(t,n)门限秘密共享体制的研究
|
摘要
秘密共享是密码协议的重要组成部分,特别是随着计算机及网络技术的快速发展,对重要而敏感信息的保护日益受到社会的高度关注。秘密共享是实现信息安全和数据保密的一个重要手段。自从1979年Shamir和Blakley提出(t,n)门限秘密共享的概念后,许多学者对秘密共享体制进行了深入的研究。秘密共享体制是将共享的秘密分成若干部分(称为子秘密)分别给予若干参与者掌管,并规定哪些参与者联合可重构秘密,哪些参与者联合不能得到关于秘密的任何信息。
本文首先介绍了秘密共享的发展现状,研究了一些典型的秘密共享方案,分析了现有的秘密共享方案在实际应用中的不足。秘密共享方案要想在实际中得以运用,必须要有很好的安全性和执行效率,针对这一问题,本文将可验证秘密共享和动态秘密共享作为研究重点。并取得了以下成果:
(1)基于Shamir的门限方案,提出了一种可验证秘密共享方案,相对于传统的可验证方案,此方案更加灵活实用,需要公布的信息明显少于传统方案,执行效率比较高,并且有较高的安全性。
(2)对于门限方案的成员加入问题,构造了一种可以有成员加入的公开可验证秘密共享方案。
(3)对Amir Herzberg的动态秘密共享方案进行了改进,使其在特定的条件下有更好的灵活性。并对Asmuth-bloom门限方案进行了研究,构造了一种基于Asmuth-bloom方案的动态门限方案,使其子秘密可以定期更新。
The secret sharing is an important part of the cryptography protocol. As the rapid development of computer networks, the society pay more and more attention on the confidential information. Secret Sharing is one of the important way to save securely important information and data. Since Blakley and Shamir respectively proposed threshold secret sharing scheme in 1979, the research on this field attracts people's abroad attention. The researches on threshold secret sharing scheme are made widely and deeply by many scholars.The normal secret sharing scheme is that the shared secret is firstly divided into several parts(secret shadow)and then given the participants,only the qualified class of participants can recover the secret, any other class of participants can't obtain any information about the shared secret.
In this paper, the concept of secret sharing and its broadcast are introduced, Then it discusses some typical schemes on the threshold secret sharing scheme, and analyses the shortcomings of these scheme in applications .In practice, the security and the efficiency are important restriction factors. To solve these problems, we choose the verifiable secret sharing(VSS)and dynamic secret sharing as our priority research areas.Main contributions of this paper are as follows:
(1) Based on Shamir'scheme, we propose a verifiable secret sharing scheme. Compares with traditional scheme,this scheme is more flexible and practical.The number of values published by Dealer is much less than traditional scheme,and the security is much better.
(2) To solve the problem of new member expansion in threshold schemes, we give a publicly verifiable protocol for member expansion.
(3) We present a threshold dynamic secret sharing scheme to improve Herzberg's dynamic scheme ,this scheme have a better flexibility under the specific condition.Then, we analyze Asmuth-bloom'threshold scheme,and propose a dynamic threshold scheme.In this scheme,we can update the old secret shadow with new secret shadow periodically.
本文首先介绍了秘密共享的发展现状,研究了一些典型的秘密共享方案,分析了现有的秘密共享方案在实际应用中的不足。秘密共享方案要想在实际中得以运用,必须要有很好的安全性和执行效率,针对这一问题,本文将可验证秘密共享和动态秘密共享作为研究重点。并取得了以下成果:
(1)基于Shamir的门限方案,提出了一种可验证秘密共享方案,相对于传统的可验证方案,此方案更加灵活实用,需要公布的信息明显少于传统方案,执行效率比较高,并且有较高的安全性。
(2)对于门限方案的成员加入问题,构造了一种可以有成员加入的公开可验证秘密共享方案。
(3)对Amir Herzberg的动态秘密共享方案进行了改进,使其在特定的条件下有更好的灵活性。并对Asmuth-bloom门限方案进行了研究,构造了一种基于Asmuth-bloom方案的动态门限方案,使其子秘密可以定期更新。
The secret sharing is an important part of the cryptography protocol. As the rapid development of computer networks, the society pay more and more attention on the confidential information. Secret Sharing is one of the important way to save securely important information and data. Since Blakley and Shamir respectively proposed threshold secret sharing scheme in 1979, the research on this field attracts people's abroad attention. The researches on threshold secret sharing scheme are made widely and deeply by many scholars.The normal secret sharing scheme is that the shared secret is firstly divided into several parts(secret shadow)and then given the participants,only the qualified class of participants can recover the secret, any other class of participants can't obtain any information about the shared secret.
