Scribd Logo
Upload

Welcome to Scribd!

  • 03 Exercises

    Uploaded by

    rares
    6 views2 pages
    This document contains solutions to exercises from a lecture on secret sharing schemes. Solution 3.5 proves that for a secure t-out-of-n secret sharing scheme where shares and messages are strings of bits, each user's share must be at least as long as the message bits. Solution 3.7 describes using a 3-out-of-6 secret sharing scheme to handle a situation where one user acts as two committee members. Solution 3.8 explains that a 6-out-of-9 threshold scheme does not work for the problem, and proposes a leveled secret sharing scheme using 3-out-of-3 and 2-out-of-3 threshold schemes.

    Original Description:

    da

    Original Title

    03-exercises

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains solutions to exercises from a lecture on secret sharing schemes. Solution 3.5 proves that for a secure t-out-of-n secret sharing scheme where shares and messages are strings of bits, each user's share must be at least as long as the message bits. Solution 3.7 describes using a 3-out-of-6 secret sharing scheme to handle a situation where one user acts as two committee members. Solution 3.8 explains that a 6-out-of-9 threshold scheme does not work for the problem, and proposes a leveled secret sharing scheme using 3-out-of-3 and 2-out-of-3 threshold schemes.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    03 Exercises

    Uploaded by

    rares
    This document contains solutions to exercises from a lecture on secret sharing schemes. Solution 3.5 proves that for a secure t-out-of-n secret sharing scheme where shares and messages are strings of bits, each user's share must be at least as long as the message bits. Solution 3.7 describes using a 3-out-of-6 secret sharing scheme to handle a situation where one user acts as two committee members. Solution 3.8 explains that a 6-out-of-9 threshold scheme does not work for the problem, and proposes a leveled secret sharing scheme using 3-out-of-3 and 2-out-of-3 threshold schemes.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    01426 Cryptology 2 Fall 2023

    Lecture 3 — Secret Sharing


    Solutions to selected exercises

    Exercise 3.5
    Consider a t-out-of-n threshold secret sharing scheme with M = {0, 1}` , and where each
    user’s share is also a string of bits. Prove that if the scheme is secure and correct, then
    every user’s share must be at least ` bits long.

    Solution 3.5
    We proceed by proving the contrapositive: that a scheme where some share is shorter
    then ` bit is always insecure. Assume without loss of generality that the share for user 1
    is shorter than `: |s1 | < `. We can then construct a distinguishing adversary of the left
    and right libraries of the security definition in the following manner: First the user picks
    two distinct `-bit messages mL and mR at random. The adversary then asks the library
    for the shares for users 2 to t using those messages. Note that this is an unauthorized
    set. The adversary then proceeds by generating the set of possible messages V : for
    each candidate s01 , the adversary runs the Reconstruct algorithm and adds the resulting
    message to V . If mL is in V , the adversary returns 0, otherwise it returns 1.
    Assuming the scheme is correct, the adversary will always output 0 when linked to
    the left library. When the adversary is linked with the right library though, there exists
    for each mR at least on mL such that the probability of mL being in V is less than 1.
    This is because in any run only |V | = 2|s1 | message candidates are produced while there
    are 2` possible messages.
    Because the adversary chooses the messages mL and mR at random, there is thus a
    non-zero probability that the adversary output 1 when linked with the right library. The
    libraries are therefore not interchangeable and the scheme is therefore not secure.

    Exercise 3.7
    See book.

    Solution 3.7
    There are several possible solutions. For one such solution, we need to observe that Alice
    acts essentially like two committee members in one person. We can therefore create a

    1
    01426 Cryptology 2 Fall 2023

    sharing algorithm for this situation by using a 3-out-of-6 sharing scheme and handing
    two shares to Alice and one share to everyone else.

    Exercise 3.8
    See book.

    Solution 3.8
    Let us first discuss why a 6-out-of-9 threshold secret-sharing scheme does not work. In
    that case it is possible for two complete subcommittees to reconstruct the secret, without
    involving anyone from the third subcommittee.
    For a possible solution, we can observe that each subcommittee needs to contribute
    to the reconstruction of the secret. This could correspond to a 3-out-of-3 threshold
    secret-sharing scheme. In each subcommittee though, a simple majority is enough which
    corresponds thus to a 2-out-of-3 threshold secret sharing scheme. A solution is thus
    a leveled secret-sharing scheme where the secret is first split into three parts using a
    3-out-of-3 TSSS and then each of the three subcommittee shares is shared within the
    subcommittees using 2-out-of-3 TSSS’s.

    You might also like