Threshold Cryptography Research Articles

Secure user authentication scheme with novel server mutual verification for multiserver environments

SummaryThe fast growth of mobile services and devices has made the conventional single‐server architecture ineffective from the point of its functional requirements. To extend the scalability and availability of mobile services to various applications, it is required to deploy multiserver architecture. In 2016, Moon et al insisted that Lu et al's scheme is weak to insiders and impersonation attack, then they proposed a biometric‐based scheme for authentication and key agreement of users in multiserver environments. Unfortunately, we analyze Moon et al's scheme and demonstrate that their scheme does not withstand various attacks from a malicious registered server. We propose a user authentication scheme with server mutual verification to overcome these security drawbacks. The proposed scheme withstands an attack from malicious insiders in multiserver environments. We use a threshold cryptography to strengthen the process of server authorization and to provide better security functionalities. We then prove the authentication and session key of the proposed scheme using Burrows‐Abadi‐Needham (BAN) logic and show that our proposed scheme is secure against various attacks.

Key Escrow Protocol Based on a Tripartite Authenticated Key Agreement and Threshold Cryptography

While instant messaging systems bring convenience to people's lives and work, they also make it easier for malicious users to discuss and plot illegal activities. Therefore, determining how to balance the privacy protection requirements of user communication in the network with the authorized monitoring requirements of law enforcement agencies (LEAs) is a meaningful task. To solve this problem, a new tripartite authenticated key agreement (Tri-AKA) protocol and a session key escrow scheme based on threshold cryptography and the new Tri-AKA protocol were proposed. In the proposed scheme, the LEA participates as a normal user in the key agreement process of two users and uses (t, n) threshold cryptography to share its ephemeral private key with n key escrow agents (KEAs). When necessary, the LEA can combine t KEAs to recover the specified session key and decrypt the communications, thereby preventing malicious administrators in the LEA from arbitrarily monitoring user communications. Finally, we proved the security of the proposed Tri-AKA protocol under the Computational Diffie-Hellman (CDH) assumption with the Random Oracle Model and the security of the proposed key escrow scheme under the Elliptic Curve Discrete Logarithm (ECDL) assumption. Analysis of our session key escrow scheme and comparison with other schemes show that our scheme can avoid the “once monitor, monitor forever” scenario and achieve fine-grained control in each session. Moreover, our scheme has low storage overhead for each KEA.

PHE: An Efficient Traitor Tracing and Revocation for Encrypted File Syncing-and-Sharing in Cloud

Recently, many enterprises have moved their data into the cloud by using file syncing and sharing (FSS) services, which have been deployed for mobile users. However, Bring-Your-Own-Device (BYOD) solutions for increasingly deployed mobile devices have also in fact raised a new challenge for how to prevent users from abusing the FSS service. In this paper, we address this issue by using a new system model involving anomaly detection, tracing, and revocation approaches. The presented solution applies a new threshold public key based cryptosystem, called partially-ordered hierarchical encryption (PHE), which implements a partial-order key hierarchy and it is similar to role hierarchy widely used in RBAC. PHE provides two main security mechanisms, i.e., traitor tracing and key revocation, which can greatly improve the efficiency compared to previous approaches. The security and performance analysis shows that PHE is a provably secure threshold encryption and provides following salient management and performance benefits: it can promise to efficiently trace all possible traitor coalitions and support public revocation not only for the users but for the specified groups.

Secure rational numbers equivalence test based on threshold cryptosystem with rational numbers

In this study, we consider an equivalence test on rational numbers in a scenario with K+2 distributed parties, Alice, Bob, P1,P2,…,PK, where Alice has a private rational number xa, Bob has a private rational number xb, and party Pi has a secret si, where i∈{1,2,…,K},K ≥ 2. The parties want to cooperatively detect whether xa=xb without revealing any information about their secrets. This problem has many applications in online collaboration, such as e-voting, which requires public verifiability. First, we develop a provably secure threshold cryptosystem for rational numbers. Next, based on the proposed threshold scheme, we construct a distributed plaintext equivalence test protocol in an honest majority environment. We prove that the proposed protocol is secure and robust in the standard (ideal/real) model.

Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting

The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for distributively generating an RSA composite with security against malicious behavior. Our second contribution is a complete Paillier (in: EUROCRYPT, pp 223–238, 1999) threshold encryption scheme in the two-party setting with security against malicious attacks. We further describe how to extend our protocols to the multiparty setting with dishonest majority. Our RSA key generation protocol is comprised of the following subprotocols: (i) a distributed protocol for generation of an RSA composite and (ii) a biprimality test for verifying the validity of the generated composite. Our Paillier threshold encryption scheme uses the RSA composite for the public key and is comprised of the following subprotocols: (i) a distributed generation of the corresponding secret key shares and (ii) a distributed decryption protocol for decrypting according to Paillier.

Psst, Can You Keep a Secret?

The security of encrypted data depends not only on the theoretical properties of cryptographic primitives but also on the robustness of their implementations in software and hardware. Threshold cryptography introduces a computational paradigm that enables higher assurance for such implementations.

Геометрическая реализация метода проведения электронных выборов, основанного на пороговом разделении секрета

Introduction. One of the tasks arising in cryptography is to ensure a safe and fair conduct of e-voting. This paper details the algorithm of electronic elections particularly that part which deals with the cryptographic security. Materials and Methods. The results are obtained on the basis of the following methodology: finite field theory, projective geometry, and linear algebra. The developed cryptosystem is based on the application of geometric objects from projective geometry over finite fields. Research Results. The invented algorithm relies on the ElGamal encryption and a new geometric way of secret sharing among election committees. The proposed method uses some features of affine spaces over finite fields to generate special geometric constructions and secret, search of which is a complex algorithmic task for an illegal intruder. The threshold secret sharing is used to prevent voter fraud on the part of the members of election committees. The probability to generate the right share of secret by an illegal intruder in case when he/she knows only a part of secret shares is determined. Discussion and Conclusions. The described scheme is useful for electronic voting and in other spheres where methods of threshold cryptography are applied.

Neighbordiscovery-based security enhancement using threshold cryptography for IP address assigning in network

The security threats related to current IP configurationand also includes with Threshold Cryptography (TC). Circulated situations are attractive more prevalent as these knowledge such as networks, aim to enable a large scale collaboration for resource sharing outline in the network. Secure verification is the interesting concern for such surroundings. The proposed system to maintain a two stages for improving the network security based on IP addressing time in the network. An first stage is threshold cryptography and another one is Neighbor discovery protocol (NDP). In main objectives of our proposed work is Threshold Cryptography based addressing scheme in network, also the authorization process fully depends on Neighbor discovery protocol based frameworks. The goal of the Neighbor discovery protocol is to support a Mobile Node (MN) roaming across network fields without communication disturbance or recognizable delay. Moreover, this approach also ensures correct synchronization between nodes that send overlapping data on the network. Finally, using this NDP-TC during data transfer time packet loss is very low so the network security is automatically increased.

Hierarchical secret image sharing scheme in compressed sensing

Secret image sharing (SIS) is a technique of protecting the secret images from an unauthorized access through the generation of few shares or shadow images and serves various purposes such as multi-party computation, threshold cryptography, access control etc. Some of these applications demand hierarchical access based SIS scheme with flexible shadow size adaptive to the available transmission bandwidth. To this aim, share/shadow image generation (with reduced size) is considered here as a sparse signal (secret) reconstruction problem as is done in compressed sensing or compressive sampling (CS). A prediction error (PE) matrix is formed for the secret image which then undergoes sub-sampling followed by its partitioning into two sets of shares: one mandatory share (MS) and ‘n’ number of general shares (GSs) thus form an integrated framework of CS and Shamir’s (k,n)-threshold secret sharing scheme. The contribution of the MS and at least ‘k’ number of GSs are essential to reconstruct the secret image. The change in the number of CS measurements leads to the flexibility in share size adaptive to transmission bandwidth and offers a progressive quality access control along with relative changes in unauthorized decoding probability. A large set of simulation results show the average decoding quality of the secret images with PSNR values of 31.4 dB and 35.7 dB for 10% and 30% measurements, respectively.