In this paper, the concept of secret sharing and its broadcast are introduced, Then it discusses some typical schemes on the threshold secret sharing scheme, and analyses the shortcomings of these scheme in applications .In practice, the security and the efficiency are important restriction factors. To solve these problems, we choose the verifiable secret sharing(VSS)and dynamic secret sharing as our priority research areas.Main contributions of this paper are as follows:
(1) Based on Shamir'scheme, we propose a verifiable secret sharing scheme. Compares with traditional scheme,this scheme is more flexible and practical.The number of values published by Dealer is much less than traditional scheme,and the security is much better.
(2) To solve the problem of new member expansion in threshold schemes, we give a publicly verifiable protocol for member expansion.
(3) We present a threshold dynamic secret sharing scheme to improve Herzberg's dynamic scheme ,this scheme have a better flexibility under the specific condition.Then, we analyze Asmuth-bloom'threshold scheme,and propose a dynamic threshold scheme.In this scheme,we can update the old secret shadow with new secret shadow periodically.
引文
[1] Diffie W. and Hellman M., New Directions in Cryptography, IEEE Transcation on Information Theory, 1976, 22(6), pp.644-654.
[2] M.Rivest, A.Shamir and L.Adleman, A method for obtaining digital signatures and public-key cryptosystems, ACM Communications 21,1978,pp. 120-126.
[3] A.Shamir, How to Share a Secret, In Communications of the ACM, 1979, v.22, no.11, pp. 612-613.
[4] GR.Blakley, Safeguaring Cryptographic Keys, Proc. AFIPS 1979 National Computer Conference, New York, NY(June 1979), pp 313-317.
[5] C.Asmuth,J.Bloom.A Modular Approach to Key Safeguarding[J].IEEE Trans.Inform Theory, 1983,vol.29:208-210.
[6] R. J. McEliece,D.V. Sarwate.On Sharing Secrets and Reed-Solomon Codes. [J].Communication of the ACM, 1981,Vol.24(8):583-584.
[7] Benaloh J C. Secret Sharing Homomorphisms: Keeping Shares of a Secret[C]. Proc of CRYPTO'86, Berlin:Springer, 1986:412 — 417.
[8] M.Ito, A.Saito,T Nishizeki, Secret sharing scheme realizing general access structure, Proceedings IEEE Globcom'87_ Tokyo,Japan, 1987, pp. 99-102.
[9] J.He,and E.Dawson,Multistage secret sharing based on one-way function, Electron.Lett, Vol.30, No. 19 (1994), pp.1591 - 1592.
[10] Chor B, Goldwasser S, Micali S, Awerbuch B. Verifiable secret sharing and achieving simultaneity in the presence of faults, in Proceedings of 26 IEEE symposium on Foundations of computer science,1985: 383-395.
[11] M.Stadler. Publicly verifiable secret sharing, In Advances in Cryptology-EURO-CR YPT'96,volume 1070 of Lecture Notes in Computer Science,Berlin,1996,Springer- Verlag,pp.190-199.
[12] Herzberg, S.Jareeki, H.Krawczyk, et al, Proactive secret sharing cope with Perpetual leakage, Proc.CRYPT01995, LNCS963, PP.339-352.
[13] Feldman P. A practical scheme for non-interactive verifiable secret sharing, in Proceedings of 28 IEEE symposium on Foundations of Computer Science, 1987: 427-437.
[14] Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. in CRYPTO'91, 1991:129-139.
[15]Gennaro R Rabin M,Rabin To Simplified VSS and fast-track multiparty computations with applications to threshold cryptography,in Proceedings of the 1998ACM Symposium on Principles of Distributed Computing.
