Ventzislav Nikov

On proactive secret sharing schemes

This paper investigates the security of Proactive Secret Sharing Schemes. We start with revision of the mobile adversary model of Herzbergs et al. imposing less restriction to the adversary. We first investigate the approach of using commitment to 0 in the renewal phase in order to renew the players shares. In the considered model some well known computationally secure protocols (which use this approach) turns out to be vulnerable to a specific attack. We show that this type of attack is applicable also in the unconditional case. Then we extend the attack of DArco and Stinson to non-symmetric polynomials, which is applicable even in the mobile adversary model of Herzberg et al. Next the conditions for the security of a proactive scheme using this approach are shown. We also investigate another approach to add proactivity, namely using re-sharing instead of commitment to 0. Two protocols using this approach are described and it is shown that both are not secure against a mobile adversary. The main contribution of the paper is to show specific weaknesses, when a mobile adversary is considered.

On boolean functions with generalized cryptographic properties

By considering a new metric, we generalize cryptographic properties of Boolean functions such as resiliency and propagation characteristics. These new definitions result in a better understanding of the properties of Boolean functions and provide a better insight in the space defined by this metric. This approach leads to the construction of “hand-made” Boolean functions, i.e., functions for which the security with respect to some specific monotone sets of inputs is considered, instead of the security with respect to all possible monotone sets with the same cardinality, as in the usual definitions. This approach has the advantage that some trade-offs between important properties of Boolean functions can be relaxed.

On Unconditionally Secure Distributed Oblivious Transfer

This work is about distributed protocols for oblivious transfer, proposed by Naor and Pinkas, and recently generalized by Blundo et. al. In this settings a Sender has n secrets and a Receiver is interested in one of them. The Sender distributes the information about the secrets to m servers, and a Receiver must contact a threshold of the servers in order to compute the secret. These distributed oblivious transfer protocols provide information theoretic security. We present impossibility result and lower bound for existence of one-round threshold distributed oblivious transfer protocols, generalizing the results of Blundo et. al. A threshold based construction implementing 1-out-of-n distributed oblivious transfer achieving the proved lower bound for existence is proposed. A condition for existence of general access structure distributed oblivious transfer scheme is proven. We also present a general access structure protocol implementing 1-out-of-n distributed oblivious transfer.

On the size of monotone span programs

Span programs provide a linear algebraic model of computation. Monotone span programs (MSP) correspond to linear secret sharing schemes. This paper studies the properties of monotone span programs related to their size. Using the results of van Dijk (connecting codes and MSPs) and a construction for a dual monotone span program proposed by Cramer and Fehr we prove a non-trivial upper bound for the size of monotone span programs. By combining the concept of critical families with the dual monotone span program construction of Cramer and Fehr we improve the known lower bound with a constant factor, showing that the lower bound for the size of monotone span programs should be approximately twice as large. Finally, we extend the result of van Dijk showing that for any MSP there exists a dual MSP such that the corresponding codes are dual.

On multiplicative linear secret sharing schemes

We consider both information-theoretic and cryptographic settings for Multi-Party Computation (MPC), based on the underlying linear secret sharing scheme. Our goal is to study the Monotone Span Program (MSP), that is the result of local multiplication of shares distributed by two given MSPs as well as the access structure that this resulting MSP computes. First, we expand the construction proposed by Cramer et al. for multiplying two different general access structures and we prove some properties of the resulting MSP.We prove that using two (different) MSPs to compute their resulting MSP is more efficient than building a multiplicative MSP.Next we define a (strongly) multiplicative resulting MSP and we prove that when one uses dual MSPs only all players together can compute the product. An analog of the algebraic simplification protocol of Gennaro et al. is presented. We show which conditions the resulting access structure should fulfill in order to achieve MPC secure against an adaptive, active adversary in the zero-error case in both the computational and the information-theoretic model.

On Distributed Key Distribution Centers and Unconditionally Secure Proactive Verifiable Secret Sharing Schemes Based on General Access Structure

A Key Distribution Center of a network is a server enabling private communications within groups of users. A Distributed Key Distribution Center is a set of servers that jointly realizes a Key Distribution Center. In this paper we build a robust Distributed Key Distribution Center Scheme secure against active and mobile adversary. We consider a general access structure for the set of servers and for the adversary access structure. We also revise the unconditionally secure Verifiable Secret Sharing Schemes from [11, 10, 19, 22] proposing a modified version which is proactively secure.

Multi-party Computation from Any Linear Secret Sharing Scheme Unconditionally Secure against Adaptive Adversary: The Zero-Error Case

We consider a generalized adaptive and active adversary model for unconditionally secure Multi-Party Computation (MPC) in the zero error case.

Upper bound for the size of monotone span programs

In this paper we consider certain prop- erties of an general access structure and its dual. In particular we prove that corer = corerL. We also es- tablish a new upper bound for the size of MSP, which computes connected access structure I?. We show that the size of a MSP is limited above by the sum of the number of minimal and the number of maximal sets minus one. This is the first upper bound on the size of MSPs to our knowledge.

Error-set codes and related objects

By considering a new metric, Nikov and Nikova defined the class of error-set correcting codes. These codes differ from the error-correcting codes in the sense that the minimum distance of the code is replaced by a collection of monotone decreasing sets Δ which define the supports of the vectors that do not belong to the code. In this paper we consider a subclass of these codes --- so called, ideal codes --- investigating their properties such as the relation with its dual and a formula for the weight enumerator. Next we show that the Δ-set of these codes corresponds to the independent sets of a matroid. Consequently, this completes the equivalence of ideal linear secret sharing schemes and matroids on one hand and linear secret sharing schemes and error-set correcting codes on the other hand.

Robust Metering Schemes for General Access Structures

In order to decide on advertisement fees for web servers, Naor and Pinkas introduced (threshold) metering schemes secure against coalitions of corrupt servers and clients. They show that one should be able to detect illegal behavior of clients, i.e., one needs to verify the shares received from clients. Most metering schemes do not offer this feature. But Ogata and Kurosawa pointed out a minor flaw in the extension protocol by Naor and Pinkas providing detection of such illegal behavior and propose a correction. In this paper we extend the linear algebra approach from Nikov et al. in order to build robust unconditionally secure general metering schemes. As a tool to achieve this goal we introduce doubly-labelled matrices and an operation on such matrices. Certain properties of this operation are proven.