Some improved bounds on the information rate of perfect secret sharing schemes

In this paper we study secret sharing schemes for access structures based on graphs. A secret sharing scheme enables a secret key to be shared among a set of participants by distributing partial information called shares. Suppose we desire that some specified pairs of participants be able to compute the key. This gives rise in a natural way to a graphG which contains these specified pairs as its edges. The secret sharing scheme is calledperfect if a pair of participants corresponding to a nonedge ofG can obtain no information regarding the key. Such a perfect secret sharing scheme can be constructed for any graph. In this paper we study the information rate of these schemes, which measures how much information is being distributed as shares compared with the size of the secret key. We give several constructions for secret sharing schemes that have a higher information rate than previously known schemes. We prove the general result that, for any graphG having maximum degreed, there is a perfect secret sharing scheme realizingG in which the information rate is at least 2/(d+3). This improves the best previous general bound by a factor of almost two. The work of E. F. Brickell was performed at the Sandia National Laboratories and was supported by the U.S. Department of Energy under Contract Number DE-AC04-76DP00789. The research of D. R. Stinson was supported by NSERC Operating Grant A9287 and by the Center for Communication and Information Science, University of Nebraska.     

Strongly ideal secret sharing schemes

We define strongly ideal secret sharing schemes to be ideal secret sharing schemes in which certain natural requirements are placed on the decoder. We prove an information-theoretic characterization of perfect schemes, and use it to determine which access structures can be encoded by strongly ideal schemes. We also discuss a hierarchy of secret sharing schemes that are more powerful than strongly ideal schemes.     

Graph decompositions and secret sharing schemes

In this paper we continue a study of secret sharing schemes for-access structures based on graphs. Given a graph G, we require that a subset of participants can compute a secret key if they contain an edge of G; otherwise, they can obtain no information regarding the key. We study the information rate of such schemes, which measures how much information in being distributed as shares compared with the size of the secret key, and the average information rate, which is the ratio between the secret size and the arithmetic mean of the size of the shares. We give both upper and lower bounds on the optimal information rate and average information rate that can be obtained. Upper bounds arise by applying entropy arguments due to Capocelli et al. [15]. Lower bounds come from constructions that are based on graph decompositions. Application of these constructions requires solving a particular linear programming problem. We prove some general results concerning the information rate and average information rate for paths, cycles, and trees. Also, we study the 30 (connected) graphs on at most five vertices, obtaining exact values for the optimal information rate in 26 of the 30 cases, and for the optimal average information rate in 28 of the 30 cases.The research of C. Blundo, A. De Santis, and U. Vaccaro was partially supported by the Italian Ministry of University and Research (M.U.R.S.T.) and by the National Council for Research (C.N.R.) under Grant 91.02326.CT12. The research of D. R. Stinson was supported by NSF Grant CCR-9121051.     

Ideal secret sharing schemes with multiple secrets

We consider secret sharing schemes which, through an initial issuing of shares to a group of participants, permit a number of different secrets to be protected. Each secret is associated with a (potentially different) access structure and a particular secret can be reconstructed by any group of participants from its associated access structure without the need for further broadcast information. We consider ideal secret sharing schemes in this more general environment. In particular, we classify the collections of access structures that can be combined in such an ideal secret sharing scheme and we provide a general method of construction for such schemes. We also explore the extent to which the results that connect ideal secret sharing schemes to matroids can be appropriately generalized.The work of the second and third authors was supported by the Australian Research Council.     

Secret sharing schemes from three classes of linear codes

Secret sharing has been a subject of study for over 20 years, and has had a number of real-world applications. There are several approaches to the construction of secret sharing schemes. One of them is based on coding theory. In principle, every linear code can be used to construct secret sharing schemes. But determining the access structure is very hard as this requires the complete characterization of the minimal codewords of the underlying linear code, which is a difficult problem in general. In this paper, a sufficient condition for all nonzero codewords of a linear code to be minimal is derived from exponential sums. Some linear codes whose covering structure can be determined are constructed, and then used to construct secret sharing schemes with nice access structures.     

On the classification of ideal secret sharing schemes

In a secret sharing scheme a dealer has a secret key. There is a finite set P of participants and a set of subsets of P. A secret sharing scheme with as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in . The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper we show a relationship between ideal secret sharing schemes and matroids.This work was performed at the Sandia National Laboratories and was supported by the U.S. Department of Energy under Contract No. DE-AC04-76DP00789.     

