AN EFFICIENT AND SECURE （t, n） THRESHOLD SECRET SHARING SCHEME

Based on Shamir＇s threshold secret sharing scheme and the discrete logarithm problem, a new （t, n） threshold secret sharing scheme is proposed in this paper. In this scheme, each participant＇s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other participants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each participant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir＇s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.     

双重门限秘密共享方案

基于RSA密码体制、Shamir门限方案和哈希函数的安全性,设计了一种双重门限秘密共享方案。方案中,参与者只需维护一个秘密份额,可实现对多个秘密的共享。秘密份额由参与者确定和保管,秘密分发者也不知晓,秘密共享过程中,只需出示伪秘密份额。方案不需要维护安全信道,算法能够保证信息安全传送,以及验证参与者是否进行了欺骗。     

The Size of a Share Must Be Large

A secret sharing scheme permits a secret to be shared among participants of an n-element group in such a way that only qualified subsets of participants can recover the secret. If any nonqualified subset has absolutely no information on the secret, then the scheme is called perfect. The share in a scheme is the information that a participant must remember. In [3] it was proved that for a certain access structure any perfect secret sharing scheme must give some participant a share which is at least 50\percent larger than the secret size. We prove that for each n there exists an access structure on n participants so that any perfect sharing scheme must give some participant a share which is at least about times the secret size.^1 We also show that the best possible result achievable by the information-theoretic method used here is n times the secret size. ^1 All logarithms in this paper are of base 2. Received 24 November 1993 and revised 15 September 1995     

一种安全有效的（t,n）多秘密共享认证方案

基于双子密钥的思想给出了一种安全有效的(t,n)多秘密共享认证方案,其优点是每个成员可以多次使用自己的子密钥来恢复庄家任意给定的用于共享的多个密钥,重构一个密钥只需公开3个参数,为抵抗成员的欺骗无须执行零知识证明协议.所给的方案与已有的方案相比在计算量和通信量方面有明显的优越性.     

Asynchronous Group Authentication

Group authentication usually checks whether an individual user belongs to a pre-defined group each time but cannot authenticate all users at once with-out public key system. The paper proposes a Randomized component-based asynchronous (t, m, n) group authentica-tion ((t, m, n)-RCAGA) scheme. In the scheme, each user employs the share of (t, n)-threshold secret sharing as the token, constructs a Randomized component (RC) with the share and verifies whether all users belong to a pre-defined group at once without requiring all users to release ran-domized components simultaneously. The proposed scheme is simple and flexible because each group member just uses a single share as the token and the scheme does not depend on any public key system. Analyses show the proposed scheme can resist up to t?1 group members conspiring to forge a token, and an adversary is unable to forge a valid token or derive a token from a RC.     

基于线性码的可验证秘密分享方案

论文基于线性码提出了一个非交互的可验证秘密分享方案,利用线性码的一致校验矩阵来验证每一个秘密分享者从秘密分配者Dealer处所获得子秘密的合法性,各子秘密拥有者独立验证,无须合作。     

一个有效的门限多重秘密共享体制

针对Chien-Jan-Tseng体制计算量大以及Yang-Chang-Hwang体制公开信息量大的不足,利用双变量单向函数提出了一个新的(t,n)门限多重秘密共享体制.通过一次秘密共享过程就可以实现对任意个秘密的共享,而参与者秘密份额的长度仅为一个秘密的长度.在秘密重构过程中,每个合作的参与者只需提交一个由秘密份额计算的伪份额,而不会暴露其秘密份额本身.本文体制结合了现有体制的优点并避免了它们的缺点,是一个实用、有效的体制.     

