Secret Sharing Schemes using Visual Cryptography

1
Secret Sharing Schemesusing Visual Cryptography

• A. Sreekumar
• Department of Computer Applications
• Cochin University of Science And Technology
• Email address sreekumarcusat.ac.in

2
Objectives

• What are Secret Sharing Schemes
• Applications of Secret Sharing Schemes
• Classification of Secret Sharing Schemes
• Basic idea behind Secret Sharing Schemes
• Different methods for Secret Sharing Schemes
• Different Schemes

3
Keywords

• Share
• Access Structure
• Prohibited Structure
• Threshold
• Visual Cryptography
• Block Design

4
Introduction

• Secret Sharing Schemes
• Secret sharing schemes enable a dealer,
  holding a secret piece of information, to
  distribute this secret among n participants such
  a way that only some predefined authorized
  subsets of participants can reconstruct the
  secret from their shares and others learn nothing
  about it.
• Access Structure
• Let P be the set of participants. The
  collection of subsets of participants that can
  reconstruct the secret in this way is called
  access structure (denoted by ?).

5

• Prohibited Structure
• The collection of subsets of participants
  that cannot reconstruct the secret is called
  prohibited structure (denoted by ?).
• Natural restrictions
• The natural restriction is that ? is
  monotonic increasing, and ? is monotonic
  decreasing, that is
• if A ? ? and A ? B ? P, then B ? ? , and
  
• if A ? ? and B ? A ? P, then B ? ?.
• It is unrealistic to believe other schemes
  exist.
• If ? 2P \ ? , then we say the structure
  (?,?) is complete

6

• Threshold Schemes
• ? A A ? P and A ? m and
• ? A A ? P and A ? m-1,
• the secret sharing scheme is called an
• (m, n)-threshold scheme, where P n.
• i.e., secret can be reconstructed if any m
  or more shares are available.
• Perfect Scheme
• A secret scheme is perfect if any set of
  participants in the prohibited structure ?
  obtains no information regarding the secret

7
Applications of Secret Sharing Schemes

• Secure information storage
• Key establishment on Smart cards
• Safeguard cryptographic keys from loss
• Purely Mathematical importance
• Password protection

8
Secure information storage

• Most of the business organizations need to
  protect the data from disclosure. As the world is
  more connected by computers, the hackers, power
  abusers are also increased and most organization
  afraid to store data in a computer. So there is a
  need of a method to distribute the data at
  several places and destroy the original one. When
  a need of original data arises, it could be
  reconstructed from the distributed shares

9
Example Let the secret be attack Suppose
there are five participants, A through E.Let the
secret is encoded as 00 19 19 00 02 10Generate
4 rows of 6 random numbers between 0..25
10
A 09 13 17 02 24 07B 21 11 08 05 14 23C
06 12 14 03 20 12D 10 05 11 25 19 04 Here E
is found such a way thatej s - (aj bj cj
dj)(26). E 06 04 21 17 03 16 The secret can
be computed as aj bj cj dj ej (26)S 00
19 19 00 02 10
11
A J N R C Y H B V L I F O X C G M O D U
MD K F B Z T EE G E V R D QHere all the
shares are necessary to reconstruct the secret.
But, generally it need not be the case.
12
Classification of Secret Sharing Schemes

• Based on the access structure and prohibited
  structures, the secret sharing schemes are
  classified into the following types
• Type I
• A Secret sharing scheme for the access
  structure ? is a method of sharing a secret among
  a finite set of participants in such a way that
  only subsets of participants in ? can recover the
  secret while other subsets cannot. That is, ? (
  2P \ ?) is implied

13

• Type II
• A Secret sharing scheme for the prohibited
  structure ? is a method of sharing a secret among
  a finite set of participants in such a way that
  only subsets of participants in ? cannot recover
  the secret while other subsets can. That is, ?
  ( 2P \ ?) is implied

14

• Type III
• A Secret sharing scheme for the mixed
  structure (?, ?) is a method of sharing a secret
  among a finite set of participants in such a way
  that subsets of participants in ? can recover the
  secret, but subsets of participants in ? cannot
  recover the secret .
• That is, the privileges of subsets in 2P \
  (? ? ?) are not cared. Any subset of participants
  in 2P \ (? ? ?) may either recover the secret or
  not. Note that ? ? ? ? and ? ? ? ? 2P.

15
Basic idea behind (t, n) threshold Schemes

• When t n, it is very easy, as in the case of
  previous example, generate n-1 random numbers,
  say r1, r2, rn-1 and compute
• rn S - (r1 r2 rn-1 ) modulo
  M.
• One can easily see that r1, r2, rn can be
  considered as the n shares for the secret, and be
  distributed to each participants.
• Here, the modulo M operation may be replaced by
  XOR using data values of fixed bit-length.

