CryptoDB

Paper: Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals

Authors: Mihir Bellare Phillip Rogaway URL: http://eprint.iacr.org/2006/449 Search ePrint Search Google We give a unified account of classical secret-sharing goals from a modern cryptographic vantage. Our treatment encompasses perfect, statistical, and computational secret sharing; static and dynamic adversaries; schemes with or without robustness; schemes where a participant recovers the secret and those where an external party does so. We then show that Krawczyk's 1993 protocol for robust computational secret sharing (RCSS) need not be secure, even in the random-oracle model and for threshold schemes, if the encryption primitive it uses satisfies only one-query indistinguishability (ind1), the only notion Krawczyk defines. Nonetheless, we show that the protocol is secure (in the random-oracle model, for threshold schemes) if the encryption scheme also satisfies one-query key-unrecoverability (key1). Since practical encryption schemes are ind1+key1 secure, our result effectively shows that Krawczyk's RCSS protocol is sound (in the random-oracle model, for threshold schemes). Finally, we prove the security for a variant of Krawczyk's protocol, in the standard model and for arbitrary access structures, assuming ind1 encryption and a statistically-hiding, weakly-binding commitment scheme.
BibTeX
@misc{eprint-2006-21940,
title={Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols / secret sharing},
url={http://eprint.iacr.org/2006/449},
note={ rogaway@cs.ucdavis.edu 13745 received 28 Nov 2006, last revised 20 Aug 2007},
author={Mihir Bellare and Phillip Rogaway},
year=2006
}