robust password protected secret sharing
play

Robust Password- Protected Secret Sharing Michel Abdalla, Mario - PowerPoint PPT Presentation

Sep 16, 2022 •161 likes •919 views

Robust Password- Protected Secret Sharing Michel Abdalla, Mario Cornejo, Anca Ni ulescu, David Pointcheval cole Normale Suprieure, CNRS and INRIA, Paris, France R E S E A R C H U N I V E R S I T Y PPSS: Motivation Cloud provider

  1. Robust Password- Protected Secret Sharing Michel Abdalla, Mario Cornejo, Anca Ni ţ ulescu, David Pointcheval École Normale Supérieure, CNRS and INRIA, Paris, France R E S E A R C H U N I V E R S I T Y

  2. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  3. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  4. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents Everyone might have access to the data

  5. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  6. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents Provider still has access to the data

  7. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  8. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents

  9. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents • We can remember just low-entropy passwords (and not too many). • Humans cannot remember large secret keys. • Provider/authorities might perform an offline dictionary attack.

  10. PPSS: Motivation Cloud provider medical top secret taxes paychecks records documents • USB Tokens might not be always available. • Tokens might fall into the wrong hands. • Large keys give better security.

  11. PPSS: Password-Protected Secret Sharing Cloud provider taxes

  12. PPSS: Password-Protected Secret Sharing Cloud provider • User creates a cryptographic key. taxes

  13. PPSS: Password-Protected Secret Sharing Cloud provider • User creates a cryptographic key. • Encrypts her data using this key. taxes

  14. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … • User creates a cryptographic key. • Encrypts her data using this key. • Stores her secret key into servers n by using her password and some public information. taxes

  15. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … taxes • User creates a cryptographic key. • Encrypts her data using this key. • Stores her secret key into servers n by using her password and some public information. • Stores the data into the provider.

  16. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … • After interactions using her t + 1 password, the user can recover her secret key taxes

  17. PPSS: Password-Protected Secret Sharing Keys store Cloud provider … • After interactions using her t + 1 password, the user can recover her secret key taxes

  18. PPSS: Properties • A PPSS scheme defines two steps: Initialization : Secret & password are processed Reconstruction : The user can recover the secret by interacting with a subset of servers. t + 1 • Additional properties: Soundness : Even if the adversary cannot make the user recover a different secret. Robustness : The recovery is guaranteed if there are s non-corrupt servers. t + 1

  19. PPSS: Instantiations of PPSS Scheme Messages Client inter-server Robust ZKP BJSL11 4 PKI PKI No Costly CLLN14 10 Std PKI No Costly JKK14 2 CRS None Yes Costly JKKX16 2 CRS None No No

  20. PPSS: Instantiations of PPSS Scheme Messages Client inter-server Robust ZKP BJSL11 4 PKI PKI No Costly CLLN14 10 Std PKI No Costly JKK14 2 CRS None Yes Costly JKKX16 2 CRS None No No This work 2 CRS None Yes No

  21. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  22. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  23. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  24. Robust Password-Protected Secret Sharing PPSS OPRF Robust Gap Secret Sharing Secret Sharing Scheme

  25. PPSS: Secret Sharing Scheme s 1 s 2 Secret s 3 … s n

  26. PPSS: Secret Sharing Scheme s 1 s 2 Secret s 3 … s n

  27. PPSS: Robust Gap Secret Sharing Scheme How do we implement robustness?

  28. PPSS: Robust Gap Secret Sharing Scheme Assume a set of valid shares from a Threshold SSS s 1 s 2 s 3 … s n ( s 1 , . . . , s n )

  29. PPSS: Robust Gap Secret Sharing Scheme Fingerprint function: Hash function s 1 σ 1 s 2 σ 2 s 3 σ 3 … s n σ n ( s 1 , . . . , s n ) ( σ 1 , . . . , σ n )

