当前位置: X-MOL 学术Inf. Process. Lett. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Security analysis of a dynamic threshold secret sharing scheme using linear subspace method
Information Processing Letters ( IF 0.7 ) Pub Date : 2020-07-09 , DOI: 10.1016/j.ipl.2020.105994
Sadegh Jamshidpour , Zahra Ahmadian

A dealer-free and non-interactive dynamic threshold secret sharing scheme has been proposed by Harn and Hsu in Information Processing Letters in 2015. In this scheme, a (t,n) secret sharing scheme in secret sharing phase can turn into a (m,n) scheme in secret reconstruction phase, where m is the number of participating shareholders. It has been claimed that the secrecy of shares and the secrecy of the secret are unconditionally preserved if m(t,1+t(t+1)/2].

This paper provides a security analysis of this scheme by introducing two attacks. In the first attack, we show that this scheme does not have the dynamic threshold property. In more details, any t+1 released values are sufficient to reconstruct the secret, while the updated threshold has any larger value. In the second attack, we show that any t+1 released values are sufficient to forge the released value of a non-participating shareholder. The technique enjoyed for these attacks is the linear subspace cryptanalysis. It basically measures the information leaked by the known parameters of the scheme by computing the dimension of the linear subspace spanned by these parameters. This method has shown to be capable of cryptanalysis of some secret sharing based schemes, whose security relies on keeping the coefficients of the underlying polynomial(s) secret.



中文翻译:

动态阈值秘密共享方案的线性子空间方法安全性分析

Harn和Hsu在2015年的《信息处理快报》中提出了一种无交易商且非交互的动态阈值秘密共享方案。 Ťñ 秘密共享阶段的秘密共享方案可以变成 ñ秘密重建阶段的计划,其中m是参与股东的数量。据称,如果以下情况被无条件地保留,股票的秘密和秘密的秘密:Ť1个+ŤŤ+1个/2]

本文通过介绍两种攻击来对该方案进行安全性分析。在第一次攻击中,我们表明此方案不具有动态阈值属性。更详细地讲,任何Ť+1个释放的值足以重建秘密,而更新的阈值则具有更大的值。在第二次攻击中,我们表明Ť+1个释放的价值足以伪造非参与股东的释放价值。这些攻击享有的技术是线性子空间密码分析。它基本上是通过计算由这些参数跨越的线性子空间的维数来测量该方案的已知参数所泄漏的信息。该方法已显示出能够对某些基于秘密共享的方案进行密码分析,其方案的安全性取决于将基础多项式的系数保持秘密。

更新日期:2020-07-09
down
wechat
bug