A Novel Threshold Cryptography with Membership Authentication and Key Establishment

Threshold cryptography has become one of most important tools in providing secure applications such as password protection, cloud computing, etc. Threshold cryptography splits a secret into multiple pieces in such a way that only with enough number (i.e., threshold) of pieces of secret can recover the secret and therefore enable the application; but with fewer than the threshold cannot recover the secret. Shamir’s \((t,n)\) threshold scheme based on a univariate polynomial is the most popular secret sharing scheme so far. The public-key based threshold cryptography which incorporates a public-key algorithm, such as digital signature or encryption scheme, with a secret sharing, called threshold signature/decryption scheme, has become an active research area. While implementing threshold cryptographic schemes over networks, it involves multiple users. All secure multi-user network applications need to have membership authentication and key establishment in prior of applications; otherwise attackers can participated in the threshold cryptographic applications without being detected. Membership authentication is used to ensure that all users are legitimate members. Key establishment is used to establish session keys among members and the session keys are used to protect exchange information in application. In this paper, we propose a novel design which embeds the function of membership authentication and key establishment in threshold cryptographic schemes. Tokens of members obtained during registration can be used for (a) membership authentication; (b) key establishment and (c) threshold cryptographic applications. However, all existing threshold cryptographic solutions need additional membership authentication and key establishment.

A lattice-based changeable threshold multi-secret sharing scheme and its application to threshold cryptography

In this paper, we propose a threshold increasing algorithm for a (t; n) latticebased Threshold Multi-Stage Secret Sharing (TMSSS) scheme. To realize the changeability feature, we use the zero addition protocol to construct a new (t0; n) TMSSS scheme. Therefore, the new scheme enjoys the signi cant feature of threshold changeability along with the inherited features of being multi-stage, multi-use, and veri able derived fromour previously proposed lattice-based TMSSS scheme. Furthermore, we use the improved TMSSS scheme to propose a threshold decryption algorithm for the Learning With Error (LWE) based public key encryption scheme based on the study of Lindner and Peikert. For threshold decryption, each authorized subset of participants decrypts the ciphertext partially and sends the result to the combiner. The combiner can decrypt the ciphertext using the partial decryptions. The security of both schemes is based on hardness of lattice problems, i.e. LWE and Inhomogeneous Small Integer Solution (ISIS) problems, which are believed to resist against the quantum algorithms. The proposed schemes are eficient, especially on the participants' side, making them suitable for the applications in which the participants have limited processing capacities.

An asymptotically perfect secret sharing scheme based on the Chinese Remainder Theorem

ABSTRACTThe secret sharing schemes based on the Chinese Remainder Theorem (CRT) and their applications have attracted many researchers in recent years. In this paper, we propose a weighted threshold secret sharing scheme based on the CRT and prove the scheme is asymptotically perfect. Since all CRT-based secret sharing schemes use special sequences of pairwise coprime integers as its parameters, this paper proposes the first algorithm to generate these integers. Moreover, the correctness of this algorithm is proved by using the prime number theorem. The experimental result shows the effectiveness and the efficiency of our algorithm as well as the space efficiency of our scheme using the sequences of integers generated from our algorithm. Our scheme with the parameter generation algorithm can be used in many applications such as threshold cryptosystems.

