Abstract
We study non-malleable secret sharing against joint leakage and joint tampering attacks. Our main result is the first threshold secret sharing scheme in the plain model achieving resilience to noisy-leakage and continuous tampering. The above holds under (necessary) minimal computational assumptions (i.e., the existence of one-to-one one-way functions), and in a model where the adversary commits to a fixed partition of all the shares into non-overlapping subsets of at most \(t-1\) shares (where t is the reconstruction threshold), and subsequently jointly leaks from and tampers with the shares within each partition.
We also study the capacity (i.e., the maximum achievable asymptotic information rate) of continuously non-malleable secret sharing against joint continuous tampering attacks. In particular, we prove that whenever the attacker can tamper jointly with \(k > t/2\) shares, the capacity is at most \(t - k\). The rate of our construction matches this upper bound.
An important corollary of our results is the first non-malleable secret sharing scheme against independent tampering attacks breaking the rate-one barrier (under the same computational assumptions as above).
The first and last author acknowledge support by Sapienza University under the grant SPECTRA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The only (necessary) restriction is that the experiment self-destructs after the first tampering query yielding an invalid secret sharing.
- 2.
In this setting, once a subset of shares has been tampered with jointly, that subset is always either tampered jointly or not modified by future tampering queries.
- 3.
i.e., one-joint leakage and tampering attacks.
- 4.
In the hybrid experiment, one also needs to adjust the reconstruction algorithm so that an attacker cannot distinguish between the hybrid and the original experiment by mauling \(\sigma _1,\sigma _2\) without changing the underlying shared value. In the description, we omit these details to simplify the exposition.
- 5.
Actually, Goyal et al. prove security in the more general setting of \(t\)-cover-free tampering, in which, intuitively, the subsets of the partition of the shares may overlap.
- 6.
Note that in case the tampered commitments within one of the subsets \(\mathcal {B} _i\) are not equal, the reduction can immediately self-destruct.
- 7.
Note that in case the tampered ciphertexts within one of the subsets \(\mathcal {B} _i\) are not equal, the reduction can immediately self-destruct.
- 8.
They require that the leakage on the i-th share does not drop the conditional average min-entropy of the share i conditioned on all other shares \(j\ne i\) by too much. This additional requirement makes their rate compiler incompatible with the non-malleable secret sharing scheme by Brian, Faonio, Obremski, Simkin and Venturi [6] which does not satisfy this property.
- 9.
Goyal and Kumar [18] originally gave a simulation-based definition of non-malleability (for the case of one-time tampering). It is folklore that this flavor of non-malleability can be shown to be equivalent to the indistinguishability-based notion we define (even in the setting of continuous tampering), so long as the message length is super-logarithmic in the security parameter.
- 10.
It is always possible to modify the reconstruction algorithm \(\mathsf {Rec}\) so that, upon input more than \(t\) shares, say \(\sigma _{i_1}, \ldots , \sigma _{i_t}, \ldots \), with \(i_1< i_2< \ldots< i_t< \ldots \), it only considers the first \(t\) shares \(\sigma _{i_1}, \ldots , \sigma _{i_t}\) in order to reconstruct the message.
- 11.
For the information dispersal, it suffices to define \(\mathsf {IDisp}(\mu ) := (\mu , \ldots , \mu )\) (i.e., the same message repeated \(n\) times) and \(\mathsf {IRec}(\mu ) := \mu \).
- 12.
For the sake of simplicity, assume \(t\) even. When \(t\) is odd, we obtain \(t^* = (t- 1)/2\).
