330 likes | 509 Vues
Secret Swarm Unit Reactive k-Secret Sharing. INDOCRYPT 2007 Shlomi Dolev 1 , Limor Lahiani 1 , Moti Yung 2 Department of Computer Science 1 Ben-Gurion University , Israel 2 Columbia University, NYC. Talk Outline. Introduction & motivation The problem Swarm settings
E N D
Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev1, Limor Lahiani1, Moti Yung2 Department of Computer Science 1 Ben-Gurion University , Israel 2 Columbia University, NYC
Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Intro: What is a Swarm A collection of processors collaborating on a mission Processors / RFIDs Mobile sensors UAVs
Intro: Swarm Motivation • Robustness • Fault tolerance • Security
Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Swarm’s Global Secret Distributed secret shares
Swarm’s Global Secret p Distributed secret shares
The Problem Can members modify the global secret without knowing the secret before and after the change and with no internal communication? THINK AGAIN!
Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Swarm Settings (1) n swarm members Distributed secret shares Any less thank k cannot reveal At least k to reveal (p) Compromising adversary Listening (no sending) Compromise at most f < k Corruptive adversary Listening (no sending) Corrupt at most f < k
Swarm Settings (2) No internal communication Avoided/safe area Simultaneous external input Controller Event observed/sensed X X X X
Swarm Settings (3) Swarm input actions • regainConsistencyRequest() • regainConsistencyReply() • step() • joinRequest() • set() • joinReply()
Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Our Polynomial Based SolutionShamir’s (k,n)-threshold scheme Secret: Globl counter GC p(x) = a0+a1x+a2x2+…+akxk a1..ak are random Secret: a0 = GC Secret distribution n distinct points: (xi,p(xi)), xi 0 GC = p(0) Any k points reveals the secret No less than k reveals it
Our Polynomial Based counter Increment counter: GC GC+δ p(x) = GC+a1x+a2x2+…+akxk q(x) = p(x) + δ q(x) is defined by xi,p(xi)+δ Multiply : Gc GC·μ p(x) = GC+a1x+a2x2+…+ akxk q(x) = p(x)·μ q(x) is defined by xi,p(xi)·μ
Our Polynomial based solutionSwarm input: set • set(xi,p(xi))
Our Polynomial based solutionSwarm input: step • step() xi, p(xi) xi, p(xi)+ And the same for multiplication by μ
Our Polynomial based solutioninput: regain consistency request • regainConsistencyReq() • leader xi, p(xi)
Our Polynomial based solutioninput: regain consistency request • leader
Our Polynomial based solutioninput: regain consistency reply xi, p(xi) • leader
Our Polynomial based solutioninput: join request & reply joinReq() joinReply()
Our Polynomial Based Solution(Corruptive Adversary) Berlekamp-Welch Polynomial p(x) of degree k k+r points e errors Decode p(x) if e r/2 Polynomial based solution Decode p(x) if f (n–k–lp)/2 Where lp = num of leaving processes between two regainConsistency ops.
Talk Outline Introduction & motivation The Problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Our Chinese Remainder Based Solution Swarm secret: global counter GC p1 < p2 < … < pk relatively primes Mk = p1p2… pk 0 GC Mk GC r1,p1, r2,p2,…, rl ,pk [CRT] ri = GC mod pi GC r1, r2,…,rk Secret share ri, pi, ri = GC mod pi
Swarm Input pixi , ri p(xi) • regainConsistencyRequest() • regainConsistencyReply() • step() • joinRequest() • set() • joinReply()
Our Chinese RemainderBased Solution(Corruptive adversary) Mandelbaum p1 < p2 <…< pk <…< pk+r , relatively primes Mk = p1p2… pk 0 GC Mk e errors Detect: e r Correct: e r/2 Chinese remainder based solution Detect: f n-k-lp Correct: f (n-k-lp)/2
Talk Outline Introduction & motivation The problem Swarm settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Virtual I/O Automaton I/O Automaton A Implemented by the swarm Global state (Global secret) Current state of A Replicated at least T n times Regain consistency ensures: At least T+lp+f replicas of the global state At most T-f-1 replicas of any other state Global output Output with at least T n replicas Threshold device
Virtual I/O Automaton Secret share Tuple si1,si2,…,sim of candidates At most 1 state is the global state Step() transition step on si1,si2,…,sim and New tuple of candidates: s’i1,s’i2,…,s’im Output actions oi1,oi2,…,oim At least T replicas of the global output
Talk Outline Introduction & motivation The problem Swarm Settings Reactive k-secret sharing solutions Polynomial based solution Chinese remaindering based solution Virtual I/O automaton Conclusions
Conclusions polynomial based solution Addition & multiplication Error correcting [Berlekamp-Welch] Chinese remaindering based solution Addition Error correcting [Mandelbaum] Virtual I/O automaton Mask the global state Further results: Vandermonde matrix Support XOR operations