Erratum: Efficient Verification for Provably Secure Storage and Secret Sharing in Systems Where Half the Servers Are Faulty
نویسندگان
چکیده
The protocol presented in the paper that appears in the DISC 2004 proceedings relies on a transitivity lemma that does not necessarily hold. The lemma states that if p is a correct server, and q and r are two other servers such that p verifies q and q verifies r, then r’s data should be correct. Serge Fehr pointed to us that this does not hold if q and r are incorrect and collude. In fact, while q’s verification will be correct with high probability, if q and r are corrupted, then q can give its own data and verification information to r beforehand so that r can calculate different data that is guaranteed to be verified by q’s verification information. Also, Ronald Cramer pointed out that our adversary model is not the strongest for secret sharing (it is the strongest adversary for secure storage though). In the secret sharing model, one can distinguish between rushing and non-rushing adversaries [1]. A rushing adversary may wait for the correct players to show their shares before showing the shares of the faulty players. It is not clear to us that Rabin [2] makes this distinction between the model we use and the stronger model of [1], but the protocol that she presents clearly tolerates the stronger model as shown in [1]. In [1], Cramer et al. prove a lower bound for the rushing adversary model which basically states that in any one-round solution that tolerates a rushing adversary, each server must verify Ω(n) other servers. The rushing adversary model is not relevant to the secure storage problem because all servers send their data over private channels to the reader and faulty servers cannot see the data and verification information of correct servers. In this erratum, we change the transitivity lemma and the protocol for recovering the file. The new protocol solves all the questions that were posed in the paper. Its space requirement is identical to that of the protocol in the proceedings, but its running time is slightly higher. It is important to note that the
منابع مشابه
Efficient Verification for Provably Secure Storage and Secret Sharing in Systems Where Half the Servers Are Faulty
We present new decentralized storage systems that are resilient to arbitrary failures of up to a half of all servers and can tolerate a computationally unbounded adversary. These are the first such results with space requirements smaller than those of full replication without relying on cryptographic assumptions. We also significantly reduce share sizes for robust secret-sharing schemes with or...
متن کاملAn Efficient Secret Sharing-based Storage System for Cloud-based Internet of Things
Internet of things (IoTs) is the newfound information architecture based on the internet that develops interactions between objects and services in a secure and reliable environment. As the availability of many smart devices rises, secure and scalable mass storage systems for aggregate data is required in IoTs applications. In this paper, we propose a new method for storing aggregate data in Io...
متن کاملComputationally secure multiple secret sharing: models, schemes, and formal security analysis
A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...
متن کاملDesign and formal verification of DZMBE+
In this paper, a new broadcast encryption scheme is presented based on threshold secret sharing and secure multiparty computation. This scheme is maintained to be dynamic in that a broadcaster can broadcast a message to any of the dynamic groups of users in the system and it is also fair in the sense that no cheater is able to gain an unfair advantage over other users. Another important feature...
متن کاملSimple and Efficient Secret Sharing Schemes for Sharing Data and Image
Secret sharing is a new alternative for outsourcing data in a secure way. It avoids the need for time consuming encryption decryption process and also the complexity involved in key management. The data must also be protected from untrusted cloud service providers. Secret sharing based solution provides secure information dispersal by making shares of the original data and distributes them amon...
متن کامل