[16]B.Schoenmakers,scheme and itsA simple publicly verifiable applications to 32-electronic voting,secret sharing In M.Weiner,editor,CRYPTO 99,pages 32-46,Springer-Verlag,1999,pp 32-46.
[17]张福泰,张方国,王育民.一个安全、高效的广义可验证秘密分享协议.软件学报.2002,13(7):1187-1192.
[18]张福泰,姬东耀.王育民.一个基于离散对数的可公开验证的秘密分享方案,西安电子科技大学学报,2002,29(1):6-9。
[19]Fujisaki E,Okamoto T.A practical and provably secure scheme for publicly verifiable secret sharing and its application.In:Nyberg K,ad.EUROCRYPT'98,LNCS 1403.Berlin:Springer-Verlag,1996:32-46.
[20]Ao,Jun;Liao Guisheng;Ma,Chunbo.A Novel Non-interactive Verifiable Secret Sharing Scheme.In:Communication Technology,2006.ICCT'06.International Conference on Nov.2006 Page(s):1-4.
[21]A.Herzberg,S.Jarecki,H.Krawczyk,et al,Proactive secret sharing or:How to cope with perpetual leakage,Proc.CRYPT01995,Spring Verlag LNCS963,pp.339-352.
[22]甘元驹,谢仕义,付东洋等.防欺诈的动态(t,n)门限多秘密共享方案.四川大学学报(工程科学版),2006,(6):131-134.
[23]黄东平,王华勇,黄连生等.动态门限秘密共享方.案清华大学学报(自然科学版),2006,(1):102-105。
[24]肖立国,钟诚,陈国良,基于椭圆曲线密码体制的动态秘密共享方案,微电子学与计算机,2002-01-008.
[25]Tompa M,Woll H.How to share a secret with cheaters[J].Journal of Cryptology,1988,1(1):133-138.
[26]马文平,任亚安.Asmuth-Bloom方案的抗欺骗性能.西安电子科技大学学报(自然科学版),2004,(1):36-38.
[27]曹珍富.公钥密码学[M].黑龙江教育出版社 1993.
[28]Yu,Jia;Kong,Fanyu;Hao,Rong.Publicly Verifiable Secret Sharing with Enrollment Ability.In:Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,2007.SNPD.2007.Eighth ACIS International Conference on Publication Date:July 30 2007-Aug.1 2007 Volume:3 On page(s):194-199.
[29]LiQiong Wang Zhifang Niu Xiamu Sun Shenghe A non-interactive modular verifiable secret sharing scheme.In:Communciations,Ciruits and Systems,2005.Proceedings.2005 Internation Conference on Publication Date:27-30 May 2005.Volume:1.On page(s):84-87 Vol.1.
[30]于佳,李国文等.一个实用的门限方案成员加入协议.北京邮电大学学报 2006,29(z2):2-4.
[31]李慧贤,程春田,庞辽军.一个可验证的秘密共享新个体加入协议.西安交通大学学报 2006 40(2).
[2] M.Rivest, A.Shamir and L.Adleman, A method for obtaining digital signatures and public-key cryptosystems, ACM Communications 21,1978,pp. 120-126.
[3] A.Shamir, How to Share a Secret, In Communications of the ACM, 1979, v.22, no.11, pp. 612-613.
[4] GR.Blakley, Safeguaring Cryptographic Keys, Proc. AFIPS 1979 National Computer Conference, New York, NY(June 1979), pp 313-317.
[5] C.Asmuth,J.Bloom.A Modular Approach to Key Safeguarding[J].IEEE Trans.Inform Theory, 1983,vol.29:208-210.
[6] R. J. McEliece,D.V. Sarwate.On Sharing Secrets and Reed-Solomon Codes. [J].Communication of the ACM, 1981,Vol.24(8):583-584.
[7] Benaloh J C. Secret Sharing Homomorphisms: Keeping Shares of a Secret[C]. Proc of CRYPTO'86, Berlin:Springer, 1986:412 — 417.
[8] M.Ito, A.Saito,T Nishizeki, Secret sharing scheme realizing general access structure, Proceedings IEEE Globcom'87_ Tokyo,Japan, 1987, pp. 99-102.
