Skip to main content
SpringerLink
Log in

Continuously Non-malleable Secret Sharing: Joint Tampering, Plain Model and Capacity

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13043))

Included in the following conference series:

Abstract

We study non-malleable secret sharing against joint leakage and joint tampering attacks. Our main result is the first threshold secret sharing scheme in the plain model achieving resilience to noisy-leakage and continuous tampering. The above holds under (necessary) minimal computational assumptions (i.e., the existence of one-to-one one-way functions), and in a model where the adversary commits to a fixed partition of all the shares into non-overlapping subsets of at most \(t-1\) shares (where t is the reconstruction threshold), and subsequently jointly leaks from and tampers with the shares within each partition.

We also study the capacity (i.e., the maximum achievable asymptotic information rate) of continuously non-malleable secret sharing against joint continuous tampering attacks. In particular, we prove that whenever the attacker can tamper jointly with \(k > t/2\) shares, the capacity is at most \(t - k\). The rate of our construction matches this upper bound.

An important corollary of our results is the first non-malleable secret sharing scheme against independent tampering attacks breaking the rate-one barrier (under the same computational assumptions as above).

The first and last author acknowledge support by Sapienza University under the grant SPECTRA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The only (necessary) restriction is that the experiment self-destructs after the first tampering query yielding an invalid secret sharing.

  2. 2.

    In this setting, once a subset of shares has been tampered with jointly, that subset is always either tampered jointly or not modified by future tampering queries.

  3. 3.

    i.e., one-joint leakage and tampering attacks.

  4. 4.

    In the hybrid experiment, one also needs to adjust the reconstruction algorithm so that an attacker cannot distinguish between the hybrid and the original experiment by mauling \(\sigma _1,\sigma _2\) without changing the underlying shared value. In the description, we omit these details to simplify the exposition.

  5. 5.

    Actually, Goyal et al. prove security in the more general setting of \(t\)-cover-free tampering, in which, intuitively, the subsets of the partition of the shares may overlap.

  6. 6.

    Note that in case the tampered commitments within one of the subsets \(\mathcal {B} _i\) are not equal, the reduction can immediately self-destruct.

  7. 7.

    Note that in case the tampered ciphertexts within one of the subsets \(\mathcal {B} _i\) are not equal, the reduction can immediately self-destruct.

  8. 8.

    They require that the leakage on the i-th share does not drop the conditional average min-entropy of the share i conditioned on all other shares \(j\ne i\) by too much. This additional requirement makes their rate compiler incompatible with the non-malleable secret sharing scheme by Brian, Faonio, Obremski, Simkin and Venturi [6] which does not satisfy this property.

  9. 9.

    Goyal and Kumar [18] originally gave a simulation-based definition of non-malleability (for the case of one-time tampering). It is folklore that this flavor of non-malleability can be shown to be equivalent to the indistinguishability-based notion we define (even in the setting of continuous tampering), so long as the message length is super-logarithmic in the security parameter.

  10. 10.

    It is always possible to modify the reconstruction algorithm \(\mathsf {Rec}\) so that, upon input more than \(t\) shares, say \(\sigma _{i_1}, \ldots , \sigma _{i_t}, \ldots \), with \(i_1< i_2< \ldots< i_t< \ldots \), it only considers the first \(t\) shares \(\sigma _{i_1}, \ldots , \sigma _{i_t}\) in order to reconstruct the message.

  11. 11.

    For the information dispersal, it suffices to define \(\mathsf {IDisp}(\mu ) := (\mu , \ldots , \mu )\) (i.e., the same message repeated \(n\) times) and \(\mathsf {IRec}(\mu ) := \mu \).

  12. 12.

    For the sake of simplicity, assume \(t\) even. When \(t\) is odd, we obtain \(t^* = (t- 1)/2\).

References

  1. Aggarwal, D., et al.: Stronger leakage-resilient and non-malleable secret sharing schemes for general access structures. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 510–539. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_18

    Chapter  Google Scholar 

  2. Badrinarayanan, S., Srinivasan, A.: Revisiting non-malleable secret sharing. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 593–622. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_20

    Chapter  Google Scholar 

  3. Ball, M., Chattopadhyay, E., Liao, J.J., Malkin, T., Tan, L.Y.: Non-malleability against polynomial tampering. Cryptology ePrint Archive, Report 2020/147 (2020). https://ia.cr/2020/147

  4. Ball, M., Guo, S., Wichs, D.: Non-malleable codes for decision trees. In: CRYPTO 2019, Part I, pp. 413–434 (2019)

    Google Scholar 

  5. Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of AFIPS 1979 National Computer Conference, pp. 313–317 (1979)

