Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors

  • Ronald Cramer
  • Yevgeniy Dodis
  • Serge Fehr
  • Carles Padró
  • Daniel Wichs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4965)


Consider an abstract storage device \(\Sigma(\mathcal{G})\) that can hold a single element x from a fixed, publicly known finite group \(\mathcal{G}\). Storage is private in the sense that an adversary does not have read access to \(\Sigma(\mathcal{G})\) at all. However, \(\Sigma(\mathcal{G})\) is non-robust in the sense that the adversary can modify its contents by adding some offset \(\Delta \in \mathcal{G}\). Due to the privacy of the storage device, the value Δ can only depend on an adversary’s a priori knowledge of x. We introduce a new primitive called an algebraic manipulation detection (AMD) code, which encodes a source s into a value x stored on \(\Sigma(\mathcal{G})\) so that any tampering by an adversary will be detected. We give a nearly optimal construction of AMD codes, which can flexibly accommodate arbitrary choices for the length of the source s and security level. We use this construction in two applications:

  • We show how to efficiently convert any linear secret sharing scheme into a robust secret sharing scheme, which ensures that no unqualified subset of players can modify their shares and cause the reconstruction of some value s′ ≠ s.

  • We show how to build nearly optimal robust fuzzy extractors for several natural metrics. Robust fuzzy extractors enable one to reliably extract and later recover random keys from noisy and non-uniform secrets, such as biometrics, by relying only on non-robust public storage. In the past, such constructions were known only in the random oracle model, or required the entropy rate of the secret to be greater than half. Our construction relies on a randomly chosen common reference string (CRS) available to all parties.


Secret Sharing Secret Sharing Scheme Message Authentication Code Random Oracle Model Entropy Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Brassard, G., Broadbent, A., Fitzsimons, J., Gambs, S., Tapp, A.: Anonymous quantum communication. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Broadbent, A., Tapp, A.: Information-theoretic security without an honest majority. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Blundo, C., De Santis, A.: Lower bounds for robust secret sharing schemes. Information Processing Letters 63(6) (1997)Google Scholar
  4. 4.
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Boyen, X.: Reusable cryptographic fuzzy extractors. In: 11th ACM Conference on Computer and Communication Security, ACM Press, New York (2004)Google Scholar
  6. 6.
    Cabello, S., Padró, C., Sáez, G.: Secret sharing schemes with detection of cheaters for a general access structure. Designs, Codes and Cryptography 25, 175–188 (2002); In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 175–188. Springer, Heidelberg (1997) CrossRefzbMATHGoogle Scholar
  7. 7.
    Cramer, R., Damgård, I.B., Fehr, S.: On the cost of reconstructing a secret, or VSS with optimal reconstruction phase. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)Google Scholar
  8. 8.
    Cramer, R., Dodis, Y., Fehr, S., Padró, C. Wichs, D.: Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors. Technical Reports 2008/030, Cryptology ePrint archive,
  9. 9.
    Dodis, Y.: Exposure Resillient Cryptography. Ph.D. Thesis, MIT (2000)Google Scholar
  10. 10.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Technical Report 2003/235, Cryptology ePrint archive, Previous version appeared at EUROCRYPT 2004,
  11. 11.
    Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Spencer, J.: On the (non-)universality of the one-time pad. In: 43rd Annual Symposium on Foundations of Computer Science, pp. 376–385. IEEE, Los Alamitos (2002)Google Scholar
  13. 13.
    Desmedt, Y., Wang, Y.: Perfectly secure message transmission revisited. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, Springer, Heidelberg (1993)Google Scholar
  14. 14.
    Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. Journal of the ACM 40(1) (1993)Google Scholar
  15. 15.
    Karchmer, M., Wigderson, A.: On span programs. In: 8th Annual Conference on Structure in Complexity Theory (SCTC 1993), IEEE, Los Alamitos (1993)Google Scholar
  16. 16.
    Krawczyk, H.: Distributed fingerprints and secure information dispersal. In: 12th ACM Symposium on Principles of Distributed Computing (PODC), ACM Press, New York (1993)Google Scholar
  17. 17.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–53 (1996)CrossRefMathSciNetzbMATHGoogle Scholar
  18. 18.
    Obana, S., Araki, T.: Almost Optimum Secret Sharing Schemes Secure Against Cheating for Arbitrary Secret Distribution. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Ogata, W., Kurosawa, K.: Optimum secret sharing scheme secure against cheating. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Ogata, W., Kurosawa, K., Stinson, D.R., Saido, H.: New combinatorial designs and their applications to authentication codes and secret sharing schemes. Discrete Mathematics 279, 383–405 (2004)CrossRefMathSciNetzbMATHGoogle Scholar
  21. 21.
    Padró, C., Sáez, G., Villar, J.L.: Detection of cheaters in vector space secret sharing schemes. Designs, Codes and Cryptography 16, 75–85 (1999)CrossRefzbMATHGoogle Scholar
  22. 22.
    Padró, C.: Robust vector space secret sharing schemes. Information Processing Letters 68, 107–111 (1998)CrossRefMathSciNetGoogle Scholar
  23. 23.
    Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM 36(2) (1989)Google Scholar
  24. 24.
    Shamir, A.: How to share a secret. Communications of the Association for Computing Machinery 22(11) (1979)Google Scholar
  25. 25.
    Simmons, G.J.: Authentication theory/Coding Theory. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, Springer, Heidelberg (1985)CrossRefGoogle Scholar
  26. 26.
    Tompa, M., Woll, H.: How to share a secret with cheaters. Journal of Cryptology 1(3) (1988)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ronald Cramer
    • 1
    • 2
  • Yevgeniy Dodis
    • 3
  • Serge Fehr
    • 2
  • Carles Padró
    • 4
  • Daniel Wichs
    • 3
  1. 1.Mathematical InstituteLeiden UniversityThe Netherlands
  2. 2.CWI AmsterdamThe Netherlands
  3. 3.New York University 
  4. 4.Universitat Politècnica de CatalunyaBarcelonaSpain

Personalised recommendations