1

2

3

4

5

6

dealer

s+r, r

+ra

s+2r,r+2r

a

(s+r)+3(r+ra)(=(s+3r)+(r+3ra))

(s+2r)+3(r+2r a

)

(=(s+3r)+2(r+3r a

))

(s+2r)+4(r+2ra)

(=(s+4r)+2(r+4ra))

(s+3r)+

4(r+3ra )

(=(s+

3r)+

3(r+3ra ))

(s+3r)+5(r+3ra)

(=(s+5r)+3(r+5ra))

(s+4r)+5(r+4ra)

(=(s+5r)+4(r+5ra))

(s+4r)+6(r+4ra)(=(s+6r)+4(r+6ra))

(s+5r)+

6(r+5ra )

(=(s+

6r)+

5(r+6ra ))

1

2

3

4

5

6

dealer

s+r, r

+ra

s+2r,r+2r

a

(s+r)+3(r+ra)(=(s+3r)+(r+3ra))

(s+2r)+3(r+2r a

)

(=(s+3r)+2(r+3r a

))

(s+2r)+4(r+2ra)

(=(s+4r)+2(r+4ra))

(s+3r)+

4(r+3ra )

(=(s+

3r)+

3(r+3ra ))

(s+3r)+5(r+3ra)

(=(s+5r)+3(r+5ra))

(s+4r)+5(r+4ra)

(=(s+5r)+4(r+5ra))

(s+4r)+6(r+4ra)(=(s+6r)+4(r+6ra))

(s+5r)+

6(r+5ra )

(=(s+

6r)+

5(r+6ra ))

1

2

3

4

5

6

dealer

s+r, r

+ra

s+2r,r+2r

a

(s+r)+3(r+ra)(=(s+3r)+(r+3ra))

(s+2r)+3(r+2r a

)

(=(s+3r)+2(r+3r a

))

(s+2r)+4(r+2ra)

(=(s+4r)+2(r+4ra))

(s+3r)+

4(r+3ra )

(=(s+

3r)+

3(r+3ra ))

(s+3r)+5(r+3ra)

(=(s+5r)+3(r+5ra))

(s+4r)+5(r+4ra)

(=(s+5r)+4(r+5ra))

(s+4r)+6(r+4ra)(=(s+6r)+4(r+6ra))

(s+5r)+

6(r+5ra )

(=(s+

6r)+

5(r+6ra ))

1

2

3

4

5

6

dealer

•  “Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction”, K. V. Rashmi, N. B. Shah and P. V. Kumar, IEEE Transactions on Information Theory, August 2011.

•  “Information-theoretically Secure Regenerating Codes for Distributed Storage”, N. B. Shah, K. V. Rashmi, and P. V. Kumar, Globecom 2011.

•  “How to share a secret,” A. Shamir, Communications of the ACM, Nov. 1979. •  “Completeness theorems for non-cryptographic fault-tolerant distributed computation,” M. Ben-Or, S. Goldwasser, and A.

Wigderson, STOC 1988. •  “Secret share dissemination across a network,” N. B. Shah, K. V. Rashmi, K. Ramchandran, available on arXiv.

SecretSharing&nihars/publications/Secret... · 2017. 7. 11. · SecretSharing& • A dealer and n participants • The dealer has a secret s • Distribute shares (functions of s)

SecretSharing&nihars/publications/Secret... · 2017. 7. 11. · SecretSharing& • A dealer and n participants • The dealer has a secret s • Distribute shares (functions of s)

Dissemination STEPS

Dissemination STEPS

Dissemination 1

Dissemination 1

INCA CIP 621006 Dissemination Plan WP2: Dissemination ...

INCA CIP 621006 Dissemination Plan WP2: Dissemination ...

D7.1: Dissemination and communication plan...WP7 – Dissemination and communication Task T7.1 – Dissemination and communication strategy Dissemination level Public Issue date 18/09/2017

D7.1: Dissemination and communication plan...WP7 – Dissemination and communication Task T7.1 – Dissemination and communication strategy Dissemination level Public Issue date 18/09/2017

Secret serVlce THE TOP Secret serVlce THE TOP Secret serV1c WAS Secret serV1ce Secret ...info.melissaanddoug.com/documents/Product Information... · 2016. 11. 11. · THE TOP Secret

Secret serVlce THE TOP Secret serVlce THE TOP Secret serV1c WAS Secret serV1ce Secret ...info.melissaanddoug.com/documents/Product Information... · 2016. 11. 11. · THE TOP Secret

D7.1 Dissemination Plan and myAirCoach dissemination …dissemination plans specifically reflecting yearly project activities. The present document is the first myAirCoach dissemination

D7.1 Dissemination Plan and myAirCoach dissemination …dissemination plans specifically reflecting yearly project activities. The present document is the first myAirCoach dissemination

Dissemination 2.0 - the role of social media in research dissemination

Dissemination 2.0 - the role of social media in research dissemination

Verifiable Secret and Acllieving the Presence Fallltsgasarch/TOPICS/secretsharing/chorVSS.pdfA broadcast network is an n-t-broadcast-networkif for all protocols PI{OT and all adversaries

Verifiable Secret and Acllieving the Presence Fallltsgasarch/TOPICS/secretsharing/chorVSS.pdfA broadcast network is an n-t-broadcast-networkif for all protocols PI{OT and all adversaries

WP7 - Dissemination & Exploitation Draft plan for dissemination … · The following activities refer to WP7 “Dissemination & Exploitation” and specifically to task 7.1 “Dissemination”

WP7 - Dissemination & Exploitation Draft plan for dissemination … · The following activities refer to WP7 “Dissemination & Exploitation” and specifically to task 7.1 “Dissemination”

Dissemination 2

Dissemination 2

ARIADNE: First period dissemination report and second period dissemination plan

ARIADNE: First period dissemination report and second period dissemination plan

Publication & Dissemination

Publication & Dissemination

Dissemination plan

Dissemination plan

Dissemination Plan - NatRisk plan v02.pdf · Dissemination strategy 2.1 Overview The dissemination strategy defines clear guidelines for the dissemination activities including all

Dissemination Plan - NatRisk plan v02.pdf · Dissemination strategy 2.1 Overview The dissemination strategy defines clear guidelines for the dissemination activities including all

Dissemination Seminar

Dissemination Seminar

DISSEMINATION MATERIALS

DISSEMINATION MATERIALS

Dissemination Project

Dissemination Project

SPLASH Dissemination

SPLASH Dissemination

A Practical Scheme for Non-interactiveVerifiable …gasarch/TOPICS/secretsharing/...A Practical Scheme for Non-interactiveVerifiable Secret Sharing Paul Feldman Massachusetts Institute

A Practical Scheme for Non-interactiveVerifiable …gasarch/TOPICS/secretsharing/...A Practical Scheme for Non-interactiveVerifiable Secret Sharing Paul Feldman Massachusetts Institute