Results 1  10
of
85
On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption
 Designs, Codes and Cryptography
, 1996
"... This paper provides an exposition of methods by which a trusted authority can distribute keys and/or broadcast a message over a network, so that each member of a privileged subset of users can compute a specified key or decrypt the broadcast message. Moreover, this is done in such a way that no coal ..."
Abstract

Cited by 62 (8 self)
 Add to MetaCart
(Show Context)
This paper provides an exposition of methods by which a trusted authority can distribute keys and/or broadcast a message over a network, so that each member of a privileged subset of users can compute a specified key or decrypt the broadcast message. Moreover, this is done in such a way that no coalition is able to recover any information on a key or broadcast message they are not supposed to know. The problems are studied using the tools of information theory, so the security provided is unconditional (i.e., not based on any computational assumption). We begin by surveying some useful schemes schemes for key distribution that have been presented in the literature, giving background and examples (but not too many proofs). In particular, we look more closely at the attractive concept of key distribution patterns, and present a new method for making these schemes more efficient through the use of resilient functions. Then we present a general approach to the construction of broadcast sch...
Decomposition Constructions for Secret Sharing Schemes
 IEEE Trans. Inform. Theory
, 1998
"... The purpose of this paper is to decribe a very powerful decomposition construction for perfect secret sharing schemes. We give several applications of the construction, and improve previous results by showing that for any graph G of maximum degree d, there is a perfect secret sharing scheme for G w ..."
Abstract

Cited by 40 (4 self)
 Add to MetaCart
(Show Context)
The purpose of this paper is to decribe a very powerful decomposition construction for perfect secret sharing schemes. We give several applications of the construction, and improve previous results by showing that for any graph G of maximum degree d, there is a perfect secret sharing scheme for G with information rate 2=(d + 1). As a corollary, the maximum information rate of secret sharing schemes for paths on more than three vertices and for cycles on more than four vertices is shown to be 2=3. Keywords secret sharing scheme, graph access structure, information rate, linear programming. 1 Introduction and Terminology Informally, a secret sharing scheme is a method of sharing a secret key K among a finite set of participants in such a way that certain specified subsets of participants can compute the secret key K. The value K is chosen by a special participant called the dealer. We will use the following notation. Let P = fP i : 1 i wg be the set of participants. The dealer is ...
Secret Sharing Schemes with Bipartite Access Structure
, 1998
"... We study the information rate of secret sharing schemes whose access structure is bipartite. In a bipartite access structure there are two classes of participants and all participants in the same class play an equivalent role in the structure. We characterize completely the bipartite access struct ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
We study the information rate of secret sharing schemes whose access structure is bipartite. In a bipartite access structure there are two classes of participants and all participants in the same class play an equivalent role in the structure. We characterize completely the bipartite access structures that can be realized by an ideal secret sharing scheme. Both upper and lower bounds on the optimal information rate of bipartite access structures are given.
On the Information Rate of Secret Sharing Schemes
 Theoretical Computer Science
, 1992
"... We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1=2 + ff ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
(Show Context)
We derive new limitations on the information rate and the average information rate of secret sharing schemes for access structure represented by graphs. We give the first proof of the existence of access structures with optimal information rate and optimal average information rate less that 1=2 + ffl, where ffl is an arbitrary positive constant. We also consider the problem of testing if one of these access structures is a substructure of an arbitrary access structure and we show that this problem is NPcomplete. We provide several general lower bounds on information rate and average information rate of graphs. In particular, we show that any graph with n vertices admits a secret sharing scheme with information rate\Omega\Gammate/3 n)=n). 1 Introduction A secret sharing scheme is a method to distribute a secret s among a set of participants P in such a way that only qualified subsets of P can reconstruct the value of s whereas any other subset of P ; nonqualified to know s; cannot ...
Secret sharing schemes arising from Latin squares
 Bull. of the Inst. of Combinatorics and its Applications
, 1994
"... Secret sharing schemes arising from latin squares A critical set in a latin square is a partial latin square which has a unique completion. In this paper we demonstrate how critical sets can be used in the design of secret sharing schemes. ..."
Abstract

