Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model

August 28, 2020

Secret sharing schemes enables a dealer to split a secret into a set of shares, in such a way that certain authorized subsets of shareholders can reconstruct the secret, whereas all unauthorized subsets cannot.

Non-malleable secret sharing schemes (Goyal and Kumar, STOC 2018) additionally require that if the shares have been maliciously modified then the reconstructed secret is completely unrelated one.

The researchers Gianlunca Brian (Sapienza, University of Rome), Antonio Faonio (IMDEA Software Institute), Maciej Obremski (National University of Singapore), Mark Simkin (Aarhus University), Daniele Venturi (Sapienza, University of Rome) have worked jointly to create “Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model” paper that was accepted at Crypto 2020.

In their work, they construct non-malleable secret sharing schemes secure against attackers that can maliciously modify the shares more than once in the so-called joint-tampering model.

In particular, assuming one-to-one one-way functions, they obtain:

– A threshold secret sharing scheme secure under attacks where the attacker commits to a partition of the shares, and keeps tampering jointly with the shares within such a partition (so-called selective partitioning).

– A secret sharing scheme for general access structures which tolerates joint tampering with subsets of the shares of size O(√log n), where n is the number of parties. The scheme is secure even if the attacker is allowed to adaptively change the partitions (so-called semi-adaptive partitioning).

Their research lies a new technique showing that every one-time statistically non-malleable secret sharing against joint tampering is in fact leakage-resilient non-malleable (i.e., the attacker can leak jointly from the shares prior to tampering). This may be of independent interest, and in fact they show it implies lower bounds on the share size and randomness complexity of statistically nonmalleable secret sharing against independent tampering.

Pic