16
When t lt n

• All the shares are not necessary to reconstruct
  the secret. i.e., some shares are redundant in
  some sense.
• Shamirs Scheme
• Based on Lagranges interpolation formula
• There is a unique polynomial of degree at most
  t-1 which passes through n points, but the
  polynomial passes through infinitely many points.
  

17

• So let the secret M be interpreted as a number
  mod p, is the constant term of a random
  polynomial of degree (at most) t-1, and evaluate
  the polynomial at n different points, say
• (x1, y1) , (x2, y2) , , (xn, yn).
• These points could be thought of as the n
  shares.
• Clearly any t shares uniquely determines the
  polynomial and hence the secret can be
  constructed.

18
Properties of Shamirs Schemes

• Perfect -
• Ideal size of one share is the size of the
  secret
• Extendable to new users
• No unproven assumptions
• Disadvantage
• As large amount of computation is involved in the
  Lagranges interpolation formula, it is not
  always recommended.

19
Combinatorial structures

• Latin square can be used as a scheme
• We can reconstruct the Latin square, if any two
  of the coloured numbers (with position) are
  known.

2 1 3
1 3 2
3 2 1
20
Visual Cryptography

• The decoding process of a visual cryptography
  scheme, which differs from traditional secret
  sharing, does not need complicated cryptographic
  mechanisms and computations. Instead, it can be
  decoded directly by simple computation

21















(No Transcript)
22
4/7
3/7
23
Combining Any Two rows of share for 1will give
Four or more 1s Where as if we do the same for
share for 0,We get only two 3s
24
(No Transcript)
25
(No Transcript)
26

• (n, n) scheme - Seven bit secret is converted
  to an 8 bit number by inserting an invalid random
  bit at the left.
• Example Let the Secret is the right most 7 bits
  of 00110100
• Generate n-2 rows of 8 bit Random numbers having
  4 0s and 4 1s

27
1. 01011001
2. 11101000
3. 10100101
4. 00101011 00110100
XOR ing the shares with secret we get 00001011.
Because of odd of 1s in it, make it even by
changing leftmost 0 to 1.
28
So we get 10001011 Make to shares 1 0 1
0 and 0 . 1 0
1 Fill the dots randomly by needed 0s and
1s. Example 1 0 1 1 0 0 1 0
0 0 1 1 1 0 0 1
29

• (t, n) Scheme with t ? 3
• For a (t,n) scheme, the shares for 0 cannot be
  same for all participants as before, because, if
  two shares are same, then a third share is not
  necessary to know that the corresponding bit. It
  must be 0.Since the logical addition favours
  towards 1, it is unlikely that the shares for
  zero will have more than two 1s. So the scarcity
  of 1s in a share, is a symptom that the bit to
  be 0. So the secret reconstruction must be little
  more complex than just logical OR. One can try
  for XOR. Infact XOR is more suitable because it
  doesnt favour to either 0 or 1.

30

• Problems that can occur with XOR
• If the shares of more than the minimum number
  of participants are known, whether the extra
  shares have to be considered for reconstruction
  of the secret or not, has to be decided. It may
  happen that by considering additional share, the
  result may differ. In such cases, the
  reconstruction algorithm should discard extra
  shares. It may also be noted that considering
  extra shares may slow down the reconstruction
  procedure. So there is nothing wrong in
  discarding extra shares.

31
(No Transcript)
32
Tthe reconstruction procedure is as
follows                 Take only 3 shares, if
more than 3 shares are available.              
XOR the shares block wise and count the number of
1s.               If this number is gt 4 the
secret bit is 1, otherwise 0. We can see
that if we XOR two shares, in either case we get
two 1s in each block. So, one cannot conclude
whether it is 1 or 0.
33
(No Transcript)
34
(No Transcript)
35
References

• 1 G.R. Blakley. Safeguarding Cryptographic
  keys. Proc. N.C.C. AFIPS Conference Proceedings
  48, Vol. 48, pp 313-317, 1979
• 2 Adi Shamir How to Share a Secret.
  Communications of the ACM, 22(11)612-613, 1979.
• 3 Moni Naor and Adi Shamir, Visual
  Cryptography, EUROCRYPT 1994, pp112

36
References .

• 4 J.C. Benaloh and J. Leichter, Generalized
  Secret sharing and Monotone Functions,
• Proceedings of Crypto 88, Advances in
  Cryptology, Lecture Notes in Computer Science,
  vol. 403, S. Goldwasser, Ed.,Springer-Verlag,
  1990,pp 27-35

37
Conclusion

• Originally motivated as secure information
  storage, secret sharing schemes have found
  numerous other applications
• Visual cryptography is much more faster than
  traditional cryptography
• Sources of various methods has to be
  investigated.

38
QUESTIONS
39

• Thank you