  30. PPSS: Robust Gap Secret Sharing Scheme 2 2 k ( n − t r )+1 < N ≤ 2 2 k ( n − t r )+2 Generate a prime number N s 1 σ 1 s 2 σ 2 × S s 3 σ 3 … s n σ n S = Q n ( s 1 , . . . , s n ) ( σ 1 , . . . , σ n ) i =1 σ i mod N

  31. PPSS: Robust Gap Secret Sharing Scheme 2 2 k ( n − t r )+1 < N ≤ 2 2 k ( n − t r )+2 Generate a prime number N s 1 σ 1 Output: s 2 σ 2 … s 1 s 2 s 3 { s k } n = s n × S s 3 σ 3 SSInfo = ( S , N ) { } S N … , s n σ n S = Q n ( s 1 , . . . , s n ) ( σ 1 , . . . , σ n ) i =1 σ i mod N

  32. PPSS: Robust Gap Secret Sharing Scheme How can we decide which are the valid sets of shares to reconstruct?

  33. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , s 1 s 2 s 3 … s n

  34. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , s 1 τ 1 s 2 τ 2 s 3 τ 3 … s n τ n

  35. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , s 1 τ 1 s 2 τ 2 × T s 3 τ 3 … s n τ n

  36. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T γ = S

  37. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T … τ 2 τ 3 τ n τ 1 γ = = S … σ 2 σ 3 σ n σ 1

  38. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1

  39. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 | gcd( τ 1 , ) | ≈ 1 T 0

  40. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 Correct fingerprint! | gcd( τ 1 , ) | ≈ 1 T 0

  41. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 Correct fingerprint! | gcd( τ 1 , ) | ≈ 1 T 0 | gcd( ) | ≈ Incorrect fingerprint! T 0 k τ 2 ,

  42. PPSS: Robust Gap Secret Sharing Scheme Given SSInfo = ( S , N ) { } S N , T T 0 … τ 2 τ 3 τ n τ 1 γ = = = S 0 S … σ 2 σ 3 σ n σ 1 Correct fingerprint! | gcd( τ 1 , ) | ≈ 1 T 0 | gcd( ) | ≈ Incorrect fingerprint! T 0 k τ 2 , Correct fingerprint! | gcd( ) | ≈ 1 T 0 τ 3 ,

  43. PPSS: Oblivious PRF sk pw F F ( sk , pw ) • The output is indistinguishable from random • The server learns nothing

  44. PPSS: Password-Protected Secret Sharing Initialization phase

  45. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) …

  46. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) pw

  47. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) pw

  48. PPSS: Initialization The user interacts with servers to obliviously evaluate the PRF n ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) pw

  49. PPSS: Initialization Each share is encrypted using the each PRF evaluation ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) R = K || r pw { π k } n { pk k } n

  50. PPSS: Initialization Each share is encrypted using the each PRF evaluation ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) R = K || r ( s 1 , . . . , s n , SSInfo ) ← ShareGen ( R ) pw { π k } n { pk k } n

  51. PPSS: Initialization Each share is encrypted using the each PRF evaluation ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … π 1 = F sk 1 ( pw ) π 2 = F sk 2 ( pw ) π n = F sk n ( pw ) R = K || r ( s 1 , . . . , s n , SSInfo ) ← ShareGen ( R ) σ k = π k ⊕ s k pw { π k } n { pk k } n

  52. PPSS: Initialization The user computes a commitment ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … C = Commit ( pw, H ( { pk k } n , { σ k } n , SSInfo , K ); r ) pw { π k } n { pk k } n { σ k } n K r SSInfo

  53. PPSS: Initialization The user uploads the encrypted data ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … PInfo PInfo PInfo PInfo = ( { pk k } n , { σ k } n , SSInfo , C ) pw { π k } n { pk k } n { σ k } n K r SSInfo C

