Kaoru Kurosawa

Truly Efficient

In the model of perfectly secure message transmission (PSMT) schemes, there are n channels between a sender and a receiver. An infinitely powerful adversary A may corrupt (observe and forge) the messages sent through t out of n channels. The sender wishes to send a secret s to the receiver perfectly privately and perfectly reliably without sharing any key with the receiver. In this paper, we show the first 2-round PSMT for n = 2t + 1 such that not only the transmission rate is O(n) but also the computational costs of the sender and the receiver are both polynomial in n. This means that we solve the open problem raised by Agarwal, Cramer, and de Haan at CRYPTO 2006. The main novelty of our approach is to introduce a notion of pseudobasis to the coding theory. It will be an independent interest for coding theory, too.

2

In the model of perfectly secure message transmission (PSMT) schemes, there are n channels between a sender and a receiver. An infinitely powerful adversary A may corrupt (observe and forge) the messages sent through t out of n channels. The sender wishes to send a secret s to the receiver perfectly privately and perfectly reliably without sharing any key with the receiver. In this paper, we show the first 2-round PSMT for n = 2t + 1 such that not only the transmission rate is O(n) but also the computational costs of the sender and the receiver are both polynomial in n. This means that we solve the open problem raised by Agarwal, Cramer, and de Haan at CRYPTO 2006. The main novelty of our approach is to introduce a notion of pseudobasis to the coding theory. It will be an independent interest for coding theory, too.

-Round Perfectly Secure Message Transmission Scheme

Consider a model of secret sharing schemes with cheaters. We say that a secret sharing scheme is error decodable if we can still recover the secret s correctly from a noisy share vector (share1, ..., sharen). In this paper, we first prove that a perfect secret sharing scheme is error decodable if and only if the adversary structure Γ satisfies a certain condition called Q3. Next, for such Γ , we show a scheme such that the decoding algorithm runs in polynomial-time in |S | and the size of a linear secret sharing scheme which realizes Γ. We finally show an application to 1-round perfectly secure message transmission schemes (PSMT).

Truly efficient 2-round perfectly secure message transmission scheme

The round complexity of verifiable secret sharing (VSS) schemes has been studied extensively for threshold adversaries. In particular, Fitzi et al. showed an efficient 3-round VSS for n ≥ 3t + 1 [4], where an infinitely powerful adversary can corrupt t (or less) parties out of n parties. This paper shows that for non-threshold adversaries: 1. Two round perfectly secure VSS is possible if and only if the underlying adversary structure satisfies the Q4 condition; 2. Three round perfectly secure VSS is possible if and only if the underlying adversary structure satisfies the Q3 condition. n nFurther as a special case of our three round protocol, we can obtain a more efficient 3-round VSS than the VSS of Fitzi et al. for n = 3t + 1. More precisely, the communication complexity of the reconstruction phase is reduced from O(n3) to O(n2). We finally point out a flaw in the reconstruction phase of the VSS of Fitzi et al., and show how to fix it.

General Error Decodable Secret Sharing Scheme and Its Application

Patra et al. (IJACT 09) gave a necessary and sufficient condition for the possibility of almost perfectly secure message transmission protocols1 tolerating general, non-threshold Q2 adversary structure. However, their protocol requires at least three rounds and performs exponential (exponential in the size of the adversary structure) computation and communication. They have left it as an open problem to design efficient protocol for almost perfectly secure message transmission, tolerating Q2 adversary structure. n nIn this paper, we show the first single round almost perfectly secure message transmission protocol tolerating Q2 adversary structure. The computation and communication complexities of the protocol are both polynomial in the size of underlying linear secret sharing scheme (LSSS). This solves the open problem posed by Patra et al. n nWhen we restrict our general protocol to a threshold adversary, we obtain a single round, communication optimal almost secure message transmission protocol tolerating threshold adversary, which is much more computationally efficient and relatively simpler than the previous single round, communication optimal protocol of Srinathan et al. (PODC 08).

The round complexity of perfectly secure general VSS

In the model of Perfectly Secure Message Transmission Schemes (PSMTs), there are n channels between a sender and a receiver, and they share no key. An infinitely powerful adversary A can corrupt xa0 (observe and forge) the messages sent through some subset of n channels. For non-threshold adversaries called Q2, Kumar etxa0al. showed a many round PSMT (Ashwin Kumar etxa0al. On perfectly secure communication over arbitrary networks. PODC 2002, pp. 193–202, 2002). In this paper, we show round efficient PSMTs against Q2-adevrsaries. We first give a 3-round PSMT which runs in polynomial time in the size of the underlying linear secret sharing scheme. We next present a 2-round PSMT which is inefficient in general. (However, it is efficient for some special case.)