Detection of Cheaters in Vector Space Secret Sharing Schemes

A perfect secret sharing scheme is a method of distributing shares of a secret among a set P of participants in such a way that only qualified subsets of P can reconstruct the secret from their shares and non-qualified subsets have absolutely no information on the value of the secret. In a secret sharing scheme, some participants could lie about the value of their shares in order to obtain some illicit benefit. Therefore, the security against cheating is an important issue in the implementation of secret sharing schemes. Two new secret sharing schemes in which cheaters are detected with high probability are presented in this paper. The first one has information rate equal to 1/2 and can be implemented not only in threshold structures, but in a more general family of access structures. We prove that the information rate of this scheme is almost optimal among all schemes with the same security requirements. The second scheme we propose is a threshold scheme in which cheaters are detected with high probability even if they know the secret. The information rate is in this case 1/3 In both schemes, the probability of cheating successfully is a fixed value that is determined by the size of the secret.     

基于MSP秘密共享的（t，n）门限群签名方案

门限群签名是群签名中重要的—类,它是秘钥共享与群签名的有机结合．本文通过文献[5]中的MSP方案（Monotone Span Program）,提出了一种新的门限群签名方案．在本签名方案建立后,只有达到门限的群成员的联合才能生成—个有效的群签名,并且可以方便的加入或删除成员．一旦发生争议,只有群管理员才能确定签名人的身份．该方案能够抵抗合谋攻击：即群中任意一组成员合谋都无法恢复群秘钥k．本方案的安全性基于Gap Diffie-Hellman群上的计算Diffie-Hellmanl可题难解上,因此在计算上是最安全的．     

Efficient hybrid encryption from ID-based encryption

This paper deals with generic transformations from ID-based key encapsulation mechanisms (IBKEM) to hybrid public-key encryption (PKE). The best generic transformation known until now is by Boneh and Katz and requires roughly 704-bit overhead in the ciphertext. We present new generic transformations that are applicable to partitioned IBKEMs. A partitioned IBKEM is an IBKEM that provides some extra structure. Such IBKEMs are quite natural and in fact nearly all known IBKEMs have this additional property. Our first transformation yields chosen-ciphertext secure PKE schemes from selective-ID secure partitioned IBKEMs with a 256-bit overhead in ciphertext size plus one extra exponentiation in encryption/decryption. As the central tool a Chameleon Hash function is used to map the identities. We also propose other methods to remove the use of Chameleon Hash, which may be of independent technical interest. Applying our transformations to existing IBKEMs we propose a number of novel PKE schemes with different trade-offs. In some concrete instantiations the Chameleon Hash can be made “implicit” which results in improved efficiency by eliminating the additional exponentiation. Since our transformations preserve the public verifiability property of the IBE schemes it is possible to extend our results to build threshold hybrid PKE schemes. We show an analogue generic transformation in the threshold setting and present a concrete scheme which results in the most efficient threshold PKE scheme in the standard model.     

On the Dealer's Randomness Required in Secret Sharing Schemes

In this paper we provide upper and lower bounds on the randomness required by the dealer to set up a secret sharing scheme for infinite classes of access structures. Lower bounds are obtained using entropy arguments. Upper bounds derive from a decomposition construction based on combinatorial designs (in particular, t-(v,k,) designs). We prove a general result on the randomness needed to construct a scheme for the cycle Cn; when n is odd our bound is tight. We study the access structures on at most four participants and the connected graphs on five vertices, obtaining exact values for the randomness for all them. Also, we analyze the number of random bits required to construct anonymous threshold schemes, giving upper bounds. (Informally, anonymous threshold schemes are schemes in which the secret can be reconstructed without knowledge of which participants hold which shares.)     

A Linear Algebraic Approach to Metering Schemes

A metering scheme is a method by which an audit agency is able to measure the interaction between servers and clients during a certain number of time frames. Naor and Pinkas (Vol. 1403 of LNCS, pp. 576–590) proposed metering schemes where any server is able to compute a proof (i.e., a value to be shown to the audit agency at the end of each time frame), if and only if it has been visited by a number of clients larger than or equal to some threshold h during the time frame. Masucci and Stinson (Vol. 1895 of LNCS, pp. 72–87) showed how to construct a metering scheme realizing any access structure, where the access structure is the family of all subsets of clients which enable a server to compute its proof. They also provided lower bounds on the communication complexity of metering schemes. In this paper we describe a linear algebraic approach to design metering schemes realizing any access structure. Namely, given any access structure, we present a method to construct a metering scheme realizing it from any linear secret sharing scheme with the same access structure. Besides, we prove some properties about the relationship between metering schemes and secret sharing schemes. These properties provide some new bounds on the information distributed to clients and servers in a metering scheme. According to these bounds, the optimality of the metering schemes obtained by our method relies upon the optimality of the linear secret sharing schemes for the given access structure.     

