Rational Secret Sharing without Broadcast

Similar documents
Test 2. ECON3161, Game Theory. Tuesday, November 6 th

Review: Our Approach 2. CSC310 Information Theory

Dynamic Optimization. Assignment 1. Sasanka Nagavalli January 29, 2013 Robotics Institute Carnegie Mellon University

A Comparison of Two Equivalent Real Formulations for Complex-Valued Linear Systems Part 2: Results

UNIT 11 TWO-PERSON ZERO-SUM GAMES WITH SADDLE POINT

Secure Transmission of Sensitive data using multiple channels

Adaptive Modulation for Multiple Antenna Channels

PRACTICAL, COMPUTATION EFFICIENT HIGH-ORDER NEURAL NETWORK FOR ROTATION AND SHIFT INVARIANT PATTERN RECOGNITION. Evgeny Artyomov and Orly Yadid-Pecht

Generalized Incomplete Trojan-Type Designs with Unequal Cell Sizes

Understanding the Spike Algorithm

Fall 2018 #11 Games and Nimbers. A. Game. 0.5 seconds, 64 megabytes

Parameter Free Iterative Decoding Metrics for Non-Coherent Orthogonal Modulation

Digital Transmission

Prevention of Sequential Message Loss in CAN Systems

Multi-Robot Map-Merging-Free Connectivity-Based Positioning and Tethering in Unknown Environments

Calculation of the received voltage due to the radiation from multiple co-frequency sources

High Speed, Low Power And Area Efficient Carry-Select Adder

Chapter 1. On-line Choice of On-line Algorithms. Yossi Azar Andrei Z. Broder Mark S. Manasse

Space Time Equalization-space time codes System Model for STCM

Chinese Remainder. Discrete Mathematics Andrei Bulatov

Resource Allocation Optimization for Device-to- Device Communication Underlaying Cellular Networks

RATIONAL SECRET SHARING OVER AN ASYNCHRONOUS BROADCAST CHANNEL WITH INFORMATION THEORETIC SECURITY

Algorithms Airline Scheduling. Airline Scheduling. Design and Analysis of Algorithms Andrei Bulatov

Tile Values of Information in Some Nonzero Sum Games

Asynchronous TDMA ad hoc networks: Scheduling and Performance

Dynamic Lightpath Protection in WDM Mesh Networks under Wavelength Continuity Constraint

Revision of Lecture Twenty-One

The Spectrum Sharing in Cognitive Radio Networks Based on Competitive Price Game

Asynchronous TDMA ad hoc networks: Scheduling and Performance

A study of turbo codes for multilevel modulations in Gaussian and mobile channels

ANNUAL OF NAVIGATION 11/2006

Multiband Jamming Strategies with Minimum Rate Constraints

Joint Power Control and Scheduling for Two-Cell Energy Efficient Broadcasting with Network Coding

Comparative Analysis of Reuse 1 and 3 in Cellular Network Based On SIR Distribution and Rate

IEE Electronics Letters, vol 34, no 17, August 1998, pp ESTIMATING STARTING POINT OF CONDUCTION OF CMOS GATES

Guidelines for CCPR and RMO Bilateral Key Comparisons CCPR Working Group on Key Comparison CCPR-G5 October 10 th, 2014

A TWO-PLAYER MODEL FOR THE SIMULTANEOUS LOCATION OF FRANCHISING SERVICES WITH PREFERENTIAL RIGHTS

1 GSW Multipath Channel Models

problems palette of David Rock and Mary K. Porter 6. A local musician comes to your school to give a performance

Network Reconfiguration in Distribution Systems Using a Modified TS Algorithm

A NSGA-II algorithm to solve a bi-objective optimization of the redundancy allocation problem for series-parallel systems

STATISTICS. is given by. i i. = total frequency, d i. = x i a ANIL TUTORIALS. = total frequency and d i. = total frequency, h = class-size

Distributed Topology Control of Dynamic Networks

Weighted Penalty Model for Content Balancing in CATS

Learning Ensembles of Convolutional Neural Networks

Secure Power Scheduling Auction for Smart Grids Using Homomorphic Encryption

Cooperative Dynamic Game-Based Optimal Power Control in Wireless Sensor Network Powered by RF Energy

Define Y = # of mobiles from M total mobiles that have an adequate link. Measure of average portion of mobiles allocated a link of adequate quality.