  54. PPSS: Password-Protected Secret Sharing Reconstruction phase

  55. PPSS: Reconstruction The user interacts with the server ( pk 1 , sk 1 ) ( pk 2 , sk 2 ) ( pk n , sk n ) … PInfo PInfo PInfo π 1 = F sk 1 ( pw ) PInfo pw

Recommend

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro Columbia University April 2, 2015 Lewko, Pastro (Columbia) RSSS &amp; Loc Advs April 2, 2015 1 / 22 Secret Sharing (Informal) (Share , Rec) pair of

505 views • 47 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion &amp; UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

790 views • 75 slides
Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013 Outline 1. Introduction 2. Shamir Secret Sharing and Habeeb-Kahrobaei-Shpilrain secret sharing 3. Adjustments to HKS secret sharing and analysis

444 views • 27 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and Dominique Schrder Friedrich-Alexander University Erlangen-Nrnberg Homomorphic Secret Sharing A secret-sharing scheme allows a client to share his

247 views • 14 slides
Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod Vaikuntanathan Hoeteck Wee MIT MIT CNRS and ENS May 6, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret s { 0 , 1 }

1.02k views • 85 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with Vipul Goyal, Raghu Meka, and Amit Sahai Secret Sharing secret s n s 1 s i Correctness: Any out of parties can

1.72k views • 144 slides
A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su, Xiaoguang Liu, Gang Wang, (Nankai University) and Sheng Lin (Tianjin University of Technology). September 12, 2014 Secret sharing schemes Secret

1.43k views • 86 slides
access-list 103 remark VTY Telnet Access ACL access-list 103 permit tcp host &lt;IP address&gt;

access-list 103 remark VTY Telnet Access ACL access-list 103 permit tcp host &lt;IP address&gt;

Router Device Security Lab Configuring Secure Passwords 1. Configure the enable secret and password enable password TRUSTME enable secret letmein Look at the configuration: show config terminal Note the difference between the number 5 and

375 views • 5 slides
Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa Starting to record Nuclear launch codes A judge, president and general receive shares ! , &quot; , # of a secret from a

473 views • 35 slides
Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 + a 0 . is specified by coefficients a d ,... a 0 . Share secret among n people. Polynomials. P ( x ) contains point ( a , b ) if b = P ( a ) .

221 views • 8 slides
Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini Vasudevan UC Berkeley Secret Sharing [Shamir 79, Blakley 79] Share 1 , , Reconstruction: Given at least

1.45k views • 20 slides
Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret Typical goal: client authenticating to server, without being tied to a device holding a cryptographic key. On authentication, a session key should be

344 views • 11 slides
Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of

Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of

Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of Mathematics and Computer Science 52 MIGHTY Conference, Indiana State University, Terre Haute IN. April 27-28, 2012 Mustafa Atici Secret Sharing Scheme

461 views • 21 slides
Robust Pseudonymous Identity for the Internet (A Practical Username &amp; Password Replacement) S

Robust Pseudonymous Identity for the Internet (A Practical Username &amp; Password Replacement) S

Robust Pseudonymous Identity for the Internet (A Practical Username &amp; Password Replacement) S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual property unencumbered, easily explained, provably secure,

898 views • 41 slides
How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key. The ciphertext can be replicated. Even if one replicated copy is lost, or stolen, Secret Sharing the information

181 views • 6 slides
[keystone_authtoken] auth_uri = http:// admin_password = PASSWORD [api_database]

[keystone_authtoken] auth_uri = http:// admin_password = PASSWORD [api_database]

[keystone_authtoken] auth_uri = http:// admin_password = PASSWORD [api_database] Connection = mysql://USER:PASSWORD@HOST/TABLE !{SECRET: container_ref : key_name } !{ENV: env_var }

430 views • 16 slides
Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman,

Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman,

Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman, Jan T obias Mhlberg and Frank Piessens August 24, 2015 Contents 1. Embedded Problem Domain 2. Protected Module Architectures 3.

511 views • 23 slides

More recommend