Lattice-based threshold-changeability for standard CRT secret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a non-standard scheme designed specifically for this purpose, or to have secure channels between shareholders. In contrast, we show how to increase the threshold parameter of the standard CRT secret-sharing scheme without secure channels between the shareholders. Our method can thus be applied to existing CRT schemes even if they were set up without consideration to future threshold increases.Our method is a positive cryptographic application for lattice reduction algorithms, and we also use techniques from lattice theory (geometry of numbers) to prove statements about the correctness and information-theoretic security of our constructions.     

The dynamics of spreading and immune strategies of sexually transmitted diseases on scale-free network

We examine epidemic threshold and dynamics for sexually transmitted diseases (STDs) spread using a multiple susceptible-infected-removed-susceptible ODE model on scale-free networks. We derive the threshold for the epidemic to be zero in infinite scale-free network. For a hard cut off scale-free network, we also prove the stability of disease-free equilibrium and the persistence of STDs infection. The effects of two immunization schemes, including proportional scheme and targeted vaccination, are studied and compared. We find that targeted strategy compare favorably to a proportional scheme in terms of effectiveness. Theory and simulations both prove that an appropriate condom using has prominent effect to control STDs spread on scale-free networks.     

Signcryption schemes with threshold unsigncryption,and applications

The goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.     

Comments on Harn–Lin’s cheating detection scheme

Detection of cheating and identification of cheaters in threshold schemes has been well studied, and several solid solutions have been provided in the literature. This paper analyses Harn and Lin’s recent work on cheating detection and identification of cheaters in Shamir’s threshold scheme. We will show that, in a broad area, Harn–Lin’s scheme fails to detect cheating and even if the cheating is detected cannot identify the cheaters. In particular, in a typical Shamir (t, n)-threshold scheme, where n = 2t − 1 and up to t − 1 of participants are corrupted, their scheme neither can detect nor can identify the cheaters. Moreover, for moderate size of groups their proposed cheaters identification scheme is not practical.     

Optimal Colored Threshold Visual Cryptography Schemes

Visual cryptography schemes allow the encoding of a secret image into n shares which are distributed to the participants. The shares are such that only qualified subsets of participants can visually recover the secret image. Usually the secret image consist of black and white pixels. In colored threshold visual cryptography schemes the secret image is composed of pixels taken from a given set of c colors. The pixels expansion and the contrast of a scheme are two measures of the goodness of the scheme.In this paper, we study c-color (k,n)-threshold visual cryptography schemes and provide a characterization of contrast-optimal schemes. More specifically we prove that there exists a contrast-optimal scheme that is a member of a special set of schemes, which we call canonical schemes, and that satisfy strong symmetry properties.Then we use canonical schemes to provide a constructive proof of optimality, with respect to the pixel expansion, of c-color (n,n)-threshold visual cryptography schemes.Finally, we provide constructions of c-color (2,n)-threshold schemes whose pixels expansion improves on previously proposed schemes.*This author is also a member of the Akamai Faculty Group, Akamai Technologies, 8 Cambridge center, Cambridge, MA 02142, USA.     

Pulse and constant control schemes for epidemic models with seasonality

Control schemes for infectious disease models with time-varying contact rate are analyzed. First, time-constant control schemes are introduced and studied. Specifically, a constant treatment scheme for the infected is applied to a SIR model with time-varying contact rate, which is modelled by a switching parameter. Two variations of this model are considered: one with waning immunity and one with progressive immunity. Easily verifiable conditions on the basic reproduction number of the infectious disease are established which ensure disease eradication under these constant control strategies. Pulse control schemes for epidemic models with time-varying contact rates are also studied in detail. Both pulse vaccination and pulse treatment models are applied to a SIR model with time-varying contact rate. Further, a vaccine failure model as well as a model with a reduced infective class are considered with pulse control schemes. Again, easily verifiable conditions on the basic reproduction number are developed which guarantee disease eradication. Some simulations are given to illustrate the threshold theorems developed.     

An explication of secret sharing schemes

This paper is an explication of secret sharing schemes, emphasizing combinatorial construction methods. The main problem we consider is the construction of perfect secret sharing schemes, for specified access structures, with the maximum possible information rate.In this paper, we present numerous direct constructions for secret sharing schemes, such as the Shamir threshold scheme, the Boolean circuit construction of Benaloh and Leichter (for general access structures), the vector space construction of Brickell, and the Simmons geometric construction. We discuss the connections between ideal schemes (i.e., those with information rate equal to one) and matroids. We also mention the entropy bounds of Capocelli et al. Then we give a very general construciton, called the decomposition construction, and numerous applications of it. In particular, we study schemes for access structures based on graphs and the many interesting bounds that can be proved; and we determine the exact value of the optimal information rate for all access structures on at most four participants.Research supported by NSERC (Canada) grant A9287.     