新的安全分布式n个秘密乘积共享方案

由于Shamir的秘密共享方案并不具有乘法的同态性质, 因此针对安全分布式乘法计算中利用传统的Shamir线性多项式进行n个秘密乘积共享时需要不断调用两方秘密乘积子协议的缺点,首先用哥德尔数对保密数据进行编码,接着利用这种具有乘法同态的编码方法和一种加法同态承诺方案,实现了一种新的安全分布式一次性共享n个秘密乘积的方案,并证明了即使有恶意的参与者存在时,此方案仍为安全的。分析表明,本方案不但简单可行,而且相比传统方案效率明显提高。     

Secret image sharing scheme with hierarchical threshold access structure

A hierarchical threshold secret image sharing (HTSIS) scheme is a method to share a secret image among a set of participants with different levels of authority. Recently, Guo et al. (2012) [22] proposed a HTSIS scheme based on steganography and Birkhoff interpolation. However, their scheme does not provide the required secrecy needed for HTSIS schemes so that some non-authorized subsets of participants are able to recover parts of the secret image. In this paper, we employ cellular automata and Birkhoff interpolation to propose a secure HTSIS scheme. In the new scheme, each authorized subset of participants is able to recover both the secret and cover images losslessly whereas non-authorized subsets obtain no information about the secret image. Moreover, participants are able to detect tampering of the recovered secret image. Experimental results show that the proposed scheme outperforms Guo et al.’s approach in terms of visual quality as well.     

On the size of shares for secret sharing schemes

A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multiparty secure protocols.We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures that meets the bound with equality.This work was partially supported by Algoritmi, Modelli di Calcolo e Sistemi Informativi of M.U.R.S.T. and by Progetto Finalizzato Sistemi Informatici e Calcolo Parallelo of C.N.R. under Grant Number 91.00939.PF69.     

一种无损多秘密分享视觉密码方案

针对分享多幅秘密图像存在信息损失的问题,该文给出(n, n)无损多秘密分享视觉密码的定义,在此基础上基于环状共享份设计了一种(n, n)多秘密视觉密码方案,使秘密图像的信息损失为零。实验结果表明,该方案不仅实现了在多个参与者之间分享多幅秘密图像,而且秘密图像能够完全恢复。     

多重门限的图像秘密共享方案

 针对传统的基于视觉密码的图像秘密共享方案存在像素扩张导致其只能共享小尺寸的秘密图像、信息隐藏效率较低的问题,提出一种能够提高信息隐藏容量的(t,k,n)多重门限图像秘密共享方案.该方案利用秘密图像信息控制视觉密码方案中共享矩阵的选取,从而实现秘密图像在视觉密码方案中的隐藏.在秘密图像恢复的第一阶段,任意t个参与者直接叠加其影子图像后可以视觉解密出低质量的秘密图像信息;在第二阶段,任意k个参与者可以从影子图像中提取出隐藏的信息,并通过计算恢复出精确的灰度秘密图像.相对于传统的视觉密码方案,本文方案在不影响视觉密码恢复图像的视觉质量前提下,可以隐藏更多的秘密图像信息,而像素扩张尺寸较小.     

一种安全的门限多秘密共享方案

提出了一种可认证的门限多秘密共享的新方案,通过成员提供的子密钥的一个影子来恢复秘密,由影子难以得到子密钥本身,因此可以复用,也即通过同一组子密钥共享多个秘密.该方案可以对分发者发布的信息和参与者提供的子密钥影子进行认证,从而可以抵御分发者欺骗和参与者欺骗.方案的安全性基于RSA密码系统和Shamir的(k,n)门限秘密共享方案.另外,本文还提出两种对这类门限多秘密共享方案的欺骗方法,能不同程度的破坏几个已有方案的安全性,但本文所提出的方案对这些欺骗有免疫能力.该方案是计算安全的,并且性能较现有诸方案更好.     

On the classification of ideal secret sharing schemes

In a secret sharing scheme a dealer has a secret key. There is a finite set P of participants and a set of subsets of P. A secret sharing scheme with as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in . The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper we show a relationship between ideal secret sharing schemes and matroids.This work was performed at the Sandia National Laboratories and was supported by the U.S. Department of Energy under Contract No. DE-AC04-76DP00789.     

Efficient multi-secret image sharing based on Boolean operations

(n,n) visual secret sharing (VSS), first proposed by Naor and Shamir (1995) [4], is used to encode (encrypt) a secret image into n meaningless share images to be superimposed later to decode (decrypt) the original secret by human visual system after collecting all n secret images. In recent years, VSS-based image sharing (encryption) and image hiding schemes, two of a variety of applications based on VSS, have drawn much attention. In this paper, an efficient (n+1,n+1) multi-secret image sharing scheme based on Boolean-based VSS is proposed to not only keep the secret images confidential but also increase the capacity of sharing multiple secrets. The Boolean-based VSS technology, used to encode the secret images, generates n random matrices; then the n secret images are subsequently encoded into the n+1 meaningless share images. It is worthwhile to note that n secret images can be hidden by means of sharing only n+1 share images in the proposed scheme instead of 2n share images. Thus, the present scheme thus benefits from (1) reducing the demand of image transmission bandwidth, (2) easing the management overhead of meaningless share images, and (3) involving neither significant extra computational cost nor distortion for reconstructed secret images. The experimental results show the performance in terms of feasibility and image sharing capacity. Applied into image hiding schemes, the proposed scheme can enhance the hiding capacity.     

一种无纠缠态的量子秘密共享协议

秘密共享是指将一个秘密按适当的方式进行隐藏或拆分,只有若干个参与者一同协作才能恢复该秘密,该技术在云计算领域中能够确保信息安全和数据保密.提出了一种不使用纠缠态的量子秘密共享协议,通过使用量子密码算法确保系统的安全性.相比其他的秘密共享协议,该协议具有以下优点:与传统的基于数论的秘密共享协议相比,本协议由于使用量子通信的技术,从而能够有效抵抗Shor算法攻击;相比其他的量子秘密共享协议,由于本协议没有使用量子纠缠态,在技术程度上更容易实现;如果存在攻击者或恶意的参与者,该协议能够在秘密恢复过程中迅速发现,避免恢复错误的秘密.     

基于ECC的可公开验证的非交互式密钥共享方案

提出一种基于椭圆曲线加密的非交互式零知识证明协议,并基于该证明协议提出一个可公开验证的密钥共享方案.在该方案中,密钥和密钥份额被嵌入椭圆曲线的点上,任何人均可对密钥和密钥份额进行验证,只有合法参与者集合可恢复出密钥,但无法知道密钥的具体内容;这样有效阻止了攻击者窃取密钥,也防止了数据的误发和成员之间的欺诈,更有利于密钥的复制与更新.     

一个可防止欺诈的秘密分享方案

本文利用认证码构造一种可防止欺诈的秘密分享方案。此方案不仅可防止非法者的假冒,也可防止子密合法拥有者的欺诈,特别是可防止某些子密合法拥有者形成团伙对另一合法者的欺诈,且数据利用率较高。     

基于Shamir秘密共享的密钥分发与恢复算法

在经典的Shamir秘密共享方案中,秘密分发者把秘密 分为 个影子秘密并分发给持有者;其中任意不少于t个影子秘密均能恢复秘密s,少于t个影子秘密则得不到秘密 的任何信息。现实的秘密恢复过程中可能存在超过t个参与者的情形,因此,在Shamir的秘密共享方案基础上讨论此种情形下秘密共享问题,通过引入影子秘密的线性组合——拉格朗日因子来恢复秘密,并进一步将其扩展为一个多秘密共享方案。理论分析与仿真实验表明：改进算法在同样复杂度条件下既保证影子秘密的安全,又能阻止欺骗者得到秘密,提高了整体安全性。     

多版本备份和限制性双重认证主密钥(t,s,k,n)图像分存

传统影子图像连接的（t,s,k,n）分存易导致分发影子图像大小不等,基于伯克霍夫插值的（t,s,k,n）分存不能高效恢复;而双认证自修复图像分存对密图和备份图恢复能力十分有限.针对以上问题,采用随机参与值通过（k,s）和（k-t,n-s）分存来构造主密钥（t,s,k,n）分存并通过第3方公信方存储的MD5值以防止作弊.所提策略由主密钥对密图LL子带置乱来形成对显著比特多备份、对非显著比特少备份和经主密钥不同程度置乱的多版本备份图;引入限制性双重认证在保持认证精度的同时,将尽可能多的备份比特通过GF（2^8）域（k,n）分存嵌入来形成嵌密掩体.理论和实验表明,主密钥（t,s,k,n）分存可高效求解;随机参与值可避免参与者编号泄露,分发信息的篡改和认证比特的揣测;多版本备份可对备份图高置信度地恢复;而限制性双重认证在认证能力上不低于双认证自修复图像分存.