Utility-based Routing

EMA. Education Maintenance Allowance (EMA) Financial Details Form 2017/18. student finance wales cyllid myfyrwyr cymru.

TECHNICAL RESEARCH REPORT

A Game Theoretic Approach for Distributed Resource Allocation and Orchestration of Softwarized Networks

Network Theory. EC / EE / IN. for

Analysis of Time Delays in Synchronous and. Asynchronous Control Loops. Bj rn Wittenmark, Ben Bastian, and Johan Nilsson

Distributed Resource Allocation and Scheduling in OFDMA Wireless Networks

On Sensor Fusion in the Presence of Packet-dropping Communication Channels

Fair Coalitions for Power-Aware Routing in Wireless Networks

Full-duplex Relaying for D2D Communication in mmwave based 5G Networks

Localization in mobile networks via virtual convex hulls

Distributed Channel Allocation Algorithm with Power Control

TECHNICAL NOTE TERMINATION FOR POINT- TO-POINT SYSTEMS TN TERMINATON FOR POINT-TO-POINT SYSTEMS. Zo = L C. ω - angular frequency = 2πf

Performance Analysis of Multi User MIMO System with Block-Diagonalization Precoding Scheme

Least-Latency Routing over Time-Dependent Wireless Sensor Networks

MTBF PREDICTION REPORT

Throughput Maximization by Adaptive Threshold Adjustment for AMC Systems

Uncertainty in measurements of power and energy on power networks

N( E) ( ) That is, if the outcomes in sample space S are equally likely, then ( )

Spectrum Auction Framework for Access Allocation in Cognitive Radio Networks

An Application-Aware Spectrum Sharing Approach for Commercial Use of 3.5 GHz Spectrum

An Attack-Defense Game Theoretic Analysis of Multi-Band Wireless Covert Timing Networks

NATIONAL RADIO ASTRONOMY OBSERVATORY Green Bank, West Virginia SPECTRAL PROCESSOR MEMO NO. 25. MEMORANDUM February 13, 1985

Distributed Relay Selection and Power Allocation Using Stackelberg and Auction Games in Multi-user Multi-relay Networks

Practical Issues with the Timing Analysis of the Controller Area Network

A Fuzzy-based Routing Strategy for Multihop Cognitive Radio Networks

An Activity Based Mobility Prediction Strategy Using Markov Modeling for Wireless Networks

A Simple Satellite Exclusion Algorithm for Advanced RAIM

The Synthesis of Dependable Communication Networks for Automotive Systems

To: Professor Avitabile Date: February 4, 2003 From: Mechanical Student Subject: Experiment #1 Numerical Methods Using Excel

Electricity Network Reliability Optimization

Jointly optimal transmission and probing strategies for multichannel wireless systems

The Dynamic Utilization of Substation Measurements to Maintain Power System Observability

Priority based Dynamic Multiple Robot Path Planning

Multi-hop Coordination in Gossiping-based Wireless Sensor Networks

Chapter 2 Basics of Efficient Secure Function Evaluation

Rejection of PSK Interference in DS-SS/PSK System Using Adaptive Transversal Filter with Conditional Response Recalculation

Enhancing Throughput in Wireless Multi-Hop Network with Multiple Packet Reception

Estimating Mean Time to Failure in Digital Systems Using Manufacturing Defective Part Level

Network-Hiding Communication and Applications to Multi-Party Protocols

Figure 1. DC-DC Boost Converter

Subcarrier allocation for OFDMA wireless channels using lagrangian relaxation methods