References
Aggarwal, D., et al.: Stronger leakage-resilient and non-malleable secret sharing schemes for general access structures. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 510–539. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_18
Badrinarayanan, S., Srinivasan, A.: Revisiting non-malleable secret sharing. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 593–622. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_20
Ball, M., Chattopadhyay, E., Liao, J.J., Malkin, T., Tan, L.Y.: Non-malleability against polynomial tampering. Cryptology ePrint Archive, Report 2020/147 (2020). https://ia.cr/2020/147
Ball, M., Guo, S., Wichs, D.: Non-malleable codes for decision trees. In: CRYPTO 2019, Part I, pp. 413–434 (2019)
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of AFIPS 1979 National Computer Conference, pp. 313–317 (1979)
Brian, G., Faonio, A., Obremski, M., Simkin, M., Venturi, D.: Non-malleable secret sharing against bounded joint-tampering attacks in the plain model. In: CRYPTO 2020, Part III, pp. 127–155 (2020)
Brian, G., Faonio, A., Venturi, D.: Continuously non-malleable secret sharing for general access structures. In: TCC 2019, Part II, pp. 211–232 (2019)
Brian, G., Faonio, A., Venturi, D.: Continuously non-malleable secret sharing: joint tampering, plain model and capacity. Cryptology ePrint Archive, Report 2021/1128 (2021). https://ia.cr/2021/1128
Chattopadhyay, E., Goodman, J., Goyal, V., Li, X.: Leakage-resilient extractors and secret-sharing against bounded collusion protocols. Cryptology ePrint Archive, Report 2020/478 (2020). https://ia.cr/2020/478
Chattopadhyay, E., Li, X.: Non-malleable codes, extractors and secret sharing for interleaved tampering and composition of tampering. Cryptology ePrint Archive, Report 2018/1069 (2018). https://ia.cr/2018/1069
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. Cryptology ePrint Archive, Report 2003/235 (2003). http://ia.cr/2003/235
Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: 23rd ACM STOC, pp. 542–552 (1991)
Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 2, 391–437 (2000)
Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: ICS 2010, pp. 434–452 (2010)
Faonio, A., Venturi, D.: Non-malleable secret sharing in the computational setting: adaptive tampering, noisy-leakage resilience, and improved rate. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 448–479. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_16
Faust, S., Mukherjee, P., Nielsen, J.B., Venturi, D.: Continuous non-malleable codes. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 465–488. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_20
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: 19th ACM STOC, pp. 218–229 (1987)
Goyal, V., Kumar, A.: Non-malleable secret sharing. In: 50th ACM STOC, pp. 685–698 (2018)
Goyal, V., Kumar, A.: Non-malleable secret sharing for general access structures. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 501–530. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_17
Goyal, V., Srinivasan, A., Zhu, C.: Multi-source non-malleable extractors and applications. IACR Cryptology ePrint Archive 2020/157 (2020). https://ia.cr/2020/157
Krawczyk, H.: Secret sharing made short. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 136–146. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_12
Kumar, A., Meka, R., Sahai, A.: Leakage-resilient secret sharing against colluding parties. In: 60th FOCS, pp. 636–660 (2019)
Kumar, A., Meka, R., Zuckerman, D.: Bounded collusion protocols, cylinder-intersection extractors and leakage-resilient secret sharing. Cryptology ePrint Archive, Report 2020/473 (2020). https://ia.cr/2020/473
Lin, F., Cheraghchi, M., Guruswami, V., Safavi-Naini, R., Wang, H.: Leakage-resilient non-malleable secret sharing in non-compartmentalized models. CoRR abs/1902.06195 (2019). http://arxiv.org/abs/1902.06195
Nielsen, J.B., Simkin, M.: Lower bounds for leakage-resilient secret sharing. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 556–577. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_20
Ostrovsky, R., Persiano, G., Venturi, D., Visconti, I.: Continuously non-malleable codes in the split-state model from minimal assumptions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 608–639. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_21
Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989). https://doi.org/10.1145/62044.62050
Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 11, 612–613 (1979)
Srinivasan, A., Vasudevan, P.N.: Leakage resilient secret sharing and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 480–509. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_17
Acknowledgments
We thank Mark Simkin and Maciej Obremski for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Brian, G., Faonio, A., Venturi, D. (2021). Continuously Non-malleable Secret Sharing: Joint Tampering, Plain Model and Capacity. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13043. Springer, Cham. https://doi.org/10.1007/978-3-030-90453-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-90453-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90452-4
Online ISBN: 978-3-030-90453-1
eBook Packages: Computer ScienceComputer Science (R0)