Timed-release computational secret sharing and threshold encryption

In modern cryptography, a secret sharing scheme is an important cryptographic primitive. In particular, Krawczyk proposed a computational secret sharing (CSS) scheme, which is a practical, simple secret sharing scheme. In this paper, we focus on a CSS scheme with timed-release functionality, which we call a timed-release computational secret sharing (TR-CSS) scheme. In TR-CSS, participants more than or equal to a threshold number can reconstruct a secret by using their shares only when the time specified by a dealer has come. Our main purpose is to realize a TR-CSS scheme in a generic and efficient way in terms of the share size. Specifically, we first introduce a model and formalization of security of TR-CSS. In addition, we propose two kinds of constructions of TR-CSS: the first one is a simple and generic construction starting from an identity-based key encapsulation mechanism (IB-KEM); the second one, which is a more efficient construction than the first one, is built using a specific IB-KEM as the underlying IB-KEM. As a result, we can regard TR-CSS as a natural extension of Krawczyk’s CSS in terms of both a model and constructions, and we finally succeed to add timed-release functionality to Krawczyk’s CSS with small overhead, which is almost optimal. Moreover, our proposal of TR-CSS is important for constructing threshold encryption and multiple encryption with timed-release functionality in a generic and efficient way. Dodis and Katz showed (i) a simple and generic construction of threshold encryption from multiple encryption; and (ii) a simple, elegant and generic construction of multiple encryption. By using TR-CSS, we can effectively apply the Dodis–Katz paradigm even in the context of timed-release security.

How to Share Secret Efficiently over Networks

In a secret-sharing scheme, the secret is shared among a set of shareholders, and it can be reconstructed if a quorum of these shareholders work together by releasing their secret shares. However, in many applications, it is undesirable for nonshareholders to learn the secret. In these cases, pairwise secure channels are needed among shareholders to exchange the shares. In other words, a shared key needs to be established between every pair of shareholders. But employing an additional key establishment protocol may make the secret-sharing schemes significantly more complicated. To solve this problem, we introduce a new type of secret-sharing, calledprotected secret-sharing(PSS), in which the shares possessed by shareholders not only can be used to reconstruct the original secret but also can be used to establish the shared keys between every pair of shareholders. Therefore, in the secret reconstruction phase, the recovered secret is only available to shareholders but not to nonshareholders. In this paper, an information theoretically secure PSS scheme is proposed, its security properties are analyzed, and its computational complexity is evaluated. Moreover, our proposed PSS scheme also can be applied to threshold cryptosystems to prevent nonshareholders from learning the output of the protocols.

Secured secret sharing technique based on chaotic map and DNA encoding with application on secret image

This paper shows a secured key-based (k, n) threshold cryptography scheme, where key as well as secret data is shared among set of participants. In this scheme, each share has some bytes missing and these missing bytes can be recovered from a set of exactly k shares, but not less than k. Therefore, each share contains partial secret information which is also encrypted by DNA encoding scheme. Additionally, this paper introduces a concept, where each share information size is varied. More precisely, each share contains a different percentage of secret information and which is strongly dependent on the key. Moreover key sensitivity analysis and statistical analysis prove the robustness against different cryptanalysis attacks and thus ensures high acceptability for information security requirements.

Distributed key generation protocol with a new complaint management strategy

AbstractA distributed key generation (DKG) protocol is a fundamental building block for many threshold cryptosystems. It allows a set of participants to jointly generate a shared secret key without using a trusted party. In 1991, Pedersen proposed the first DKG protocol called Joint‐Feldman DKG. However, it was proved later that this protocol does not guarantee a uniformly random distribution of generated keys. Despite this flaw in the security requirements, Pedersen's DKG protocol has been used for several years as central component to design threshold cryptosystems. Note that most of the solutions proposed in the literature to improve the Pedersen's DKG protocol have several disadvantages. They use private channels, require participants to reveal their secret shares to solve complaints, and use costly computations. This makes them complex and not easy to use in practical situations. In this paper, we present at first an extended version of Joint‐Feldman DKG that ensures a uniform distribution of the generated keys. Then we present a DKG protocol with public channels that use a new strategy to manage complaints without revealing the shares of the secrets held by honest participants and that clearly identifies dishonest participants. We prove that our solution satisfies the security requirements of DKG protocols. Copyright © 2016 John Wiley & Sons, Ltd.