Selective Sensing and Transmission for Multi-Channel Cognitive Radio Networks

MASTER TIMING AND TOF MODULE-

Chaotic Filter Bank for Computer Cryptography

aperture David Makovoz, 30/01/2006 Version 1.0 Table of Contents

NETWORK 2001 Transportation Planning Under Multiple Objectives

Uplink User Selection Scheme for Multiuser MIMO Systems in a Multicell Environment

Optimizing Transmission Lengths for Limited Feedback with Non-Binary LDPC Examples

arxiv: v1 [cs.it] 30 Sep 2008

Control Chart. Control Chart - history. Process in control. Developed in 1920 s. By Dr. Walter A. Shewhart

Cooperative perimeter surveillance with a team of mobile robots under communication constraints

Transcription:

Ratonal Secret Sharng wthout Broadcast Amjed Shareef, Department of Computer Scence and Engneerng, Indan Insttute of Technology Madras, Chenna, Inda. Emal: amjedshareef@gmal.com Abstract We use the concept of ratonal secret sharng, whch was ntally ntroduced by Halpern and Teague [], where players preferences are that they prefer to learn the secret than not, and moreover they prefer that as few others learn the secret as possble. Ths paper s an attempt to ntroduce a ratonal secret sharng scheme whch defers from prevous RSS schemes n that ths scheme does not rely on broadcast to send messages but nstead uses pont to pont transmssons. Not only that, but the protocol wll not rely on any cryptographc prmtves and s coalton reslent except for when the short player colludes wth a long player. 1 Introducton 1.1 Background The noton of secret sharng was ntroduced by Shamr [5]. Hs scheme was based upon the fact that t requres m unque ponts n order to defne a polynomal of degree (m 1). Accordng to the scheme, a dealer generates a random polynomal, f, of degree (m 1) such that f(0) = s, where s s the secret to be shared. Then he generates n ponts on the polynomal and dstrbutes the couplet (x, f(x )) to every player. If any m players come together, they wll be able to regenerate the polynomal va Lagrange s nterpolaton and hence wll be able to obtan the secret. Secret sharng s n essence the ablty of several partes to work together to reconstruct a secret usng nformaton about the secret avalable wth them. Untl recently, the players nvolved n secret sharng were only looked upon as beng ether totally honest or arbtrarly malcous. Wth the help of game theory, we are able to vew the players n a dfferent lght, whch more closely resembles human behavour. In the case of ratonal secret sharng, players wll behave n a way whch maxmzes ther proft. Ths s modelled va a utlty functon whose nput s the set of actons of the player and the other players, and whose output s the expected gan for that player. Halpern and Teague [] ntroduced ths problem wth ther semnal paper on ratonal secret sharng. 1. Related Work and Contrbuton Prevous work done ncludes a protocol presented by Kol and Naor [4] usng a smultaneous broadcast channel to share a secret among the players. The other protocol by Kol and Naor [3] solves the same problem and s also coalton reslent, but requres cryptographc prmtves. The protocol by Fuchsbauer et. al. [1] solves the ratonal secret sharng problem, whle usng smultaneous pont to pont channels, assumng the use of cryptographc prmtves. However, there s a drawback to protocols whch use a broadcast channel. The problem s that t s dffcult to smulate a broadcast channel among ratonal players because of ther ratonal behavour and nclnatons. So then, n order to overcome these dffcultes, we must look to a new method to spread the messages nstead of a broadcast channel. Such a method would be to have players send messages ndvdually to each other, n a pont to pont manner. Ths was done by Fuchsbauer et. al. [1], but they used cryptographc prmtves. The use of cryptographc prmtves provdes qute a bt of overhead and also brngs n the problem of backward nducton. Hence an nterestng queston arses, that of whether t s possble to come up wth a ratonal secret sharng protocol wthout havng to smulate a broadcast channel and wthout usng cryptographc prmtves. Our man contrbuton s n essence an affrmatve answer to ths queston n the form of a protocol for ratonal secret sharng problem, whch uses smultaneous pont to pont channels and whch does not use cryptographc prmtves. 1

As an extenson to our work, solutons to ratonal multparty computaton problems, usng smultaneous pont to pont channels, can be attempted usng our soluton as a bass. 1.3 Assumptons on the Utltes We assume that the player wshes to learn the secret than not learn t and he also wshyes that as few others learn t as possble. We extend ths assumpton to coaltons of players as well such that any coalton wshes to learn the secret and wshes that as few other players learn the secret as possble. Let α be the upper bound on the probablty that a coalton CɛC can guess the rght value n advance. Let β be the upper bound on the probablty that the current teraton s defntve. It s used as the parameter to the geometrc dstrbuton from whch share szes are chosen. In order to upper bound α and β, we use two values α 0 and β 0 respectvely, the computatons of whch wll be dscussed n the next secton. The Protocol.1 Establshng the Communcaton Lnks The number of players partcpatng n the secret constructon can vary from tme to tme. But the mnmum number of shares requred to construct the secret s constant. We consder the case where all the players come together to compute the secret. In ths case, every ratonal player does not want to send hs share to all the players. Provng that the strategy, sendng share to all the players, s domnant, s dffcult due to the possble collusons of the players. So we adopt a dfferent approach where every player sends hs share to at most m 1 other players. Ths s communcaton effcent. Hence the ntrnsc complexty of the soluton depends on the queston, s t always possble for every player to send hs share to m 1 players and receve m 1 other players shares? We answer ths queston va the followng lemma, whch says that f n(m 1) s even, then every player can be n communcaton wth the other m 1 players. We show such a constructon by regular graphs. Consder an undrected graph G(V, E) whch represents the game. Let V denote the set of players (V = {p 1,..., p n }) and E denote the sharng relatonshp between two players. If there s an edge between vertces p and p j, that s (p, p j ) E, then p sends hs share to p j and p j sends hs share to p. In ths way, every vertex belongng to V should have a degree of (m 1) to get the secret(as every player needs (m 1) other shares). Thus, the problem s reduced to that of formng an (m 1)-regular graph (every node has a degree (m 1)) wth n vertces). We present such a graph constructon when n (m 1) s even. Lemma 1 Wth n vertces, formng an (m 1)-regular graph s possble, f n (m 1) s even. Proof: We can analyse the constructon of the graph n two cases. In both the cases, we show that every vertex v s connected to the other m 1 vertces. Case 1: (m 1) s even. {p (+j)mod n ; j = 1,... m 1 } {p ( j)mod n; j = 1,... m 1 } Case : (m 1) s odd and n s even {p (+j)mod n ; j = 1,... m } {p ( j)mod n; j = 1,... m } p (+ n )mod n Corollary 1 If n (m 1) s odd, then formng an m-regular graph wth n vertces s possble as n m s even. Suppose that n = 5 and m = 3. We cannot form a coalton of three players leavng out the other two players, as shown n fg-1. But we can form a sngle coalton by means of a -regular graph wth 5 vertces as shown n fg-, thereby ensurng that every player gets the secret.

1 1 3 3 5 4 5 4 (fg-1) (fg-) Fgure 1: Example llustratng sngle coalton formaton when n = 5, m = 3. Communcaton Set Constructon Protocol In our protocol, every player p sends hs share to only a few players and lkewse receves the set of shares from only a few players. A player p dynamcally decdes to whch players he has to send hs share (also receve) dependng on the number of players. The communcaton set for a player p, CS, contans the denttes of the players for whch the player p should send hs share to, and receve from also. When n(m 1) s even, a player p s communcaton set, CS, sze s of m 1. If n(m 1) s odd, then the sze of communcaton setof player p, CS s m,.e. player p, sends hs share to m other players. Note that f n = m, then n (m 1) s even, so t wll not create any problems as CS = m 1. The player p constructs the communcaton setas follows. If n(m 1) s even: If (m 1) s even. 1. Add players {p (+j) mod n ; j = 1,... m 1 }. Add players {p ( j) mod n ; j = 1,... m 1 } If (m 1) s odd. 1. Add players {p (+j) mod n ; j = 1,... m }. Add players {p (+j) mod n ; j = 1,... m } 3. Add player p (+ n ) mod n If n(m 1) s odd: 1. Add players {p (+j) mod n ; j = 1,... m }. Add players {p ( j) mod n ; j = 1,... m } Table 1: Player p s Communcaton Set Constructon protocol.3 Calculatng α 0 and β 0.3.1 Calculatng α 0 The dervaton of the value of α 0 s the same as that n the paper by Kol and Naor [3]. α 0 = α C 0 = mn ɛc{ U U U + U }.3. Calculatng β 0 As wth α 0, β 0 can be taken from Kol and Naor s paper [3]. β 0 = β0 C = mn CɛC{mn ɛc { U U guess,c }} U + U guess,c 3

.4 The Dealer s Share Assgnment Algorthm Each player s assgned a share whch decdes what values he wll broadcast. The sze of the share s determned by the number of cells. Out of n shares, n 1 of them are of sze L = l + d 1 and one s of sze l 1, where l and d are chosen usng G(β). Each share conssts of several cells whch, n turn, consst of stages, a short mask, a long mask, a masked secret, a boolean ndcator and authentcaton nformaton. Dealer(y,β) G(β) s a geometrc dstrbuton wth parameter β. Let F = GF (p) for p Y and the element of the secret s dentfed wth an element of F. Create the lst of possble secrets Choose l, d from G(β). The two possble lst lengths are l 1 and L = l + d 1,.e. the number of possble secrets. The number of the defntve teraton s denoted by l. Fll the lst L wth random elements such that the l th element s y. Create Shares The dealer creates n vectors, among whch one lst length s l 1 and the rest of the lst lengths are L = l + d 1. Each cell k 1, conssts of the data whch s used n the k th teraton of reconstructon protocol. Every cell conssts of the followng elements: Short Mask: We use ths short mask set when n(m 1) s even. The mask represents an m-out-of-n secret share. The share conssts of randomly chosen elements of F. Ths mask s used to unvel the secret n the next teraton, when n(m 1) s even. Long Mask: We use ths long mask set when n(m 1) s odd. The mask represents an (m + 1)-out-of-n secret share. The share conssts of randomly chosen elements of F. Ths mask s used to unvel the secret n the next teraton, when n(m 1) s odd. Masked Secret: It s an element from F. The mask (ether short mask or long mask) s obtaned by takng the nterpolaton of the prevous round mask shares. The actual secret s obtaned by summng the masked secret and the prevous teraton s mask and the actual secret can be obtaned (f the current teraton s defntve). Indcator: It s an m-out-of-n secret share, after combnng the secret we can get the actual boolean value whch ndcates whether the next teraton s defntve or not. Authentcaton nformaton: It contans a tag and hash functons. The tag s used to prove the authentcty of the prevous elements n the cell. Wth ths tag other players can verfy the correctness of the message you sent. Hash functons are used to verfy the correctness of the messages sent by the other players, wth probablty at least 1 β. The cell 0, added at the begnnng of the vector, consttutes an m-out-of-n Shamr share of mask, and (m + 1)-out-of-n Shamr share of mask, whch are gong to be used n the frst teraton, and authentcaton nformaton for t and to check other players values. Assgn shares Randomly assgn shares to all the players. Table : The dealer s share assgnment algorthm.5 Secret Reconstructon Protocol We present the player p s reconstructon protocol. Ths s smlar to Kol and Naor s protocol [4]. The changes we made n the algorthm are emphassed n bold. Every player p sends hs share to the set CS that he constructed durng the Communcaton Set Constructon protocol..6 Theorem Theorem 1 Let m n, Y be a fnte set of secrets, and dealer be an algorthm assgnng m-out-of-n shares. Assume that α < α 0 and β < β 0. The protocol s a ratonal m-out-of-n secret sharng scheme for Y wth runnng tme O(1/β ) and number of teratons O(1/β). 4

