Douglas R. Stinson

An explication of secret sharing schemes

This paper is an explication of secret sharing schemes, emphasizing combinatorial construction methods. The main problem we consider is the construction of perfect secret sharing schemes, for specified access structures, with the maximum possible information rate.In this paper, we present numerous direct constructions for secret sharing schemes, such as the Shamir threshold scheme, the Boolean circuit construction of Benaloh and Leichter (for general access structures), the vector space construction of Brickell, and the Simmons geometric construction. We discuss the connections between ideal schemes (i.e., those with information rate equal to one) and matroids. We also mention the entropy bounds of Capocelli et al. Then we give a very general construciton, called the decomposition construction, and numerous applications of it. In particular, we study schemes for access structures based on graphs and the many interesting bounds that can be proved; and we determine the exact value of the optimal information rate for all access structures on at most four participants.

Extended capabilities for visual cryptography

An extended visual cryptography scheme (EVCS), for an access structure (ΓQual,ΓForb) on a set of n participants, is a technique to encode n images in such a way that when we stack together the transparencies associated to participants in any set X∈ΓQual we get the secret message with no trace of the original images, but any X∈ΓForb has no information on the shared image. Moreover, after the original images are encoded they are still meaningful, that is, any user will recognize the image on his transparency. The main contributions of this paper are the following: • A trade-off between the contrast of the reconstructed image and the contrast of the image on each transparency for (k,k)-threshold EVCS (in a (k,k)-threshold EVCS the image is visible if and only if k transparencies are stacked together). This yields a necessary and sufficient condition for the existence of (k,k)-threshold EVCS for the values of such contrasts. In case a scheme exists we explicitly construct it. • A general technique to implement EVCS, which uses hypergraph colourings. This technique yields (k,k)-threshold EVCS which are optimal with respect to the pixel expansion. Finally, we discuss some applications of this technique to various interesting classes of access structures by using relevant results from the theory of hypergraph colourings.

Universal hashing and authentication codes

In this paper, we study the application of universal hashing to the construction of unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally define some new classes of hash functions and then prove some new bounds and give some general constructions for these classes of hash functions. Then we discuss the implications to authentication codes.

A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks

This paper is a contribution to the theory of true random number generators based on sampling phase jitter in oscillator rings. After discussing several misconceptions and apparently insurmountable obstacles, we propose a general model which, under mild assumptions, will generate provably random bits with some tolerance to adversarial manipulation and running in the megabit-per-second range. A key idea throughout the paper is the fill rate, which measures the fraction of the time domain in which the analog output signal is arguably random. Our study shows that an exponential increase in the number of oscillators is required to obtain a constant factor improvement in the fill rate. Yet, we overcome this problem by introducing a postprocessing step which consists of an application of an appropriate resilient function. These allow the designer to extract random samples only from a signal with only moderate fill rate and, therefore, many fewer oscillators than in other designs. Last, we develop fault-attack models and we employ the properties of resilient functions to withstand such attacks. All of our analysis is based on rigorous methods, enabling us to develop a framework in which we accurately quantify the performance and the degree of resilience of the design

Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes

In this paper, we investigate combinatorial properties and constructions of two recent topics of cryptographic interest, namely frameproof codes for digital fingerprinting and traceability schemes for broadcast encryption. We first give combinatorial descriptions of these two objects in terms of set systems and also discuss the Hamming distance of frameproof codes when viewed as error-correcting codes. From these descriptions, it is seen that existence of a c-traceability scheme implies the existence of a c-frameproof code. We then give several constructions of frameproof codes and traceability schemes by using combinatorial structures such as t-designs, packing designs, error-correcting codes, and perfect hash families. We also investigate embeddings of frameproof codes and traceability schemes, which allow a given scheme to be expanded at a later date to accommodate more users. Finally, we look briefly at bounds which establish necessary conditions for existence of these structures.

Deterministic key predistribution schemes for distributed sensor networks

It is an important issue to establish pairwise keys in distributed sensor networks (DSNs). In this paper, we present two key predistribution schemes (KPSs) for DSNs, ID-based one-way function scheme (IOS) and deterministic multiple space Bloms scheme (DMBS). Our schemes are deterministic, while most existing schemes are based on randomized approach. We show that the performance of our schemes is better than other existing schemes in terms of resiliency against coalition attack. In addition we obtain perfectly resilient KPSs such that the maximum supportable network size is larger than random pairwise keys schemes.

Secure Frameproof Codes, Key Distribution Patterns, Group Testing Algorithms and Related Structures

Abstract Frameproof codes were introduced by Boneh and Shaw as a method of “digital fingerprinting” which prevents a coalition of a specified size c from framing a user not in the coalition. Stinson and Wei then gave a combinatorial formulation of the problem in terms of certain types of extremal set systems. In this paper, we study frameproof codes that provide a certain (weak) form of traceability. We extend our combinatorial formulation to address this stronger requirement, and show that the problem is solved by using ( i , j )-separating systems, as defined by Friedman, Graham and Ullman. Using constructions based on perfect hash families, we give the first efficient explicit constructions for these objects for general values of i and j . We also review nonconstructive existence results that are based on probabilistic arguments. Then we look at two other, related concepts, namely key distribution patterns and nonadaptive group testing algorithms. We again approach these problems from the point of view of extremal set systems, and we describe a natural common setting in which these two problems are complementary special cases. This approach also demonstrates a close relationship between these two problems and frameproof codes. Explicit constructions are given, and some nonconstructive existence results are reviewed. In the case of key distribution patterns, our explicit constructions are the most efficient ones known.

On the Construction of Practical Key Predistribution Schemes for Distributed Sensor Networks Using Combinatorial Designs

In this paper, we discuss the use of combinatorial set systems (combinatorial designs) in the design of key predistribution schemes (KPSs) for sensor networks. We show that the performance of a KPS can be improved by carefully choosing a certain class of set systems as “key ring spaces”. Especially, we analyze KPSs based on a type of combinatorial design known as a <it>transversal design</it>. We employ two types of transversal designs, which are represented by the set of all linear polynomials and the set of quadratic polynomials (over some finite field), respectively. These KPSs turn out to have significant efficiency in a shared-key discovery phase without degrading connectivity and resiliency.

A combinatorial approach to key predistribution for distributed sensor networks

We discuss the use of combinatorial set systems in the design of deterministic key predistribution schemes for distributed sensor networks. We concentrate on analyzing combinatorial properties of the set systems that relate to the connectivity and resilience of the resulting distributed sensor networks.

On Some Methods for Unconditionally Secure Key Distributionand Broadcast Encryption

This paper provides an exposition of methods by which a trusted authority can distribute keys and/or broadcast a message over a network, so that each member of a privileged subset of users can compute a specified key or decrypt the broadcast message. Moreover, this is done in such a way that no coalition is able to recover any information on a key or broadcast message they are not supposed to know. The problems are studied using the tools of information theory, so the security provided is unconditional (i.e., not based on any computational assumption).We begin by surveying some useful schemes for key distribution that have been presented in the literature, giving background and examples (but not too many proofs). In particular, we look more closely at the attractive concept of key distribution patterns, and present a new method for making these schemes more efficient through the use of resilient functions. Then we present a general approach to the construction of broadcast schemes that combines key predistribution schemes with secret sharing schemes. We discuss the Fiat-Naor Broadcast Scheme, as well as other, new schemes that can be constructed using this approach.