CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Communications of the ACM
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Proceedings of the 5th IMA Conference on Cryptography and Coding
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Distributing the Encryption and Decryption of a Block Cipher
Designs, Codes and Cryptography
Characterization of Security Notions for Probabilistic Private-Key Encryption
Journal of Cryptology
Sharing Multiple Secrets: Models, Schemes and Analysis
Designs, Codes and Cryptography
Public-key encryption in a multi-user setting: security proofs and improvements
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hi-index | 0.89 |
We propose in this work two new multi-secret sharing schemes, that allow to distribute @? different secrets among a set P={P"1,...,P"n} of players, each one according to a (possibly different) access structure. The two schemes are proved to enjoy computational security, by reduction to the semantic security of the underlying symmetric encryption scheme. The two security proofs are in the standard model and provide the exact relation between the security of the involved primitives. As far as we know, this is the first formal security analysis for a computational multi-secret sharing scheme in the literature. We compare the two new schemes, taking into account their efficiency properties, their security analysis and possible extensions. One of the schemes has very short secret shares (independently of the number @? of secrets) and can be easily extended to work without any trusted dealer. The other scheme has longer secret shares and the extension to work without a trusted dealer is much more complicated, but on the other hand it produces shorter public outputs and the security relation with the underlying symmetric encryption scheme is better, which may have consequences in the final efficiency of the scheme.