    Google Scholar 

  6. Brian, G., Faonio, A., Obremski, M., Simkin, M., Venturi, D.: Non-malleable secret sharing against bounded joint-tampering attacks in the plain model. In: CRYPTO 2020, Part III, pp. 127–155 (2020)

    Google Scholar 

  7. Brian, G., Faonio, A., Venturi, D.: Continuously non-malleable secret sharing for general access structures. In: TCC 2019, Part II, pp. 211–232 (2019)

    Google Scholar 

  8. Brian, G., Faonio, A., Venturi, D.: Continuously non-malleable secret sharing: joint tampering, plain model and capacity. Cryptology ePrint Archive, Report 2021/1128 (2021). https://ia.cr/2021/1128

  9. Chattopadhyay, E., Goodman, J., Goyal, V., Li, X.: Leakage-resilient extractors and secret-sharing against bounded collusion protocols. Cryptology ePrint Archive, Report 2020/478 (2020). https://ia.cr/2020/478

  10. Chattopadhyay, E., Li, X.: Non-malleable codes, extractors and secret sharing for interleaved tampering and composition of tampering. Cryptology ePrint Archive, Report 2018/1069 (2018). https://ia.cr/2018/1069

  11. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. Cryptology ePrint Archive, Report 2003/235 (2003). http://ia.cr/2003/235

  12. Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: 23rd ACM STOC, pp. 542–552 (1991)

    Google Scholar 

  13. Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 2, 391–437 (2000)

    Article  MathSciNet  Google Scholar 

  14. Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: ICS 2010, pp. 434–452 (2010)

    Google Scholar 

  15. Faonio, A., Venturi, D.: Non-malleable secret sharing in the computational setting: adaptive tampering, noisy-leakage resilience, and improved rate. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 448–479. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_16

    Chapter  MATH  Google Scholar 

  16. Faust, S., Mukherjee, P., Nielsen, J.B., Venturi, D.: Continuous non-malleable codes. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 465–488. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_20

    Chapter  Google Scholar 

  17. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: 19th ACM STOC, pp. 218–229 (1987)

    Google Scholar 

  18. Goyal, V., Kumar, A.: Non-malleable secret sharing. In: 50th ACM STOC, pp. 685–698 (2018)

    Google Scholar 

  19. Goyal, V., Kumar, A.: Non-malleable secret sharing for general access structures. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 501–530. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_17

    Chapter  Google Scholar 

  20. Goyal, V., Srinivasan, A., Zhu, C.: Multi-source non-malleable extractors and applications. IACR Cryptology ePrint Archive 2020/157 (2020). https://ia.cr/2020/157

  21. Krawczyk, H.: Secret sharing made short. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 136–146. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_12

    Chapter  Google Scholar 

  22. Kumar, A., Meka, R., Sahai, A.: Leakage-resilient secret sharing against colluding parties. In: 60th FOCS, pp. 636–660 (2019)

    Google Scholar 

  23. Kumar, A., Meka, R., Zuckerman, D.: Bounded collusion protocols, cylinder-intersection extractors and leakage-resilient secret sharing. Cryptology ePrint Archive, Report 2020/473 (2020). https://ia.cr/2020/473

  24. Lin, F., Cheraghchi, M., Guruswami, V., Safavi-Naini, R., Wang, H.: Leakage-resilient non-malleable secret sharing in non-compartmentalized models. CoRR abs/1902.06195 (2019). http://arxiv.org/abs/1902.06195

  25. Nielsen, J.B., Simkin, M.: Lower bounds for leakage-resilient secret sharing. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 556–577. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_20

    Chapter  Google Scholar 

  26. Ostrovsky, R., Persiano, G., Venturi, D., Visconti, I.: Continuously non-malleable codes in the split-state model from minimal assumptions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 608–639. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_21

    Chapter  MATH  Google Scholar 

  27. Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989). https://doi.org/10.1145/62044.62050

  28. Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 11, 612–613 (1979)

    MathSciNet  MATH  Google Scholar 

  29. Srinivasan, A., Vasudevan, P.N.: Leakage resilient secret sharing and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 480–509. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_17

    Chapter  Google Scholar 

Download references

Acknowledgments

We thank Mark Simkin and Maciej Obremski for their valuable comments.

Author information

Authors and Affiliations

  1. Sapienza University of Rome, Rome, Italy

    Gianluca Brian & Daniele Venturi

  2. EURECOM, Biot, France

    Antonio Faonio

Authors
  1. Gianluca Brian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Faonio
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniele Venturi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gianluca Brian .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brian, G., Faonio, A., Venturi, D. (2021). Continuously Non-malleable Secret Sharing: Joint Tampering, Plain Model and Capacity. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13043. Springer, Cham. https://doi.org/10.1007/978-3-030-90453-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90453-1_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90452-4

  • Online ISBN: 978-3-030-90453-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation