A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n...A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n) threshold schemes, so they are fit for only threshold applications and unfit for the applications of general access structures. Due to the fact that a (t, n) threshold scheme could only handle a small fraction of the secret sharing idea, a novel multi-secret sharing scheme is proposed, which is designed based on general access structures. The security of this scheme is the same as that of Shamir's threshold secret sharing scheme. Compared with the existing multiple secret sharing schemes, the proposed scheme can provide greater capabilities for many applications because it is able to deal with applications of general access structures.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data ...Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.展开更多
The information rate is an important metric of the performance of a secret-sharing scheme. In this paper we consider 272 non-isomorphic connected graph access structures with nine vertices and eight or nine edges, and...The information rate is an important metric of the performance of a secret-sharing scheme. In this paper we consider 272 non-isomorphic connected graph access structures with nine vertices and eight or nine edges, and either determine or bound the optimal information rate in each case. We obtain exact values for the optimal information rate for 231 cases and present a method that is able to derive information-theoretical upper bounds on the optimal information rate. Moreover, we apply some of the constructions to determine lower bounds on the information rate. Regarding information rate, we conclude with a full listing of the known optimal information rate (or bounds on the optimal information rate) for all 272 graphs access structures of nine participants.展开更多
For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through desig...For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares.The generation and distribution of private key shares,the encryption,the decryption and the combination are introduced in detail.The validity and security of the scheme are proved and analyzed.Comparisons with the existing schemes show that the proposed scheme is more flexible.展开更多
In this paper, we propose a novel space efficient secret sharing scheme on the basis of minimal linear codes, which satisfies the definition of a computationally efficient secret sharing scheme. In the scheme, we part...In this paper, we propose a novel space efficient secret sharing scheme on the basis of minimal linear codes, which satisfies the definition of a computationally efficient secret sharing scheme. In the scheme, we partition the underlying minimal linear code into disjoint classes, establishing a one-to-one correspondence between the minimal authorized subsets of participants and the representative codewords of all different classes. Each participant, with only one short share transmitted through a public channel, can share a large secret. Therefore, the proposed scheme can distribute a large secret in practical applications such as secure information dispersal in sensor networks and secure multiparty computation.展开更多
基金Supported bythe National Basic Research Programof China(973 Program G1999035805)
文摘A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n) threshold schemes, so they are fit for only threshold applications and unfit for the applications of general access structures. Due to the fact that a (t, n) threshold scheme could only handle a small fraction of the secret sharing idea, a novel multi-secret sharing scheme is proposed, which is designed based on general access structures. The security of this scheme is the same as that of Shamir's threshold secret sharing scheme. Compared with the existing multiple secret sharing schemes, the proposed scheme can provide greater capabilities for many applications because it is able to deal with applications of general access structures.
基金This research is funded by Science and Technology Program of Guangzhou(Grant No.201707010358).
文摘Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant No. 61373150) and the Key Technologies R & D Program of Shaanxi Province (2013k0611).
文摘The information rate is an important metric of the performance of a secret-sharing scheme. In this paper we consider 272 non-isomorphic connected graph access structures with nine vertices and eight or nine edges, and either determine or bound the optimal information rate in each case. We obtain exact values for the optimal information rate for 231 cases and present a method that is able to derive information-theoretical upper bounds on the optimal information rate. Moreover, we apply some of the constructions to determine lower bounds on the information rate. Regarding information rate, we conclude with a full listing of the known optimal information rate (or bounds on the optimal information rate) for all 272 graphs access structures of nine participants.
基金the National Natural Science Foundation of China(No.60374066)
文摘For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares.The generation and distribution of private key shares,the encryption,the decryption and the combination are introduced in detail.The validity and security of the scheme are proved and analyzed.Comparisons with the existing schemes show that the proposed scheme is more flexible.
基金Supported by the National Natural Science Foundation of China (11271237)
文摘In this paper, we propose a novel space efficient secret sharing scheme on the basis of minimal linear codes, which satisfies the definition of a computationally efficient secret sharing scheme. In the scheme, we partition the underlying minimal linear code into disjoint classes, establishing a one-to-one correspondence between the minimal authorized subsets of participants and the representative codewords of all different classes. Each participant, with only one short share transmitted through a public channel, can share a large secret. Therefore, the proposed scheme can distribute a large secret in practical applications such as secure information dispersal in sensor networks and secure multiparty computation.