• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE Transactions on Information Theory >Verifiably Multiplicative Secret Sharing
【24h】

Verifiably Multiplicative Secret Sharing

机译:可判断乘法分享

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

A d-multiplicative secret sharing (d-MSS) scheme allows the players to multiply d shared secrets without recovering the secrets by converting their shares locally into an additive sharing of the product. It has been proved that the d-MSS among n players is possible if and only if no d unauthorized sets of players cover the whole set of players (type Q(d)). Although this result implies some limitations on SS in the context of MPC, the d-multiplicative property is still useful for simplifying complex tasks of MPC by computing the product of d field elements directly and non-interactively without any setup. This paper aims to improve the usefulness of the d-MSS by enhancing the security against malicious adversaries. First, we introduce the notion of verifiably multiplicative SS, verifiably MSS for short, which is mainly formalized for detecting malicious behaviors. Informally, an SS scheme is verifiably d-multiplicative if the scheme is d-multiplicative and further enables the players to locally generate a share of a proof that the summed value is correct (i.e., the product of d shared secrets). Secondly, we prove that there is no error-free verifiably MSS scheme whose decoder of the proof is additive, and that by accepting an error probability that can be chosen arbitrarily, there exists a verifiably d-MSS scheme realizing a given access structure if and only if the access structure is of type Q(d). In the proposed construction, each share of a proof consists of only two field elements. This result means that we can efficiently achieve the optimal resiliency of the standard d-MSS even against malicious adversaries. We note that by allowing a general class of decoders that includes a linear one, there is an error-free verifiably d-MSS scheme if the access structure is of type Q(d+1). Finally, we generalize the d-multiplicative property to a d-or-less version where the number d' of multiplied secrets with d' <= d is not known in advance. We show that a d-or-less MSS scheme can be constructed from any d-MSS scheme of the same access structure with a constant overhead, and the feasibility of (verifiably) d-MSS implies that of (verifiably) d-or-less MSS.
机译:D型乘法秘密共享(D-MSS)方案允许玩家将D分为分享秘密乘以通过本地将其共享转换为产品的添加性共享而恢复秘密。已经证明,如果且仅在没有未经授权的播放器组覆盖整组播放器(类型Q(D))中,则可以使用N个玩家中的D-MSS。虽然该结果在MPC的上下文中暗示了SS的一些限制,但是D型乘法属性仍然用于通过直接和非交互性地计算D场元素的乘积来简化MPC的复杂任务。本文旨在通过加强对恶意对手的安全性来改善D-MS的有用性。首先,我们介绍可判断乘法的SS的概念,可判断的MSS短,这主要是为了检测恶意行为而正式化。非正式地,如果方案是D乘法,则判断SS方案是可判断的d-乘法,并且进一步使玩家能够在本地生成概括值是正确的证明(即,D共享秘密的乘积)的份额。其次,我们证明没有任何无差错的可判断验证的MSS方案,其解码器证明是附加的,并且通过接受可以任意选择的误差概率,存在可判定的D-MSS方案,即如果和验证的D-MSS方案则实现给定的访问结构只有访问结构是Q(D)类型的。在拟议的建筑中,每个份额的证据仅包括两个现场元素。该结果意味着我们即使针对恶意对手,我们也可以有效地实现标准D-MS的最佳弹性。我们注意到,如果访问结构是Q(D + 1)的访问结构,则通过允许包括线性α的一般验证的D-MSS方案存在无差无差错的D-MSS方案。最后,我们将D乘法属性概括为D-verlow的版本,其中乘以d'<= d的乘法D'是预先知道的。我们表明,可以从具有恒定开销的相同访问结构的任何D-MSS方案构成D-vers的MS方案,并且(可判断)D-MS的可行性意味着(可判断)D-或 - 少于女士。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号