International Conference on Cryptology and Network Security

Cryptology and Network Security pp 43-58 | Cite as

Security of Linear Secret-Sharing Schemes Against Mass Surveillance

  • Irene Giacomelli
  • Ruxandra F. Olimid
  • Samuel Ranellucci
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9476)

Abstract

Following the line of work presented recently by Bellare, Paterson and Rogaway, we formalize and investigate the resistance of linear secret-sharing schemes to mass surveillance. This primitive is widely used to design IT systems in the modern computer world, and often it is implemented by a proprietary code that the provider (“big brother") could manipulate to covertly violate the privacy of the users (by implementing Algorithm-Substitution Attacks or ASAs). First, we formalize the security notion that expresses the goal of big brother and prove that for any linear secret-sharing scheme there exists an undetectable subversion of it that efficiently allows surveillance. Second, we formalize the security notion that assures that a sharing scheme is secure against ASAs and construct the first sharing scheme that meets this notion.

Keywords

Linear secret-sharing Algorithm-substitution attack Mass surveillance Kleptography 

References

  1. 1.
    Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014) Google Scholar
  2. 2.
    Subbiah, A., Blough, D.M.: An approach for fault tolerant and secure data storage in collaborative work environments. In: StorageSS, pp. 84–93 (2005)Google Scholar
  3. 3.
    Storer, M.W., Greenan, K.M., Miller, E.L., Voruganti, K.: Potshards - a secure, recoverable, long-term archival storage system. TOS 5(2), 5 (2009)CrossRefGoogle Scholar
  4. 4.
    Wylie, J.J., Bigrigg, M.W., Strunk, J.D., Ganger, G.R., Kiliççöte, H., Khosla, P.K.: Survivable information storage systems. Computer 33(8), 61–68 (2000)CrossRefGoogle Scholar
  5. 5.
    Cleversafe. http://www.cleversafe.com/ Accessed September 2015
  6. 6.
    Dyadic. https://www.dyadicsec.com/ Accessed September 2015
  7. 7.
    Young, A., Yung, M.: The dark side of “black-box” cryptography, or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996) Google Scholar
  8. 8.
    Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  9. 9.
    Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  10. 10.
    Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Advances in Cryptology, Proceedings of CRYPTO 1983, Santa Barbara, California, USA, pp. 51–67, 21–24 August 1983Google Scholar
  11. 11.
    Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: Cryptology ePrint Archive, Report 2015/517 (2015). http://eprint.iacr.org/. (to apper in Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security)
  12. 12.
    Giacomelli, I., Olimid, R.F., Ranellucci, S.: Security of linear secret-sharing schemes against mass surveillance. In: Cryptology ePrint Archive, Report 2015/683 (2015). http://eprint.iacr.org/
  13. 13.
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  14. 14.
    Rogaway, P., Bellare, M.: Robust computational secret sharing and a unified account of classical secret-sharing goals. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, pp. 172–184, 28–31 October 2007Google Scholar
  15. 15.
    Gabizon, A., Raz, R., Shaltiel, R.: Deterministic extractors for bit-fixing sources by obtaining an independent seed. SIAM J. Comput. 36(4), 1072–1094 (2006)MATHMathSciNetCrossRefGoogle Scholar
  16. 16.
    Kamp, J., Zuckerman, D.: Deterministic extractors for bit-fixing sources and exposure-resilient cryptography. SIAM J. Comput. 36(5), 1231–1247 (2007)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    Naccache, D., Stern, J.: A new public-key cryptosystem. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 27–36. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  19. 19.
    Chevallier-Mames, B., Naccache, D., Stern, J.: Linear bandwidth naccache-stern encryption. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 327–339. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  20. 20.
    Bogdanov, A., Viola, E.: Pseudorandom bits for polynomials. SIAM J. Comput. 39(6), 2464–2486 (2010)MATHMathSciNetCrossRefGoogle Scholar
  21. 21.
    Viola, E.: The sum of D small-bias generators fools polynomials of degree D. Comput. Complex. 18(2), 209–217 (2009)MATHMathSciNetCrossRefGoogle Scholar
  22. 22.
    Wang, L., Hu, Z.: New sequences of period \(p^n\) and \(p^{n + 1}\) via projective linear groups. In: Information Security and Cryptology - 8th International Conference, Inscrypt 2012, Beijing, China, Revised Selected Papers, pp. 311–330, 28–30 November 2012Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Irene Giacomelli
    • 1
  • Ruxandra F. Olimid
    • 2
  • Samuel Ranellucci
    • 1
  1. 1.Department of Computer ScienceAarhus UniversityAarhusDenmark
  2. 2.Department of Computer ScienceUniversity of Bucharest, Romania and Applied Cryptography Group, OrangeBucharestRomania

Personalised recommendations