Abstract
Proactive secret sharing has been proposed by Herzberg, Jarecki, Krawczyk, and Yung (CRYPTO’95) and is a powerful tool for storing highly confidential data. However, their scheme is not designed for storing large data and communication and computation costs scale linearly with the data size. In this paper we propose a variant of their scheme that uses concise vector commitments. We show that our new scheme, when instantiated with a variant of the Pedersen commitment scheme (CRYPTO’92), reduces computation costs by up to \(50\%\) and broadcast communication costs by a factor of L, where L is the length of the commitment message vectors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baron, J., Defrawy, K.E., Lampkins, J., Ostrovsky, R.: Communication-optimal proactive secret sharing for dynamic groups. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 23–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_2
Baron, J., El Defrawy, K., Lampkins, J., Ostrovsky, R.: How to withstand mobile virus attacks, revisited. In: Proceedings of the 2014 ACM Symposium on Principles of Distributed Computing, PODC 2014, pp. 293–302. ACM, New York (2014). https://doi.org/10.1145/2611462.2611474. http://doi.acm.org/10.1145/2611462.2611474
Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. Cryptology ePrint Archive, Report 2004/331 (2004). https://eprint.iacr.org/2004/331
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25
Blakley, G.R.: Safeguarding cryptographic keys. In: International Workshop on Managing Requirements Knowledge (AFIPS), December 1979. https://doi.org/10.1109/AFIPS.1979.98. doi.ieeecomputersociety.org/10.1109/AFIPS.1979.98
Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous verifiable secret sharing and proactive cryptosystems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 88–97. ACM, New York (2002). https://doi.org/10.1145/586110.586124. http://doi.acm.org/10.1145/586110.586124
Catalano, D., Fiore, D.: Vector commitments and their applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 55–72. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_5
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9. http://www.sciencedirect.com/science/article/pii/0022000084900709
Groth, J.: Linear algebra with sub-linear zero-knowledge arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 192–208. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_12
Gupta, V.H., Gopinath, K.: \(g_{its}^2\) VSR: an information theoretical secure verifiable secret redistribution protocol for long-term archival storage. In: Fourth International IEEE Security in Storage Workshop, pp. 22–33, September 2007. https://doi.org/10.1109/SISW.2007.11
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_27
Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177–194. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_11
Nikov, V., Nikova, S.: On proactive secret sharing schemes. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 308–325. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_22
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9
Sadeghi, A.-R., Steiner, M.: Assumptions related to discrete logarithms: why subtleties make a real difference. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 244–261. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_16
Schultz, D., Liskov, B., Liskov, M.: MPSS: mobile proactive secret sharing. ACM Trans. Inf. Syst. Secur. 13(4), 341–3432 (2010). https://doi.org/10.1145/1880022.1880028. http://doi.acm.org/10.1145/1880022.1880028
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176. http://doi.acm.org/10.1145/359168.359176
Wong, T.M., Wang, C., Wing, J.M.: Verifiable secret redistribution for archive systems. In: Proceedings of the First International IEEE Security in Storage Workshop, pp. 94–105, December 2002. https://doi.org/10.1109/SISW.2002.1183515
Zhou, L., Schneider, F.B., Van Renesse, R.: APSS: proactive secret sharing in asynchronous systems. ACM Trans. Inf. Syst. Secur. 8(3), 259–286 (2005). https://doi.org/10.1145/1085126.1085127. http://doi.acm.org/10.1145/1085126.1085127
Acknowledgments
This work has been co-funded by the DFG as part of project S6 within the CRC 1119 CROSSING.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proofs
A Proofs
Proof
(Proof of Theorem 4). Let \(\mathbb {G}\) be a finite cyclic group, p be the order of \(\mathbb {G}\), and \(L \in \mathbb {N}\), \(\mathsf {DLVC}_{\mathbb {G},L} = (L, \mathsf {GEN}(\mathbb {G})^L,\mathbb {Z}_p,\mathbb {G},\mathbb {Z}_p,\mathsf {Setup},\mathsf {Commit},\mathsf {Open})\), and \(m = (m_1,\ldots ,m_L) \in \mathbb {Z}_p^L\).
We observe that for \(\mathsf {Setup}() \rightarrow \rho \), we have \(\rho =(g_0,\ldots ,g_L) \in \mathsf {GEN}(\mathbb {G})^L\). Furthermore, we observe that if \(\mathsf {Commit}(\rho ,m) \rightarrow (c,d)\), then \(c = \mathsf {EXP}(g_0,d) \circ \bigcirc _{i=1}^L \mathsf {EXP}(g_i,m_i)\). It follows that \(\mathsf {Open}(\rho ,m,c,d)=1\). \(\square \)
Proof
(Proof of Theorem 5). Let \(\mathbb {G}\) be a finite cyclic group associated with operation \(\circ \), \(L \in \mathbb {N}\), and \(\mathsf {DLVC}_{\mathbb {G},L} = (L,\mathsf {GEN}(\mathbb {G})^L,\mathbb {Z}_p,\mathbb {G},\mathbb {Z}_p,\mathsf {Setup},\mathsf {Commit},\mathsf {Open})\). We observe that for all \(\rho \in \mathsf {GEN}(\mathbb {G})^L\), \(m \in \mathbb {Z}_p^L\), \(c^* \in \mathbb {G}\), by the definition of \(\mathsf {Commit}\) and because g is a generator, we have
where \(\rho =(g_0,\ldots ,g_L)\) and \(m = (m_1,\ldots ,m_L)\). \(\square \)
Proof
(Proof of Theorem 6). The following proof is adapted from Section 2.3.2 of [6].
