A general method for construction of (<Emphasis Type="Italic">t</Emphasis>, <Emphasis Type="Italic">n</Emphasis>)-threshold visual secret sharing schemes for color images

This paper is concerned with the construction of basis matrices of visual secret sharing schemes for color images under the (t, n)-threshold access structure, where n ≥ t ≥ 2 are arbitrary integers. We treat colors as elements of a bounded semilattice and regard stacking two colors as the join of the two corresponding elements. We generate n shares from a secret image with K colors by using K matrices called basis matrices. The basis matrices considered in this paper belong to a class of matrices each element of which is represented by a homogeneous polynomial of degree n. We first clarify a condition such that the K matrices corresponding to K homogeneous polynomials become basis matrices. Next, we give an algebraic scheme for the construction of basis matrices. It is shown that under the (t, n)-threshold access structure we can obtain K basis matrices from appropriately chosen K − 1 homogeneous polynomials of degree n by using simple algebraic operations. In particular, we give basis matrices that are unknown so far for the cases of t = 2, 3 and n − 1.     

Secret sharing schemes with partial broadcast channels

In a conventional secret sharing scheme a dealer uses secure point-to-point channels to distribute the shares of a secret to a number of participants. At a later stage an authorised group of participants send their shares through secure point-to-point channels to a combiner who will reconstruct the secret. In this paper, we assume no point-to-point channel exists and communication is only through partial broadcast channels. A partial broadcast channel is a point-to-multipoint channel that enables a sender to send the same message simultaneously and privately to a fixed subset of receivers. We study secret sharing schemes with partial broadcast channels, called partial broadcast secret sharing schemes. We show that a necessary and sufficient condition for the partial broadcast channel allocation of a (t, n)-threshold partial secret sharing scheme is equivalent to a combinatorial object called a cover-free family. We use this property to construct a (t, n)-threshold partial broadcast secret sharing scheme with O(log n) partial broadcast channels. This is a significant reduction compared to n point-to-point channels required in a conventional secret sharing scheme. Next, we consider communication rate of a partial broadcast secret sharing scheme defined as the ratio of the secret size to the total size of messages sent by the dealer. We show that the communication rate of a partial broadcast secret sharing scheme can approach 1/O(log n) which is a significant increase over the corresponding value, 1/n, in the conventional secret sharing schemes. We derive a lower bound on the communication rate and show that for a (t,n)-threshold partial broadcast secret sharing scheme the rate is at least 1/t and then we propose constructions with high communication rates. We also present the case of partial broadcast secret sharing schemes for general access structures, discuss possible extensions of this work and propose a number of open problems.      

Optimal Colored Threshold Visual Cryptography Schemes

Visual cryptography schemes allow the encoding of a secret image into n shares which are distributed to the participants. The shares are such that only qualified subsets of participants can visually recover the secret image. Usually the secret image consist of black and white pixels. In colored threshold visual cryptography schemes the secret image is composed of pixels taken from a given set of c colors. The pixels expansion and the contrast of a scheme are two measures of the goodness of the scheme.In this paper, we study c-color (k,n)-threshold visual cryptography schemes and provide a characterization of contrast-optimal schemes. More specifically we prove that there exists a contrast-optimal scheme that is a member of a special set of schemes, which we call canonical schemes, and that satisfy strong symmetry properties.Then we use canonical schemes to provide a constructive proof of optimality, with respect to the pixel expansion, of c-color (n,n)-threshold visual cryptography schemes.Finally, we provide constructions of c-color (2,n)-threshold schemes whose pixels expansion improves on previously proposed schemes.*This author is also a member of the Akamai Faculty Group, Akamai Technologies, 8 Cambridge center, Cambridge, MA 02142, USA.     

Improved Schemes for Visual Cryptography

A (k,n)-threshold visual cryptography scheme ((k,n)-threshold VCS, for short) is a method to encode a secret image SI into n shadow images called shares such that any k or more shares enable the visual recovery of the secret image, but by inspecting less than k shares one cannot gain any information on the secret image. The visual recovery consists of xeroxing the shares onto transparencies, and then stacking them. Any k shares will reveal the secret image without any cryptographic computation.In this paper we analyze visual cryptography schemes in which the reconstruction of black pixels is perfect, that is, all the subpixels associated to a black pixel are black. For any value of k and n, where 2 k n, we give a construction for (k,n)-threshold VCS which improves on the best previously known constructions with respect to the pixel expansion (i.e., the number of subpixels each pixel of the original image is encoded into). We also provide a construction for coloured (2,n)-threshold VCS and for coloured (n,n)-threshold VCS. Both constructions improve on the best previously known constructions with respect to the pixel expansion.     

