Christophe Tartary

Dynamic threshold and cheater resistance for shamir secret sharing scheme

In this paper, we investigate the problem of increasing the threshold parameter of the Shamir (t,n)-threshold scheme without interacting with the dealer. Our construction will reduce the problem of secret recovery to the polynomial reconstruction problem which can be solved using a recent algorithm by Guruswami and Sudan. In addition to be dealer-free, our protocol does not increase the communication cost between the dealer and the n participants when compared to the original (t,n)-threshold scheme. Despite an increase of the asymptotic time complexity at the combiner, we show that recovering the secret from the output of the previous polynomial reconstruction algorithm is still realistic even for large values of t. Furthermore the scheme does not require every share to be authenticated before being processed by the combiner. This will enable us to reduce the number of elements to be publicly known to recover the secret to one digest produced by a collision resistant hash function which is smaller than the requirements of most verifiable secret sharing schemes.

Efficient multicast stream authentication for the fully adversarial network model

We consider the stream authentication problem when an adversary has the ability to drop, reorder or inject data packets in the network. We propose a coding approach for multicast stream authentication using the list-decoding property of Reed-Solomon codes. We divide the data to be authenticated into a stream of packets and associate a single signature for every λn packets where λ and n are predesignated parameters. Our scheme, which is also joinable at the boundary of any n-packet block, can be viewed as an extension of Lysyanskaya, Tamassia and Triandopouloss technique in which λ = 1. We show that by choosing λ and n appropriately, our scheme outperforms theirs in both signature and verification time. Our approach relies on signature dispersion as SAIDA and eSAIDA. Assuming that we use RSA for signing and MD5 for hashing, we give an approximation of the proportion of extra packets per block which could be processed via our technique with respect to the previous scheme. As example when we process λ = 1000 blocks of 20000 64-byte-packets, the gain of our scheme with respect to Lysyanskaya et al.s is about 30 %.

NTRUCCA: how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model

NTRUEncrypt is a fast and practical lattice-based public-key encryption scheme, which has been standardized by IEEE, but until recently, its security analysis relied only on heuristic arguments. Recently, Stehle and Steinfeld showed that a slight variant (that we call pNE ) could be proven to be secure under chosen-plaintext attack (IND-CPA), assuming the hardness of worst-case problems in ideal lattices. We present a variant of pNE called NTRUCCA , that is IND-CCA2 secure in the standard model assuming the hardness of worst-case problems in ideal lattices, and only incurs a constant factor overhead in ciphertext and key length over the pNE scheme. To our knowledge, our result gives the first IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions. As an intermediate step, we present a construction for an All-But-One (ABO) lossy trapdoor function from pNE , which may be of independent interest. Our scheme uses the lossy trapdoor function framework of Peikert and Waters, which we generalize to the case of (k −1)-of-k -correlated input distributions.

Achieving multicast stream authentication using MDS codes

We address the multicast stream authentication problem when the communication channel is under the control of an opponent who can drop, reorder or inject data. In such a network model, packet overhead and computing efficiency are important parameters to be taken into account when designing a multicast authentication protocol. Our construction will exhibit three main advantages. First, our packet overhead will only be a few hashes long. Second, we will exhibit a number of signature verifications to be performed by the receivers which will turn to be O(1). Third, every receiver will still be able to recover all the data packets emitted by the sender despite losses and injections occurred during the transmission of information.

Graph Coloring Applied to Secure Computation in Non-Abelian Groups

We study the natural problem of secure n-party computation (in the computationally unbounded attack model) of circuits over an arbitrary finite non-Abelian group (G,⋅), which we call G-circuits. Besides its intrinsic interest, this problem is also motivating by a completeness result of Barrington, stating that such protocols can be applied for general secure computation of arbitrary functions. For flexibility, we are interested in protocols which only require black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our investigations focus on the passive adversarial model, where up to t of the n participating parties are corrupted.Our results are as follows. We initiate a novel approach for the construction of black-box protocols for G-circuits based on k-of-k threshold secret-sharing schemes, which are efficiently implementable over any black-box (non-Abelian) group G. We reduce the problem of constructing such protocols to a combinatorial coloring problem in planar graphs. We then give three constructions for such colorings. Our first approach leads to a protocol with optimal resilience t<n/2, but it requires exponential communication complexity

Authentication of Digital Streams

O({\binom{2 t+1}{t}}^{2} \cdot N_{g})

A Practical Framework for

group elements and round complexity

t

O(\binom{2 t + 1}{t} \cdot N_{g})

-Out-of-

, for a G-circuit of size Ng. Nonetheless, using this coloring recursively, we obtain another protocol to t-privately compute G-circuits with communication complexity

n

\mathcal{P}\mathit{oly}(n)\cdot N_{g}