理性公平的秘密共享方案

Rational Fair Secret Sharing Scheme

理性秘密共享是将自利的理性用户引入到传统秘密共享中,力图在现实环境中实现公平的秘密重构,使得所有用户均能获得共享秘密.然而,由于忽略了理性用户的自利性行为,现有理性秘密共享的公平性定义允许出现用户不发送子秘密也能获得共享秘密的不公平情形.这导致在使用以该定义为指导所设计的理性秘密共享方案时,并不能确保所有用户均能获得共享秘密;甚至还会出现发送错误子秘密欺骗其他用户,导致其他用户将重构出的虚假的共享秘密视为真实秘密的极端情形.为解决该问题,本文结合秘密共享的存取结构,形式化定义了秘密共享的理性公平性.并以此为指导,通过在秘密分发阶段为每个理性用户发送大量虚假子秘密,使得理性用户难以准确猜测出真实共享子秘密的方法,设计一个混淆激励机制,并提出一个理性公平的秘密共享方案.理论分析和大量实验表明,该方案能有效地约束理性用户在秘密重构阶段的自利性行为,确保所有用户能获得真实的共享秘密,高效地实现公平的秘密共享.

With the development of communication technologies,the advanced technologies like cloud computing and IoT(Internet of Things)are emerging,which bring convenience and become part of our daily life.Unfortunately,when enjoying the convenient life,the users’privacy may disclose because they need to provide some individual sensitive data.To protect the users’privacy effectively,the cryptography participating in multi-user has attracted more attention,especially secret sharing.Secret sharing is one of the most common and classical distributed cryptographic schemes,which allows the certain number of users can obtain the secret together,but any subset of users of size less than the prescribed number cannot obtain the secret even they collude with others.In traditional secret sharing,the users are regarded as either honest or malicious.Honest users follow the prescribed scheme faithfully,whereas malicious users behave in arbitrary manners.However,in real applications,the users are selfish and always try to maximize their profits,which coincides with the selfish characteristic of rational users in game theory.Under this circumstance,rational secret sharing is proposed by introducing selfish users into traditional secret sharing,which assumes that the users prefer to obtain the secret above all else,otherwise prefer the fewest number of other users to obtain the secret.The purpose is to realize the fair secret reconstruction in real applications.Unfortunately,when directly adopting the existing rational secret sharing schemes,some unfair solutions arise,which lead that some of the users reconstruct the secret but not send the shares,whereas the others cannot obtain the secret after sending the shares.More seriously,some of the users can cheat the other users into viewing a fake secret as the real.The crucial reason is that,the users’selfish behaviors are not considered completely in the existing fairness definition of rational secret sharing,and the existing schemes are devised under the guidance of this fairness definition.To address this problem,this paper formalizes rational fairness of secret sharing by combining it with the minimum access structure,and demonstrates that the proposed definition allows the users to reconstruct the real secret only when both of them send the shares honestly.Furthermore,to show that the proposed fairness definition is meaningful,an incentive obfuscation mechanism is devised and an advanced rational secret sharing scheme is presented.In the proposal,a great quantity of fake shares are generated for rational users to make them not able to identify the real one,and the users are punished by not receiving any shares in the future when they do not send the shares honestly.In this way,none of users deviates from the scheme prescribed,thereby realizing the fair secret reconstruction.Through the comparisons of the existing schemes in applicable scenarios,reconstruction rounds,requirements on trust users,computation of rational users’payments,and other complicated cryptographic tools,the advantages of our scheme are analyzed to illustrate the usability.Additionally,the extensive experiments illustrate that the computation overhead and communication cost of the presented scheme are limited,indicating that our scheme can realize the fair secret reconstruction efficiently.