Ideal ramp schemes and augmented orthogonal arrays

Ramp schemes were invented in 1985 by C.R. Blakley and C. Meadows. An $(s,t,n)$-ramp scheme is a generalization of a threshold scheme in which there are two thresholds. Recently, D.R. Stinson established the equivalence of ideal ramp schemes and augmented orthogonal arrays. In this study, some new construction methods for augmented orthogonal arrays are presented and then some new augmented orthogonal arrays are obtained; furthermore, we also provide parameter situations where ideal ramp schemes exist for these obtained augmented orthogonal arrays.     

A new hypothesis concerning children’s fractional knowledge

The basic hypothesis of the teaching experiment, The Child’s Construction of the Rational Numbers of Arithmetic (Steffe & Olive, 1990) was that children’s fractional schemes can emerge as accommodations in their numerical counting schemes. This hypothesis is referred to as the reorganization hypothesis because when a new scheme is established by using another scheme in a novel way, the new scheme can be regarded as a reorganization of the prior scheme. In that case where children’s fractional schemes do emerge as accommodations in their numerical counting schemes, I regard the fractional schemes as superseding their earlier numerical counting schemes. If one scheme supersedes another, that does not mean the earlier scheme is replaced by the superseding scheme. Rather, it means that the superseding scheme solves the problems the earlier scheme solved but solves them better, and it solves new problems the earlier scheme didn’t solve. It is in this sense that we hypothesized children’s fractional schemes can supersede their numerical counting schemes and it is the sense in which we regarded numerical schemes as constructive mechanisms in the production of fractional schemes (Kieren, 1980).     

Constructions for Anonymous Secret Sharing Schemes Using Combinatorial Designs

In an anonymous secret sharing scheme the secret can be reconstructed without knowledge ofwhich participants hold which shares.In this paper some constructions of anonymous secret sharing schemeswith 2 thresholds by using combinatorial designs are given.Let v(t,w,q)denote the minimum size of the setof shares of a perfect anonymous(t,w)threshold secret sharing scheme with q secrets.In this paper we provethat v(t,w,q)=(q)if t and w are fixed and that the lower bound of the size of the set of shares in[4]is notoptimal under certain condition.     

Commutative Association Schemes Whose Symmetrizations Have Two Classes

If a symmetric association scheme of class two is realized as the symmetrization of a commutative association scheme, then it either admits a unique symmetrizable fission scheme of class three or four, or admits three fission schemes, two of which are class three and one is of class four. We investigate the classification problem for symmetrizable (commutative) association schemes of two-class symmetric association schemes. In particular, we give a classification of association schemes whose symmetrizations are obtained from completely multipartite strongly regular graphs in the notion of wreath product of two schemes. Also the cyclotomic schemes associated to Paley graphs and their symmetrizable fission schemes are discussed in terms of their character tables.     

Character Tables of Association Schemes Based on Attenuated Spaces

The set of subspaces of a given dimension in an attenuated space has a structure of a symmetric association scheme and this association scheme is called an association scheme based on an attenuated space. Association schemes based on attenuated spaces are generalizations of Grassmann schemes and bilinear forms schemes, and also q-analogues of nonbinary Johnson schemes. Wang, Guo, and Li computed the intersection numbers of association schemes based on attenuated spaces. The aim of this paper is to compute character tables of association schemes based on attenuated spaces using the method of Tarnanen, Aaltonen, and Goethals. Moreover, we also prove that association schemes based on attenuated spaces include as a special case the m-flat association scheme, which is defined on the set of cosets of subspaces of a constant dimension in a vector space over a finite field.     

Efficient Rabin-type Digital Signature Scheme

Rabin's cryptosystem was proved to be as hard as factorization. However, Rabin's digital signature schemes is probabilistic. This paper shows two efficient Rabin type digital signature schemes, a basic scheme and an improved scheme. Both schemes run much faster than Rabin's scheme. They are deterministic and the size of a signature is much smaller than that of a signature in Rabin's scheme. Furthermore, it is proved that, by applying the technique of Bellare and Rogaway, the proposed scheme is secure against chosen plaintext attack. More precisely, breaking the proposed digital signature scheme by chosen plaintext attack is as hard as factoring N.     

Unconditional stability of parallel alternating difference schemes for semilinear parabolic systems

The general alternating schemes with intrinsic parallelism for semilinear parabolic systems are studied. First we prove the a priori estimates in the discrete H¹ space of the difference solution for these schemes. Then the existence of the difference solution for these schemes follows from the fixed point principle. Finally the unconditional stability of the general alternating schemes is proved. The alternating group explicit scheme, the alternating segment explicit–implicit scheme and the alternating segment Crank–Nicolson scheme are the special cases of the general alternating schemes.     

求解双曲型方程的一致二阶守恒型差分格式的构造及数值实验

由于TVD格式具有激波分辨率高与非物理振荡小的特点,在气体动力学问题的求解中得到了广泛的应用.但现有的TVD格式受其构造方式所限,在解的局部极值点附近只能达到一阶精度. 考虑以下单个双曲型方程: