1 / 33

Secret Swarm Unit Reactive k-Secret Sharing

Secret Swarm Unit Reactive k-Secret Sharing. INDOCRYPT 2007 Shlomi Dolev 1 , Limor Lahiani 1 , Moti Yung 2 Department of Computer Science 1 Ben-Gurion University , Israel 2 Columbia University, NYC. Talk Outline. Introduction & motivation The problem Swarm settings

taima
Download Presentation

Secret Swarm Unit Reactive k-Secret Sharing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev1, Limor Lahiani1, Moti Yung2 Department of Computer Science 1 Ben-Gurion University , Israel 2 Columbia University, NYC

  2. Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  3. Intro: What is a Swarm A collection of processors collaborating on a mission Processors / RFIDs Mobile sensors UAVs

  4. Intro: Swarm Motivation • Robustness • Fault tolerance • Security

  5. Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  6. Swarm’s Global Secret Distributed secret shares

  7. Swarm’s Global Secret p Distributed secret shares

  8. The Problem Can members modify the global secret without knowing the secret before and after the change and with no internal communication? THINK AGAIN!

  9. Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  10. Swarm Settings (1) n swarm members Distributed secret shares Any less thank k cannot reveal At least k to reveal (p) Compromising adversary Listening (no sending) Compromise at most f < k Corruptive adversary Listening (no sending) Corrupt at most f < k

  11. Swarm Settings (2) No internal communication Avoided/safe area Simultaneous external input Controller Event observed/sensed X X X X

  12. Swarm Settings (3) Swarm input actions • regainConsistencyRequest() • regainConsistencyReply() • step() • joinRequest() • set() • joinReply()

  13. Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  14. Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  15. Our Polynomial Based SolutionShamir’s (k,n)-threshold scheme Secret: Globl counter GC p(x) = a0+a1x+a2x2+…+akxk a1..ak are random Secret: a0 = GC Secret distribution n distinct points: (xi,p(xi)), xi 0 GC = p(0) Any k points reveals the secret No less than k reveals it

  16. Our Polynomial Based counter Increment counter: GC  GC+δ p(x) = GC+a1x+a2x2+…+akxk q(x) = p(x) + δ q(x) is defined by xi,p(xi)+δ Multiply : Gc  GC·μ p(x) = GC+a1x+a2x2+…+ akxk q(x) = p(x)·μ q(x) is defined by xi,p(xi)·μ

  17. Our Polynomial based solutionSwarm input: set • set(xi,p(xi))

  18. Our Polynomial based solutionSwarm input: step • step()  xi, p(xi) xi, p(xi)+ And the same for multiplication by μ

  19. Our Polynomial based solutioninput: regain consistency request • regainConsistencyReq() • leader xi, p(xi)

  20. Our Polynomial based solutioninput: regain consistency request • leader

  21. Our Polynomial based solutioninput: regain consistency reply xi, p(xi) • leader

  22. Our Polynomial based solutioninput: join request & reply joinReq() joinReply()

  23. Our Polynomial Based Solution(Corruptive Adversary) Berlekamp-Welch Polynomial p(x) of degree k k+r points e errors Decode p(x) if e  r/2 Polynomial based solution Decode p(x) if f  (n–k–lp)/2 Where lp = num of leaving processes between two regainConsistency ops.

  24. Talk Outline Introduction & motivation The Problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  25. Our Chinese Remainder Based Solution Swarm secret: global counter GC p1 < p2 < … < pk relatively primes Mk = p1p2… pk 0  GC  Mk GC  r1,p1, r2,p2,…, rl ,pk [CRT] ri = GC mod pi GC  r1, r2,…,rk Secret share ri, pi, ri = GC mod pi

  26. Swarm Input pixi , ri  p(xi) • regainConsistencyRequest() • regainConsistencyReply() • step() • joinRequest() • set() • joinReply()

  27. Our Chinese RemainderBased Solution(Corruptive adversary) Mandelbaum p1 < p2 <…< pk <…< pk+r , relatively primes Mk = p1p2… pk 0  GC  Mk e errors Detect: e  r Correct: e  r/2 Chinese remainder based solution Detect: f  n-k-lp Correct: f  (n-k-lp)/2

  28. Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  29. Virtual I/O Automaton I/O Automaton A Implemented by the swarm Global state (Global secret) Current state of A Replicated at least T  n times Regain consistency ensures: At least T+lp+f replicas of the global state At most T-f-1 replicas of any other state Global output Output with at least T  n replicas Threshold device

  30. Virtual I/O Automaton Secret share Tuple si1,si2,…,sim of candidates At most 1 state is the global state Step() transition step on si1,si2,…,sim and  New tuple of candidates: s’i1,s’i2,…,s’im Output actions oi1,oi2,…,oim At least T replicas of the global output

  31. Talk Outline Introduction & motivation The problem Swarm Settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions

  32. Conclusions polynomial based solution Addition & multiplication Error correcting [Berlekamp-Welch] Chinese remaindering based solution Addition Error correcting [Mandelbaum] Virtual I/O automaton Mask the global state Further results: Vandermonde matrix Support XOR operations

  33. Thank You!

More Related