基于单向函数的广义秘密共享方案

提出了广义秘密共享方案的概念，并给出了两个基于单向函数的广义秘密共享方案，这两个方案只需每个成员保存一个子秘密，而且每个成员的子秘密可以重复使用，并且在更新成员时无需更改每个成员的子秘密。     

On the size of shares for secret sharing schemes

A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multiparty secure protocols.We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures that meets the bound with equality.This work was partially supported by Algoritmi, Modelli di Calcolo e Sistemi Informativi of M.U.R.S.T. and by Progetto Finalizzato Sistemi Informatici e Calcolo Parallelo of C.N.R. under Grant Number 91.00939.PF69.     

New families of almost perfect nonlinear power mappings

A power mapping f(x)=x^d over GF(pⁿ) is said to be differentially k-uniform if k is the maximum number of solutions x∈GF(pⁿ) of f(x+a)-f(x)=b where a, b∈GF(pⁿ ) and a≠0. A 2-uniform mapping is called almost perfect nonlinear (APN). We construct several new infinite families of nonbinary APN power mappings     

The weight distribution of a class of linear codes from perfect nonlinear functions

In this correspondence, the weight distribution of a class of linear codes based on perfect nonlinear functions (also called planar functions) is determined. The class of linear codes under study are either optimal or among the best codes known, and have nice applications in cryptography.     

On concatenated zigzag codes and their decoding schemes

In this letter, we show that a concatenated zigzag code can be viewed as a low-density parity-check (LDPC) code. Based on the bipartite graph representation for such a parallel-concatenated code, various sum-product based decoding algorithms are introduced and compared. The results show that the improved versions of sum-product algorithm exhibit better convergence rate while maintaining the essential parallel form.     

Linear codes derived from cyclic codes

This paper presents a procedure for the construction of linear block codes derived from cyclic subspaces. The distance properties of these codes are determined indirectly by the BCH bound despite the fact that they are not cyclic.     

新型有效的秘密共享方案

提出了一种新的秘密共享方案。该方案分两层实现:上层,基于Stern-Brocot树把一个大的秘密拆分为t个小整数(子秘密);底层,借鉴一维元胞自动机模型中的进化方法,把上层的t个子秘密作为初始状态,动态生成各参与者的共享。特别地,该方案能够动态扩展参与者,动态调整门限值,动态更新秘密和共享。另外,还具有计算简单,各参与者共享份额短的优点。分析结果表明,该方案安全、有效。     

门限秘密共享及其典型应用

秘密共享技术是密码学的重要分支,目前已经有了大量的理论与应用研究成果。(k,n)门限秘密共享方案将秘密信息分成n份无意义的子秘密,只有拥有至少k份子秘密才能恢复秘密信息,可以有效提升其安全性。在介绍了基本的门限秘密共享方案的基础上,对其在密码学几个重要分支如数字签名、基于身份加密、基于属性加密以及图像加密中的典型应用进行了全面的归纳与总结,分析了当前存在的问题,并对未来的研究趋势进行展望。     

Linear unequal error protection codes from shorter codes (Corresp.)

The methods for combining codes, such as the direct sum, direct product, and|u|u + v|constructions, concatenation, etc., are extended to linear unequal error protection codes.     

Systematic authentication codes from highly nonlinear functions

Recently, highly nonlinear functions have been successfully employed to construct authentication codes with and without secrecy. In this paper, we construct four classes of systematic authentication codes from perfect nonlinear functions and almost-perfect nonlinear functions. The systematic authentication codes presented in this paper are either better than existing codes or as good as the best codes known.     

基于Shamir秘密共享的密钥分发与恢复算法

在经典的Shamir秘密共享方案中,秘密分发者把秘密 分为 个影子秘密并分发给持有者;其中任意不少于t个影子秘密均能恢复秘密s,少于t个影子秘密则得不到秘密 的任何信息。现实的秘密恢复过程中可能存在超过t个参与者的情形,因此,在Shamir的秘密共享方案基础上讨论此种情形下秘密共享问题,通过引入影子秘密的线性组合——拉格朗日因子来恢复秘密,并进一步将其扩展为一个多秘密共享方案。理论分析与仿真实验表明：改进算法在同样复杂度条件下既保证影子秘密的安全,又能阻止欺骗者得到秘密,提高了整体安全性。     

Quantum secret sharing between multiparty and multiparty with entanglement swapping

A quantum secret sharing （QSS） protocol between multiparty and multiparty is proposed, based on Greenberger-Horne- Zeilinger （GHZ） state. The protocol utilizes quantum Fourier transform and entanglement swapping to achieve a high intrinsic efficiency and source capacity. Then, the security of this protocol against some possible eavesdropping strategies has been analyzed. Furthermore, the presented protocol is generalized to the d-level case.