[9] J.He,and E.Dawson,Multistage secret sharing based on one-way function, Electron.Lett, Vol.30, No. 19 (1994), pp.1591 - 1592.
[10] Chor B, Goldwasser S, Micali S, Awerbuch B. Verifiable secret sharing and achieving simultaneity in the presence of faults, in Proceedings of 26 IEEE symposium on Foundations of computer science,1985: 383-395.
[11] M.Stadler. Publicly verifiable secret sharing, In Advances in Cryptology-EURO-CR YPT'96,volume 1070 of Lecture Notes in Computer Science,Berlin,1996,Springer- Verlag,pp.190-199.
[12] Herzberg, S.Jareeki, H.Krawczyk, et al, Proactive secret sharing cope with Perpetual leakage, Proc.CRYPT01995, LNCS963, PP.339-352.
[13] Feldman P. A practical scheme for non-interactive verifiable secret sharing, in Proceedings of 28 IEEE symposium on Foundations of Computer Science, 1987: 427-437.
[14] Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. in CRYPTO'91, 1991:129-139.
[15]Gennaro R Rabin M,Rabin To Simplified VSS and fast-track multiparty computations with applications to threshold cryptography,in Proceedings of the 1998ACM Symposium on Principles of Distributed Computing.
[16]B.Schoenmakers,scheme and itsA simple publicly verifiable applications to 32-electronic voting,secret sharing In M.Weiner,editor,CRYPTO 99,pages 32-46,Springer-Verlag,1999,pp 32-46.
[17]张福泰,张方国,王育民.一个安全、高效的广义可验证秘密分享协议.软件学报.2002,13(7):1187-1192.
[18]张福泰,姬东耀.王育民.一个基于离散对数的可公开验证的秘密分享方案,西安电子科技大学学报,2002,29(1):6-9。
[19]Fujisaki E,Okamoto T.A practical and provably secure scheme for publicly verifiable secret sharing and its application.In:Nyberg K,ad.EUROCRYPT'98,LNCS 1403.Berlin:Springer-Verlag,1996:32-46.
[20]Ao,Jun;Liao Guisheng;Ma,Chunbo.A Novel Non-interactive Verifiable Secret Sharing Scheme.In:Communication Technology,2006.ICCT'06.International Conference on Nov.2006 Page(s):1-4.
[21]A.Herzberg,S.Jarecki,H.Krawczyk,et al,Proactive secret sharing or:How to cope with perpetual leakage,Proc.CRYPT01995,Spring Verlag LNCS963,pp.339-352.
[22]甘元驹,谢仕义,付东洋等.防欺诈的动态(t,n)门限多秘密共享方案.四川大学学报(工程科学版),2006,(6):131-134.
[23]黄东平,王华勇,黄连生等.动态门限秘密共享方.案清华大学学报(自然科学版),2006,(1):102-105。
[24]肖立国,钟诚,陈国良,基于椭圆曲线密码体制的动态秘密共享方案,微电子学与计算机,2002-01-008.
[25]Tompa M,Woll H.How to share a secret with cheaters[J].Journal of Cryptology,1988,1(1):133-138.
[26]马文平,任亚安.Asmuth-Bloom方案的抗欺骗性能.西安电子科技大学学报(自然科学版),2004,(1):36-38.
[27]曹珍富.公钥密码学[M].黑龙江教育出版社 1993.
[28]Yu,Jia;Kong,Fanyu;Hao,Rong.Publicly Verifiable Secret Sharing with Enrollment Ability.In:Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,2007.SNPD.2007.Eighth ACIS International Conference on Publication Date:July 30 2007-Aug.1 2007 Volume:3 On page(s):194-199.
[29]LiQiong Wang Zhifang Niu Xiamu Sun Shenghe A non-interactive modular verifiable secret sharing scheme.In:Communciations,Ciruits and Systems,2005.Proceedings.2005 Internation Conference on Publication Date:27-30 May 2005.Volume:1.On page(s):84-87 Vol.1.
[30]于佳,李国文等.一个实用的门限方案成员加入协议.北京邮电大学学报 2006,29(z2):2-4.
[31]李慧贤,程春田,庞辽军.一个可验证的秘密共享新个体加入协议.西安交通大学学报 2006 40(2).