Skip to main content
QUICK REVIEW

[论文解读] Leakage-Resilient Non-Malleable Secret Sharing in Non-compartmentalized Models

Lin, Fuchun, Cheraghchi, Mahdi|arXiv (Cornell University)|Feb 17, 2019
Cryptography and Data Security参考文献 42被引用 3
一句话总结

本文在非分块模型中提出抗泄漏的非可修饰秘密共享,其中敌手可对完整共享向量应用有界总长度的仿射泄漏函数,并通过仿射或按位独立函数篡改共享。该文构建了信息比接近最优的方案,在自适应与非自适应的泄漏和篡改模型下实现非可修饰性,核心工具为随机性提取器与纠错码。

ABSTRACT

Leakage-resilient secret sharing has mostly been studied in the compartmentalized models, where a leakage oracle can arbitrarily leak bounded number of bits from all shares, provided that the oracle only has access to a bounded number of shares when the leakage is taking place. We start a systematic study of leakage-resilient secret sharing against global leakage, where the leakage oracle can access the full set of shares simultaneously, but the access is restricted to a special class of leakage functions. More concretely, the adversary can corrupt several players and obtain their shares, as well as applying a leakage function from a specific class to the full share vector. We explicitly construct such leakage-resilient secret sharing with respect to affine leakage functions and low-degree multi-variate polynomial leakage functions, respectively. For affine leakage functions, we obtain schemes with threshold access structure that are leakage-resilient as long as there is a substantial difference between the total amount of information obtained by the adversary, through corrupting individual players and leaking from the full share vector, and the amount that the reconstruction algorithm requires for reconstructing the secret. Furthermore, if we assume the adversary is non-adaptive, we can even make the secret length asymptotically equal to the difference, as the share length grows. Specifically, we have a threshold scheme with parameters similar to Shamir’s scheme and is leakage-resilient against affine leakage. For multi-variate polynomial leakage functions with degree bigger than one, our constructions here only yield ramp schemes that are leakage-resilient against such leakage. Finally, as a result of independent interest, we show that our approach to leakage-resilient secret sharing also yields a competitive scheme compared with the state-of-the-art construction in the compartmentalized models.

研究动机与目标

  • 为解决在不假设分块的非分块篡改模型中缺乏抗泄漏秘密共享的问题。
  • 使泄漏函数作用于完整共享向量而非仅子集,同时保持安全性。
  • 在自适应与非自适应的泄漏和篡改模型下实现非可修饰性。
  • 构建信息比恒定且接近最优效率的方案。
  • 探索在具有通用访问结构的秘密共享中,将仿射泄漏抗性与非可修饰篡改相结合的可行性。

提出的方法

  • 采用结合随机性提取器与纠错码的通用构造,以实现抗泄漏性。
  • 应用仿射提取器处理对完整共享向量的泄漏,确保熵的保留。
  • 使用具有线性结构的带种子非可修饰提取器,以应对按位独立与仿射函数下的篡改。
  • 引入混合论证,结合条件熵与独立性,分析自适应环境下泄漏与篡改的安全性。
  • 利用仿射源与提取器的结构,确保篡改后的输出要么是均匀的,要么与原始秘密独立。
  • 采用概率构造方法,证明在低熵需求下存在线性带种子非可修饰提取器。

实验结果

研究问题

  • RQ1能否在非分块模型中构建抗泄漏的秘密共享,其中泄漏作用于完整共享向量?
  • RQ2当泄漏与篡改均自适应且全局作用于共享向量时,是否可能实现对篡改的非可修饰性?
  • RQ3能否在无分块的非分块秘密共享中安全处理仿射泄漏函数?
  • RQ4在此设置下,构造线性带种子非可修饰提取器的最小熵需求是多少?
  • RQ5该框架能否扩展至超过阈值方案的任意单调访问结构?

主要发现

  • 本文为非分块模型中的仿射泄漏与篡改函数构造了抗泄漏的非可修饰秘密共享方案。
  • 对于非自适应敌手,构造的信息比接近最优,秘密长度几乎等于共享长度减去泄漏位数。
  • 对于按位独立篡改,该方案适用于所有阈值,包括低阈值。
  • 证明了在熵需求低于一半的参数下,线性带种子非可修饰提取器的存在性,突破了已知障碍。
  • 该框架支持对共享的全局访问,实现了自适应泄漏与篡改,扩展了先前的分块模型。
  • 概率性论证表明,仅需 φn 位熵(任意常数 φ > 0),即可提取 Ω(log n) 位均匀随机比特,且误差可忽略。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。