Player (share) Set secret revealed FALSE and Cheater detected FALSE Repeat untl secret revealed TRUE or Cheater detected TRUE If your share ended: Keep slent. If someone has sent share, secret revealed TRUE. If your share dd not end: stage of ths teraton. If ths s not the last stage: use the correspondng cell of share to check whether ths s the last Keep slent. If someone has sent share, secret revealed TRUE. If ths s the last stage: Send the the masked secret to CS, tag, and shares of the random mask (short mask f n (m 1) s even, and long mask f n (m 1) s odd) and ndcator, as they appear n the correspondng cell of share. If more than a sngle player dd not send the share, or f some of the messages do not pass the authentcty check (the tags and hash functons do not match), cheater detected TRUE. If Out of CS, all but a sngle player send share, or f the reconstructed ndcator shows that the teraton s defntve, secret revealed TRUE. Let the Masked secret be MS Leave the game: Qut and output the current possble secret (obtaned by subtractng the mask reconstructed usng the shares receved n the prevous teraton from the Masked secret, MS, constructed after defntve teraton). Table 3: Player p s reconstructon protocol Proof: If everyone follows the protocol, then wth probablty 1 they wll get the secret. Snce the probablty that a gven teraton s the defntve teraton s β, the number of teratons requred to get the secret s O(1/β). Gven that each teraton conssts of several stages, also determned by the parameter β, we can easly see that the runnng tme of the protocol s O(1/β ). In order for ths protocol to be a ratonal m-out-of-n secret sharng scheme, players should have an ncentve to not devate. Ths ncentve can be created va a functon of ther utltes. The dea s that the players should gan more from followng the protocol than from devatng. The same holds true for coaltons. The utlty of a player when followng the protocol s U. Let U + be the utlty of a player who successfully guesses the secret. Let U guess,c be the utlty of a player belongng to coalton C when the coalton does not partcpate n the protocol and nstead tres to guess the secret. We can provde an ncentve for players to follow the protocol so long as the followng nequalty holds true for every player, belongng to a coalton C. β.u + β.(u + U guess,c β < U U guess,c + (1 β).u guess,c U + guess,c U < U ) < U U guess,c As we can see, t suffces to requre β < β 0 for β 0 = mn CɛC {mn ɛc { U U guess,c of coaltons of sze at most m 1. 3 Concluson and Open Problems U + U guess,c }} where C m 1 s the set We have successfully presented the protocol for ratonal secret sharng wth smultaneous pont to pont channels, wthout usng cryptographc prmtves. It shows a way to come up wth the solutons to the 5

ratonal multparty computaton problems, whch are nformaton theoretcally secure. Our protocol s colluson free, except when the short player colludes wth any long player. An nterestng queston that arses s f t s possble to fnd a soluton to ratonal secret sharng usng pont to pont non-smultaneous channels. Acknowledgement: The authors would lke to acknowledge Wllam Kumar Moses, Jr., for hs nsghtful remarks on theorem. References [1] Georg Fuchsbauer, Jonathan Katz, and Davd Naccache. Effcent ratonal secret sharng n standard communcaton networks. To appear n TCC 10. [] Joseph Halpern and Vanessa Teague. Ratonal secret sharng and multparty computaton: extended abstract. In STOC 04: Proceedngs of the thrty-sxth annual ACM symposum on Theory of computng, pages 63 63, New York, NY, USA, 004. ACM. [3] Gllat Kol and Mon Naor. Cryptography and game theory: Desgnng protocols for exchangng nformaton. In TCC 08, pages 30 339, 008. [4] Gllat Kol and Mon Naor. Games for exchangng nformaton. In STOC 08: Proceedngs of the 40th annual ACM symposum on Theory of computng, pages 43 43, New York, NY, USA, 008. ACM. [5] A. Shamr. How to share a secret. Commun. ACM, :61 613, 1979. 6

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback