Paper 2020/725

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model

Gianluca Brian, Antonio Faonio, Maciej Obremski, Mark Simkin, and Daniele Venturi

Abstract

Secret sharing enables a dealer to split a secret into a set of shares, in such a way that certain authorized subsets of share holders can reconstruct the secret, whereas all unauthorized subsets cannot. Non-malleable secret sharing (Goyal and Kumar, STOC 2018) additionally requires that, even if the shares have been tampered with, the reconstructed secret is either the original or a completely unrelated one. In this work, we construct non-malleable secret sharing tolerating $p$-time {\em joint-tampering} attacks in the plain model (in the computational setting), where the latter means that, for any $p>0$ fixed {\em a priori}, the attacker can tamper with the same target secret sharing up to $p$ times. In particular, assuming one-to-one one-way functions, we obtain: - A secret sharing scheme for threshold access structures which tolerates joint $p$-time tampering with subsets of the shares of maximal size ({\em i.e.}, matching the privacy threshold of the scheme). This holds in a model where the attacker commits to a partition of the shares into non-overlapping subsets, and keeps tampering jointly with the shares within such a partition (so-called {\em selective partitioning}). - A secret sharing scheme for general access structures which tolerates joint $p$-time tampering with subsets of the shares of size $O(\sqrt{\log n})$, where $n$ is the number of parties. This holds in a stronger model where the attacker is allowed to adaptively change the partition within each tampering query, under the restriction that once a subset of the shares has been tampered with jointly, that subset is always either tampered jointly or not modified by other tampering queries (so-called {\em semi-adaptive partitioning}). At the heart of our result for selective partitioning lies a new technique showing that every one-time {\em statistically} non-malleable secret sharing against joint tampering is in fact {\em leakage-resilient} non-malleable ({\em i.e.},\ the attacker can leak jointly from the shares prior to tampering). We believe this may be of independent interest, and in fact we show it implies lower bounds on the share size and randomness complexity of statistically non-malleable secret sharing against {\em independent} tampering.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in CRYPTO 2020
Keywords
secret sharingnon-malleabilityjoint tampering
Contact author(s)
brian @ di uniroma1 it
History
2020-06-21: last of 2 revisions
2020-06-16: received
See all versions
Short URL
https://ia.cr/2020/725
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/725,
      author = {Gianluca Brian and Antonio Faonio and Maciej Obremski and Mark Simkin and Daniele Venturi},
      title = {Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model},
      howpublished = {Cryptology ePrint Archive, Paper 2020/725},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/725}},
      url = {https://eprint.iacr.org/2020/725}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.