Detection and identification of cheaters in (<Emphasis Type="Italic">t</Emphasis>, <Emphasis Type="Italic">n</Emphasis>) secret sharing scheme

In a (t, n) secret sharing scheme, a secret s is divided into n shares and shared among a set of n shareholders by a mutually trusted dealer in such a way that any t or more than t shares will be able to reconstruct this secret; but fewer than t shares cannot know any information about the secret. When shareholders present their shares in the secret reconstruction phase, dishonest shareholder(s) (i.e. cheater(s)) can always exclusively derive the secret by presenting faked share(s) and thus the other honest shareholders get nothing but a faked secret. Cheater detection and identification are very important to achieve fair reconstruction of a secret. In this paper, we consider the situation that there are more than t shareholders participated in the secret reconstruction. Since there are more than t shares (i.e. it only requires t shares) for reconstructing the secret, the redundant shares can be used for cheater detection and identification. Our proposed scheme uses the shares generated by the dealer to reconstruct the secret and, at the same time, to detect and identify cheaters. We have included discussion on three attacks of cheaters and bounds of detectability and identifiability of our proposed scheme under these three attacks. Our proposed scheme is an extension of Shamir’s secret sharing scheme.      

On proper secrets, (<Emphasis Type="Italic">t</Emphasis>, <Emphasis Type="Italic">k</Emphasis>)-bases and linear codes

This paper contains three parts where each part triggered and motivated the subsequent one. In the first part (Proper Secrets) we study the Shamir’s “k-out-of-n” threshold secret sharing scheme. In that scheme, the dealer generates a random polynomial of degree k−1 whose free coefficient is the secret and the private shares are point values of that polynomial. We show that the secret may, equivalently, be chosen as any other point value of the polynomial (including the point at infinity), but, on the other hand, setting the secret to be any other linear combination of the polynomial coefficients may result in an imperfect scheme. In the second part ((t, k)-bases) we define, for every pair of integers t and k such that 1 ≤ t ≤ k−1, the concepts of (t, k)-spanning sets, (t, k)-independent sets and (t, k)-bases as generalizations of the usual concepts of spanning sets, independent sets and bases in a finite-dimensional vector space. We study the relations between those notions and derive upper and lower bounds for the size of such sets. In the third part (Linear Codes) we show the relations between those notions and linear codes. Our main notion of a (t, k)-base bridges between two well-known structures: (1, k)-bases are just projective geometries, while (k−1, k)-bases correspond to maximal MDS-codes. We show how the properties of (t, k)-independence and (t, k)-spanning relate to the notions of minimum distance and covering radius of linear codes and how our results regarding the size of such sets relate to known bounds in coding theory. We conclude by comparing between the notions that we introduce here and some well known objects from projective geometry.      

New Colored Visual Secret Sharing Schemes

Visual secretsharing (VSS) schemes are used to protect the visual secret bysending n transparencies to different participantsso that k-1 or fewer of them have no informationabout the original image, but the image can be seen by stackingk or more transparencies. However, the revealedsecret image of a conventional VSS scheme is just black and white.The colored k out of n VSS scheme sharinga colored image is first introduced by Verheul and Van Tilborg[1]. In this paper, a new construction for the colored VSS schemeis proposed. This scheme can be easily implemented on basis ofa black & white VSS scheme and get much better block lengththan the Verheul-Van Tilborg scheme.     

Bounds for the determinants and inverses of certain H-matrices

The paper studies a subclass, referred to as PBDD(n₁, n₂), of the class of nonsingular H-matrices. A new characterization of matrices in PBDD(n₁, n₂) is suggested. Two-sided bounds for the determinants of matrices in the class PBDD(n₁, n₂) are derived, and their applications to strictly diagonally dominant matrices and to matrices with the Ostrowski-Brauer diagonal dominance are presented. An upper bound for the infinity norms of the inverses of matrices in PBDD(n₁, n₂) is considered. Extensions to the case of block k × k matrices, k ≥ 2, are addressed. Bibliography: 17 titles. __________ Translated from Zapiski Nauchnykh Seminarov POMI, Vol. 346, 2007, pp. 81–102.     

New Results on EX Graphs

By the extremal number ex(n; t) = ex(n; {C ₃, C ₄, . . . , C _t }) we denote the maximum size (that is, number of edges) in a graph of order n > t and girth at least g ≥ t + 1. The set of all the graphs of order n, containing no cycles of length ≥ t, and of size ex(n; t), is denoted by EX(n; t) = EX(n; {C ₃, C ₄, . . . , C _t }), these graphs are called EX graphs. In 1975, Erdős proposed the problem of determining the extremal numbers ex(n; 4) of a graph of order n and girth at least 5. In this paper, we consider a generalized version of this problem, for t ≥ 5. In particular, we prove that ex(29; 6) = 45, also we improve some lower bounds and upper bounds of ex _u (n; t), for some particular values of n and t.     