A Distribution Protocol for Dealerless Secret Distribution

As the value of bitcoin increases, more incidents such as those involving Mt Gox and Bitfinex will occur in standard centralized systems. The addition of group based threshold cryptography with the ability to be deployed without a dealer and which supports the non-interactive signing of messages provides for the division of private keys into shares that can be distributed to individuals and groups to provide additional security. This scheme creates a distributed key generation system for bitcoin that removes the necessity for any centralized control list minimizing any threat of fraud or attack. In the application of threshold based solutions for DSA to ECDSA, we have created an entirely distributive signature system for bitcoin that mitigates against any single point of failure. When coupled with retrieval schemes involving CLTV and multisig wallets, our solution provides an infinitely extensible and secure means of deploying bitcoin. Using Group and ring based systems we can implement blind signatures against issued transactions.

Privacy-Preserving Distributed Data Mining Techniques: A Survey

distributed data mining settings, leakage of the real data is not adequate because of privacy issues. To overcome this problem, numerous privacy-preserving distributed data mining practices have been suggested such as protect privacy of their data by perturbing it with a randomization algorithm and using cryptographic techniques. In this paper, we review and provide extensive survey on different privacy preserving data mining methods and analyses the representative techniques for privacy preserving data mining. We majorly discuss the distributed privacy preservation techniques which provide secure solutions using primitive operations of cryptographic protocols such as secure multi-party computation (SMPC), secret sharing schemes (SSS) and homomorphic encryption (HC). Keywordsmining, K-means clustering, Data privacy, Privacy preserving, Multiparty computation, Threshold Cryptography.

An Efficient Methodology for Storing Sensitive Data using Nested Cloud

the period of revolutionary change in information technology, the two developments that are most far-reaching have been cloud computing and the mobile Internet. These two information technology revolutions diverge in mobile cloud computing. There are already immense risks with data hosted in-house, so it's no secret that data offsite sits at even higher risk. With Data on offsite, higher avenues for attack and the fact that it will be traveling more makes it easier to be hijacked. With the technology regularly improving, there are ways to make sure of greater security. However with technology regularly improving, there are always people out there lifting their hacking skills. An effective methodology with prominent features of data integrity and confidentiality is proposed here to ensure the safety of offsite data or the data on cloud. In this paper we propose the mechanism which uses the concepts of ECC algorithm, Shamir's secret key sharing algorithm along with distinct cryptography tools such as threshold cryptography that enhances the security of data stored on clouds.

A new construction of threshold cryptosystems based on RSA

There have been many ways to construct a threshold cryptosystem. Most often they are constructed by combining original public encryption schemes with some methods such as Shamir’s secret sharing. In this paper a new threshold cryptosystem based on RSA is presented, which is constructed by several RSA instances with chosen moduli and private keys. In fact, by computing the common private keys of some individual RSA instances and modifying the moduli, we combine those RSA instances and get a new threshold cryptosystem (hereinafter called combined RSA for simplification). First, it is proved that this system has similar security properties to the CRT-based (Chinese remainder theorem) threshold RSA while being convenient to implement, i.e., it only needs modular multiplication once to encrypt or decrypt respectively. Although the new system has the same security strength as the CRT-based RSA theoretically, it will provide fewer opportunities for adversaries in practical applications as there is only one step for encryption or decryption. Second, for complexity, as plain RSA is efficient, the combined RSA is also practical in computation. Therefore, if a plain RSA user wants to develop threshold decryption or threshold signature more conveniently and more securely, the combined RSA would be suitable. Finally, an application of the combined RSA is provided in this paper to realize distributed data access control with collusion-resistance.