Create Presentation
Download Presentation

Download Presentation
## Secret Swarm Unit Reactive k-Secret Sharing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Secret Swarm Unit Reactive k-Secret Sharing**INDOCRYPT 2007 Shlomi Dolev1, Limor Lahiani1, Moti Yung2 Department of Computer Science 1 Ben-Gurion University , Israel 2 Columbia University, NYC**Talk Outline**Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Intro: What is a Swarm**A collection of processors collaborating on a mission Processors / RFIDs Mobile sensors UAVs**Intro: Swarm Motivation**• Robustness • Fault tolerance • Security**Talk Outline**Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Swarm’s Global Secret**Distributed secret shares**Swarm’s Global Secret**p Distributed secret shares**The Problem**Can members modify the global secret without knowing the secret before and after the change and with no internal communication? THINK AGAIN!**Talk Outline**Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Swarm Settings (1)**n swarm members Distributed secret shares Any less thank k cannot reveal At least k to reveal (p) Compromising adversary Listening (no sending) Compromise at most f < k Corruptive adversary Listening (no sending) Corrupt at most f < k**Swarm Settings (2)**No internal communication Avoided/safe area Simultaneous external input Controller Event observed/sensed X X X X**Swarm Settings (3)**Swarm input actions • regainConsistencyRequest() • regainConsistencyReply() • step() • joinRequest() • set() • joinReply()**Talk Outline**Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Talk Outline**Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Our Polynomial Based SolutionShamir’s (k,n)-threshold**scheme Secret: Globl counter GC p(x) = a0+a1x+a2x2+…+akxk a1..ak are random Secret: a0 = GC Secret distribution n distinct points: (xi,p(xi)), xi 0 GC = p(0) Any k points reveals the secret No less than k reveals it**Our Polynomial Based counter**Increment counter: GC GC+δ p(x) = GC+a1x+a2x2+…+akxk q(x) = p(x) + δ q(x) is defined by xi,p(xi)+δ Multiply : Gc GC·μ p(x) = GC+a1x+a2x2+…+ akxk q(x) = p(x)·μ q(x) is defined by xi,p(xi)·μ**Our Polynomial based solutionSwarm input: set**• set(xi,p(xi))**Our Polynomial based solutionSwarm input: step**• step() xi, p(xi) xi, p(xi)+ And the same for multiplication by μ**Our Polynomial based solutioninput: regain consistency**request • regainConsistencyReq() • leader xi, p(xi)**Our Polynomial based solutioninput: regain consistency**request • leader**Our Polynomial based solutioninput: regain consistency reply**xi, p(xi) • leader**Our Polynomial based solutioninput: join request & reply**joinReq() joinReply()**Our Polynomial Based Solution(Corruptive Adversary)**Berlekamp-Welch Polynomial p(x) of degree k k+r points e errors Decode p(x) if e r/2 Polynomial based solution Decode p(x) if f (n–k–lp)/2 Where lp = num of leaving processes between two regainConsistency ops.**Talk Outline**Introduction & motivation The Problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Our Chinese Remainder Based Solution**Swarm secret: global counter GC p1 < p2 < … < pk relatively primes Mk = p1p2… pk 0 GC Mk GC r1,p1, r2,p2,…, rl ,pk [CRT] ri = GC mod pi GC r1, r2,…,rk Secret share ri, pi, ri = GC mod pi**Swarm Input**pixi , ri p(xi) • regainConsistencyRequest() • regainConsistencyReply() • step() • joinRequest() • set() • joinReply()**Our Chinese RemainderBased Solution(Corruptive adversary)**Mandelbaum p1 < p2 <…< pk <…< pk+r , relatively primes Mk = p1p2… pk 0 GC Mk e errors Detect: e r Correct: e r/2 Chinese remainder based solution Detect: f n-k-lp Correct: f (n-k-lp)/2**Talk Outline**Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Virtual I/O Automaton**I/O Automaton A Implemented by the swarm Global state (Global secret) Current state of A Replicated at least T n times Regain consistency ensures: At least T+lp+f replicas of the global state At most T-f-1 replicas of any other state Global output Output with at least T n replicas Threshold device**Virtual I/O Automaton**Secret share Tuple si1,si2,…,sim of candidates At most 1 state is the global state Step() transition step on si1,si2,…,sim and New tuple of candidates: s’i1,s’i2,…,s’im Output actions oi1,oi2,…,oim At least T replicas of the global output**Talk Outline**Introduction & motivation The problem Swarm Settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions**Conclusions**polynomial based solution Addition & multiplication Error correcting [Berlekamp-Welch] Chinese remaindering based solution Addition Error correcting [Mandelbaum] Virtual I/O automaton Mask the global state Further results: Vandermonde matrix Support XOR operations