Let \(\mathbb {G}\) be a finite cyclic group of prime order p, \(\mathsf {DLVC}_{\mathbb {G},L} = (L,\mathsf {GEN}(\mathbb {G})^L,\mathbb {Z}_p,\mathbb {G},\mathbb {Z}_p,\mathsf {Setup},\mathsf {Commit},\mathsf {Open})\), \(g \in \mathsf {GEN}(\mathbb {G})\), \(\tau \in \mathbb {N}\), and \(\mathcal {A}\in \mathsf {Algo}(\tau )\). In the following, we prove an upper bound on
Let \(\mathcal {B}\) be an algorithm that takes as input \(y \in \mathbb {G}\) and works as follows. Sample \(U(\mathbb {Z}_p) \rightarrow a_0\) and for \(i \in [L]\), \(U(\mathbb {Z}_p^2) \rightarrow (a_i, b_i)\). Compute \(g_0 \leftarrow \mathsf {EXP}(g,a_0)\) and for \(i \in [L]\), \(g_i \leftarrow \mathsf {EXP}(g,a_i) \circ \mathsf {EXP}(y, b_i)\). Run \(\mathcal {A}((g_0,\ldots ,g_L)) \rightarrow (c, m, d, m', d')\). If \(\mathsf {Open}(\rho ,m,c,d) = 0\) or \(\mathsf {Open}(\rho ,m',c,d') = 0\), output \(\bot \). Otherwise, proceed as follows. Let \(m = (m_0,\ldots ,m_L) \in \mathbb {Z}_p^L\) and \(m' = (m'_0,\ldots ,m'_L) \in \mathbb {Z}_p^L\). Compute \(a \leftarrow a_0(d-d') + \sum _{i \in [L]} a_i (m_i- m'_i)\) and \(b \leftarrow \sum _{i \in [L]} b_i(m'_i- m_i)\). If \(b=0\), output \(\bot \). Otherwise, compute \(x \leftarrow \frac{a}{b}\) and output x.
We observe that because the \(a_i\)’s are uniformly distributed and g is a generator, the \(g_i\)’s are also uniformly distributed. This means that \((g_0,\ldots ,g_L)\) has the same distribution as \(\rho \) generated by \(\mathsf {Setup}()\). It follows that
Using sigma additivity we write
The first term is upper-bounded by \(\frac{1}{p}\), as can be seen as follows:
Next we prove that the second term is upper-bounded by
We observe that if \(b \ne 0\), then \(\mathsf {Open}(\rho , m, c, d) = 1\), \(\mathsf {Open}(\rho , m', c, d') = 1\), \(m \ne m'\), and
It follows that
By the fact that \(b=0\) implies \(x=\bot \) and \(\mathsf {EXP}(g, \bot ) \not \in \mathbb {G}\), we have
In summary, we obtain
Finally, we observe that the running time of \(\mathcal {B}\) is upper-bounded by \(\tau + \alpha \), where \(\alpha \) is the constant difference between the running time of \(\mathcal {B}\) and the running time of \(\mathcal {A}\). It follows that if \(\mathsf {DLOG}(\mathbb {G},g)\) is \(\epsilon \)-hard, then \(\mathsf {DLVC}_{\mathbb {G},L}\) is \(\epsilon '\)-binding-secure with
\(\square \)
Proof
(Proof of Theorem 7). Let \(\mathbb {G}\) be a finite cyclic group, \(L \in \mathbb {N}\), and \(\mathsf {DLVC}_{\mathbb {G},L} = (L,\mathsf {GEN}(\mathbb {G})^L,\mathbb {Z}_p,\mathbb {G},\mathbb {Z}_p,\mathsf {Setup},\mathsf {Commit},\mathsf {Open})\). Let \(\circ \) denote the operation associated with \(\mathbb {G}\), \(+\) and \(*\) denote addition and multiplication over \(\mathbb {Z}_p\), and \(\oplus \) denote addition over \(\mathbb {Z}_p^L\). We observe that for any \(\rho \in \mathcal {P}\), \((m_1, c_1,d_1)\in \mathtt {COMS}(\rho )\), and \((m_2, c_2,d_2) \in \mathtt {COMS}(\rho )\) we have that
\(\square \)
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Geihs, M., Schabhüser, L., Buchmann, J. (2019). Efficient Proactive Secret Sharing for Large Data via Concise Vector Commitments. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-16458-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16457-7
Online ISBN: 978-3-030-16458-4
eBook Packages: Computer ScienceComputer Science (R0)