Arrangements of n Points whose Incident-Line-Numbers are at most n/2

We consider a set X of n noncollinear points in the Euclidean plane, and the set of lines spanned by X, where n is an integer with n ≥ 3. Let t(X) be the maximum number of lines incident with a point of X. We consider the problem of finding a set X of n noncollinear points in the Euclidean plane with t(X) ￡ ?n/2 ?{t(X) \le \lfloor n/2 \rfloor}, for every integer n ≥ 8. In this paper, we settle the problem for every integer n except n = 12k + 11 (k ≥ 4). The latter case remains open.     

On the distribution of reducible polynomials

Let ℛ _n (t) denote the set of all reducible polynomials p(X) over ℤ with degree n ≥ 2 and height ≤ t. We determine the true order of magnitude of the cardinality |ℛ _n (t)| of the set ℛ _n (t) by showing that, as t → ∞, t ² log t ≪ |ℛ₂(t)| ≪ t ² log t and t ⁿ ≪ |ℛ _n (t)| ≪ t _n for every fixed n ≥ 3. Further, for 1 < n/2 < k < n fixed let ℛ _k,n (t) ⊂ ℛ _n (t) such that p(X) ∈ ℛ _k,n (t) if and only if p(X) has an irreducible factor in ℤ[X] of degree k. Then, as t → ∞, we always have t ^k+1 ≪ |ℛ _k,n (t)| ≪ t ^k+1 and hence |ℛ _n−1,n (t)| ≫ |ℛ _n (t)| so that ℛ _n−1,n (t) is the dominating subclass of ℛ _n (t) since we can show that |ℛ _n (t)∖ℛ _n−1,n (t)| ≪ t ⁿ⁻¹(log t)².On the contrary, if R _n ^s (t) is the total number of all polynomials in ℛ _n (t) which split completely into linear factors over ℤ, then t ²(log t) ⁿ⁻¹ ≪ R _n ^s (t) ≪ t ² (log t) ⁿ⁻¹ (t → ∞) for every fixed n ≥ 2.      

Cheating in Visual Cryptography

A secret sharing scheme allows a secret to be shared among a set of participants, P, such that only authorized subsets of P can recover the secret, but any unauthorized subset cannot recover the secret. In 1995, Naor and Shamir proposed a variant of secret sharing, called visual cryptography, where the shares given to participants are xeroxed onto transparencies. If X is an authorized subset of P, then the participants in X can visually recover the secret image by stacking their transparencies together without performing any computation. In this paper, we address the issue of cheating by dishonest participants, called cheaters, in visual cryptography. The experimental results demonstrate that cheating is possible when the cheaters form a coalition in order to deceive honest participants. We also propose two simple cheating prevention visual cryptographic schemes.     

A large-deviation result for the range of random walk and for the Wiener sausage

Let {S _n } be a random walk on ℤ ^d and let R _n be the number of different points among 0, S ₁,…, S _{n −1}. We prove here that if d≥ 2, then ψ(x) := lim _{n →∞}(−:1/n) logP{R _n ≥nx} exists for x≥ 0 and establish some convexity and monotonicity properties of ψ(x). The one-dimensional case will be treated in a separate paper. We also prove a similar result for the Wiener sausage (with drift). Let B(t) be a d-dimensional Brownian motion with constant drift, and for a bounded set A⊂ℝ ^d let Λ _t = Λ _t (A) be the d-dimensional Lebesgue measure of the `sausage' ∪_{0≤ s ≤ t} (B(s) + A). Then φ(x) := lim _t→∞: (−1/t) log P{Λ _t ≥tx exists for x≥ 0 and has similar properties as ψ. Received: 20 April 2000 / Revised version: 1 September 2000 / Published online: 26 April 2001     

Comments on Harn–Lin’s cheating detection scheme

Detection of cheating and identification of cheaters in threshold schemes has been well studied, and several solid solutions have been provided in the literature. This paper analyses Harn and Lin’s recent work on cheating detection and identification of cheaters in Shamir’s threshold scheme. We will show that, in a broad area, Harn–Lin’s scheme fails to detect cheating and even if the cheating is detected cannot identify the cheaters. In particular, in a typical Shamir (t, n)-threshold scheme, where n = 2t − 1 and up to t − 1 of participants are corrupted, their scheme neither can detect nor can identify the cheaters. Moreover, for moderate size of groups their proposed cheaters identification scheme is not practical.     

Difference estimates for continuous and discrete operator semigroups

For suitable bounded operator semigroups (e ^tA ) _t≥0 in a Banach space, we characterize the estimate ‖Ae ^tA ‖≤c/F(t) for large t, where F is a function satisfying a sublinear growth condition. The characterizations are by holomorphy estimates on the semigroup, and by estimates on powers of the resolvent. We give similar characterizations of the difference estimate ‖T ⁿ −T ⁿ⁺¹‖≤c/F(n) for a power-bounded linear operator T, when F(n) grows faster than n ^1/2 for large n.     

Multi-party computation with conversion of secret sharing

Classical results in unconditionally secure multi-party computation (MPC) protocols with a passive adversary indicate that every n-variate function can be computed by n participants, such that no set of size t < n/2 participants learns any additional information other than what they could derive from their private inputs and the output of the protocol. We study unconditionally secure MPC protocols in the presence of a passive adversary in the trusted setup (‘semi-ideal’) model, in which the participants are supplied with some auxiliary information (which is random and independent from the participant inputs) ahead of the protocol execution (such information can be purchased as a “commodity” well before a run of the protocol). We present a new MPC protocol in the trusted setup model, which allows the adversary to corrupt an arbitrary number t < n of participants. Our protocol makes use of a novel subprotocol for converting an additive secret sharing over a field to a multiplicative secret sharing, and can be used to securely evaluate any n-variate polynomial G over a field F, with inputs restricted to non-zero elements of F. The communication complexity of our protocol is O(ℓ · n ²) field elements, where ℓ is the number of non-linear monomials in G. Previous protocols in the trusted setup model require communication proportional to the number of multiplications in an arithmetic circuit for G; thus, our protocol may offer savings over previous protocols for functions with a small number of monomials but a large number of multiplications.     

Ruin problem for an inhomogeneous semicontinuous integer-valued process

For a process ξ(t = ξ₁(t)+χ(t), t≥0, ξ(0) = 0, inhomogeneous with respect to time, we investigate the ruin problem associated with the corresponding random walk in a finite interval, (here, ξ₁ (t) is a homogeneous Poisson process with positive integer-valued jumps and χ(t) is an inhomogeneous lower-semicontinuous process with integer-valued jumps ξ _n ≥-1).     

Moderate Deviations for Random Sums of Heavy-Tailed Random Variables

Let {Xn;n≥ 1} be a sequence of independent non-negative random variables with common distribution function F having extended regularly varying tail and finite mean μ = E（X1） and let {N（t）; t ≥0} be a random process taking non-negative integer values with finite mean λ（t） = E（N（t）） and independent of {Xn; n ≥1}. In this paper, asymptotic expressions of P（（X1 ＋… ＋XN（t）） -λ（t）μ 〉 x） uniformly for x ∈[γb（t）, ∞） are obtained, where γ〉 0 and b（t） can be taken to be a positive function with limt→∞ b（t）/λ（t） = 0.     

Idempotent matrix lattices over distributive lattices

In this paper, the partially ordered set of idempotent matrices over distributive lattices with the partial order induced by a set of lattice matrices is studied. It is proved that this set is a lattice; the formulas for meet and join calculation are obtained. In the lattice of idempotent matrices over a finite distributive lattice, all atoms and coatoms are described. We prove that the lattice of quasi-orders over an n-element set Qord(n) is not graduated for n ≥ 3 and calculate the greatest and least lengths of maximal chains in this lattice. We also prove that the interval ([I, J]_≤, ≤) of idempotent (n × n)-matrices over {ie879-01}-lattices is isomorphic to the lattice of quasi-orders Qord(n). Using this isomorphism, we calculate the lattice height of idempotent {ie879-02}-matrices. We obtain a structural criterion of idempotent matrices over distributive lattices. __________ Translated from Fundamentalnaya i Prikladnaya Matematika, Vol. 13, No. 4, pp. 121–144, 2007.     

Optimal (<Emphasis Type="Italic">k</Emphasis>, <Emphasis Type="Italic">n</Emphasis>) visual cryptographic schemes for general <Emphasis Type="Italic">k</Emphasis>

In (k, n) visual cryptographic schemes (VCS), a secret image is encrypted into n pages of cipher text, each printed on a transparency sheet, which are distributed among n participants. The image can be visually decoded if any k(≥2) of these sheets are stacked on top of one another, while this is not possible by stacking any k − 1 or fewer sheets. We employ a Kronecker algebra to obtain necessary and sufficient conditions for the existence of a (k, n) VCS with a prior specification of relative contrasts that quantify the clarity of the recovered image. The connection of these conditions with an L ₁-norm formulation as well as a convenient linear programming formulation is explored. These are employed to settle certain conjectures on contrast optimal VCS for the cases k = 4 and 5. Furthermore, for k = 3, we show how block designs can be used to construct VCS which achieve optimality with respect to the average and minimum relative contrasts but require much smaller pixel expansions than the existing ones.