Cited by 29 (7 self)
 Add to MetaCart
Secret sharing schemes arising from latin squares A critical set in a latin square is a partial latin square which has a unique completion. In this paper we demonstrate how critical sets can be used in the design of secret sharing schemes.
Characterizing Ideal Weighted Threshold Secret Sharing
 Second Theory of Cryptography Conference, TCC 2005. Lecture Notes in Comput. Sci. 3378
, 2005
"... Abstract. Weighted threshold secret sharing was introduced by Shamir in his seminal work on secret sharing. In such settings, there is a set of users where each user is assigned a positive weight. A dealer wishes to distribute a secret among those users so that a subset of users may reconstruct the ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Weighted threshold secret sharing was introduced by Shamir in his seminal work on secret sharing. In such settings, there is a set of users where each user is assigned a positive weight. A dealer wishes to distribute a secret among those users so that a subset of users may reconstruct the secret if and only if the sum of weights of its users exceeds a certain threshold. On one hand, there are nontrivial weighted threshold access structures that have an ideal scheme – a scheme in which the size of the domain of shares of each user is the same as the size of the domain of possible secrets (this is the smallest possible size for the domain of shares). On the other hand, other weighted threshold access structures are not ideal. In this work we characterize all weighted threshold access structures that are ideal. We show that a weighted threshold access structure is ideal if and only if it is a hierarchical threshold access structure (as introduced by Simmons), or a tripartite access structure (these structures generalize the concept of bipartite access structures due to Padró and Sáez), or a composition of two ideal weighted threshold access structures that are defined on smaller sets of users. We further show that in all those cases the weighted threshold access structure may be realized by a linear ideal secret sharing scheme. The proof of our characterization relies heavily on the strong connection between ideal secret sharing schemes and matroids, as proved by Brickell and Davenport.
Key Preassigned Traceability Schemes for Broadcast Encryption (Extended Abstract)
, 1998
"... ) D. R. Stinson and R. Wei Department of Combinatorics and Optimization University of Waterloo Waterloo Ontario, N2L 3G1 Canada May 19, 1998 1 Introduction Most networks can be thought of as broadcast networks, in that any one connected to the network can access to all the information that flows th ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
) D. R. Stinson and R. Wei Department of Combinatorics and Optimization University of Waterloo Waterloo Ontario, N2L 3G1 Canada May 19, 1998 1 Introduction Most networks can be thought of as broadcast networks, in that any one connected to the network can access to all the information that flows through it. In many situations, such as a payperview television broadcast, the data is only available to authorized users. To prevent an unauthorized user from accessing the data, the trusted authority (TA) will encrypt the data and give the authorized users keys to decrypt it. Some unauthorized users might obtain some decryption keys from a group of one or more authorized users (called traitors). Then the unauthorized users can decrypt data that they are not entitled to. To prevent this, Chor, Fiat and Naor [5] devised a traitor tracing scheme, called a traceability scheme, which will reveal at least one traitor on the confiscation of a pirate decoder. This scheme was then generalized by S...
Universally Ideal Secret Sharing Schemes
 IEEE Trans. on Information Theory
, 1994
"... Given a set of parties f1; : : : ; ng, an access structure is a monotone collection of subsets of the parties. For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties. These shares enable subsets in the access stru ..."
Abstract

Cited by 21 (8 self)
 Add to MetaCart
(Show Context)
Given a set of parties f1; : : : ; ng, an access structure is a monotone collection of subsets of the parties. For a certain domain of secrets, a secret sharing scheme for an access structure is a method for a dealer to distribute shares to the parties. These shares enable subsets in the access structure to reconstruct the secret, while subsets not in the access structure get no information about the secret. A secret sharing scheme is ideal if the domains of the shares are the same as the domain of the secrets. An access structure is universally ideal if there exists an ideal secret sharing scheme for it over every finite domain of secrets. An obvious necessary condition for an access structure to be universally ideal is to be ideal over the binary and ternary domains of secrets. In this work, we prove that this condition is also sufficient. We also show that being ideal over just one of the two domains does not suffice for universally ideal access structures. Finally, we give an exac...
Online Secret Sharing
 In Proc. of the 5th IMA Conf. on Cryptography and Coding
, 1995
"... . We propose a new construction for computationally secure secret sharing schemes with general access structures where all shares are as short as the secret. Our scheme provides the capability to share multiple secrets and to dynamically add participants online, without having to redistribute new ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
. We propose a new construction for computationally secure secret sharing schemes with general access structures where all shares are as short as the secret. Our scheme provides the capability to share multiple secrets and to dynamically add participants online, without having to redistribute new shares secretly to the current participants. These capabilities are gained by storing additional authentic (but not secret) information at a publicly accessible location. 1 Introduction Secret sharing is an important and widely studied tool in cryptography and distributed computation. Informally, a secret sharing scheme is a protocol in which a dealer distributes a secret among a set of participants such that only specific subsets of them, defined by the access structure, can recover the secret at a later time. Secret sharing has largely been investigated in the informationtheoretic security model, requiring that the participants' shares give no information on the secret, i.e. that the res...
Fully Dynamic Secret Sharing Schemes
 Theoretical Computer Science
, 1994
"... We consider secret sharing schemes in which the dealer is able (after a preprocessing stage) to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets (in different time instants) by sending them the same broadcast message. In this ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
(Show Context)
We consider secret sharing schemes in which the dealer is able (after a preprocessing stage) to activate a particular access structure out of a given set and/or to allow the participants to reconstruct different secrets (in different time instants) by sending them the same broadcast message. In this paper we establish a formal setting to study secret sharing schemes of this kind. The security of the schemes presented is unconditional, since they are not based on any computational assumption. We give bounds on the size of the shares held by participants, on the size of the broadcast message, and on the randomness needed in such schemes. 1 Introduction A secret sharing scheme is a method of dividing a secret s among a set P of participants in such a way that: if the participants in A ` P are qualified to know the secret then by pooling together their information they can reconstruct the secret s; but any set A of participants not qualified to know s has absolutely no information on the...