Secret Sharing And Application In Information Security

Secret sharing is a primitive of cryptography. It is a basic building block for constructing many secure protocols in distributed computing settings such as se-cure multiparty computation, group key agreement, threshold cryptosystem. Secret sharing, an important field of cryptography, plays an important role in protect-ing and recovering secret information when lost, destroyed/altered, or fallen into the wrong hands. Although secret sharing provides as many solutions as possible for constructing secure protocols mentioned above, with the rapid development of network and the emergence of cloud computing, it is still a challenge to apply se-cret sharing to various application scenarios. Thus, secret sharing still needs to be further studied.This dissertation focuses on the research of secret sharing theory and its ap-plication in information security. First, this dissertation reviews the background and the state of the art of secret sharing. Based on these reviews, the advantages and disadvantages of existing secret sharing schemes are analyzed. Second, in the aspects of theory, we mainly study how to prevent cheating, how to share multi-secret, and how to avoid a mutual trusted dealer. Aiming at these problems, we design a unconditionally secure verifiable secret sharing scheme, a Chinese remain-der theorem-based cheater identifiable multi-secret sharing scheme, and a dealer-free secret sharing scheme with public verifiability. Finally, for application of secret shar-ing, by the characteristics of wireless network (mobile ad hoc network, referred to as MANET), we construct a distributed secret share update scheme with public verifiability, which effectively solves some problems of key management in MANET. Next, to apply secret sharing cryptosystem to a hot issue, i.e., cloud storage, we propose a novel limited proxy re-encryption scheme with keyword search, which can guarantee a user an accurately access to data even if there exists a distrust proxy server in cloud storage. In addition, to apply the methodology of secret sharing to a wider cloud computing platform, we design a secure distributed scheme of secret multiplication sharing which solves the problem of multiple secrets multiplication over integer ring.Our main contributions are as follows:1. In order to overcome the drawbacks of most existing secret schemes, three main aspects are concerned:(1) Verifiability:Since the dishonest participants may show the fake shares in secret recovery phase, numerous literatures put forward solutions to this problem, however, existing verifiability is mainly based on some cryptographic assumptions. We proposed a unconditionally verifiable secret sharing scheme, in which a single keyed strongly universal hash function is used as a mes-sage authentication code (MAC), making the verifiability unconditionally secure. Furthermore, it makes the computational cost low using the Chinese reminder the-ory (CRT) instead of polynomial to construct this scheme.(2) Multi-secret sharing: Aiming at recovering all the secrets in one session, existing literatures use Shamir polynomial to tackle this problem, which makes the application limited. Using godel coding and CRT, we provide a cheater identifiable multi-secret sharing scheme as an alternative method to obtain unconditionally secure. Furthermore, we explored the multiplicatively homomorphic properties of the CRT in designing a practical protocol, which extends the application of secret sharing.(3) Eliminating a mutu-al trusted dealer:There exists no a mutual trusted dealer in most real scenarios. Nevertheless, existing dealer-free secret sharing schemes cannot provide public veri-fiability. Combining the technique of homomorphic commitment and that of bilinear pairing, we proposed a joint random secret sharing scheme with public verifiability. Its process is non-inter active and efficient. All these are related in Chapter3.2. To prevent an adversary from collecting other nodes’shares to compro-mise the system key over a long period of time in MANET and even to tackle the false accusation, we construct a distributed secret share update scheme with public verifiability, which solves some problems of key management in MANET. We take advantage of the technique of verifiable encryption of discrete logarithm with ad-ditive homomorphism and that of proactive secret sharing cryptosystem to obtain our goals. There are detailed in Chapter4.3. Combining the function of limited proxy re-encryption and that of public key encryption with keyword search, we introduced a new primitive of limited prox-y re-encryption with keyword search for fine-grained data access control in cloud computing, and further gives its formal definition, security model, and construction. This primitive solved the problem of access control to data stored in public cloud provided the proxy cloud sever is distrusted. All these are related in Chapter5.4. Existing secure distributed multiplication calculation using traditional Shami polynomial to share the product of n secrets have to invoke two party secure mul-tiplication protocol repeatedly to achieve their goal, which makes them inefficient. To overcome this drawback, we implement a new secure distributed secret sharing scheme of n product using an encoding method and a commitment scheme with ad-ditive homomorphism. The proposed scheme makes participants share the product of three secrets or more in one session. Even if there exist malicious participants, the scheme works securely. These are detailed in Chapter6.