共找到 20 条结果
Secret sharing is a cryptographic scheme to encode a secret to multiple shares being distributed to participants, so that only qualified sets of participants can restore the original secret from their shares. When we encode a secret by a secret sharing scheme and distribute shares, sometimes not all participants are accessible, and it is desirable to distribute shares to those participants before a secret information is determined. Secret sharing schemes for classical secrets have been known to be able to distribute some shares before a given secret. Lie et al. found any pure $(k,2k-1)$-threshold secret sharing for quantum secrets can distribute some shares before a given secret. However, it is unknown whether distributing some shares before a given secret is possible with other access structures of secret sharing for quantum secrets. We propose a quantum secret sharing scheme for quantum secrets that can distribute some shares before a given secret with other access structures.
In quantum secret sharing, a quantum secret state is mapped to multiple shares such that shares from qualified sets can recover the secret state and shares from other forbidden sets reveal nothing about the secret state; we study the setting where there are both classical shares and quantum shares. We show that the quantum secret sharing problem with both classical and quantum shares is feasible if and only if any two qualified sets have some quantum share in common. Next, for threshold quantum secret sharing where there are $N_1$ classical shares, $N_2$ quantum shares and qualified sets consist of any $K_1$ (or more) classical shares and any $K_2 > N_2/2$ (or more) quantum shares, we show that to share $1$ qubit secret, each classical share needs to be at least $2$ bits and each quantum share needs to be at least $1$ qubit. Finally, we characterize the minimum share sizes for quantum secret sharing with at most $2$ classical shares and at most $2$ quantum shares. The converse proofs rely on quantum information inequalities and the achievable schemes use classical secret sharing, (encrypted) quantum secret sharing with only quantum shares, superdense coding, treating quantum dig
Secret sharing is an instrumental tool for sharing secret keys in distributed systems. In a classical threshold setting, this involves a dealer who has a secret/key, a set of parties/users to which shares of the secret are sent, and a threshold on the number of users whose presence is needed in order to recover the secret. In secret sharing, secure links with no leakage are often assumed between the involved parties. However, when the users are nodes in a communication network and all the links are physical links, e.g., wireless, such assumptions are not valid anymore. In order to study this critical problem, we propose a statistical leakage model of secret sharing, where some noisy versions of all the secret shares might be independently leaked to an adversary. We then study the resilience of the seminal Shamir's secret sharing scheme with statistical leakage, and bound certain measures of security (i.e., semantic security, mutual information security), given other parameters of the system including the amount of leakage from each secret share. We show that for an extreme scenario of Shamir's scheme, in particular when the underlying field characteristic is $2$, the security of ea
Secret sharing allows a user to split a secret into many shares so that the secret can be recovered if, and only if, an authorized set of shares is collected. Although secret sharing typically does not require any computational hardness assumptions, its security does require that an adversary cannot collect an authorized set of shares. Over long periods of time where an adversary can benefit from multiple data breaches, this may become an unrealistic assumption. We initiate the systematic study of secret sharing with certified deletion in order to achieve security even against an adversary that eventually collects an authorized set of shares. In secret sharing with certified deletion, a (classical) secret is split into quantum shares which can be verifiably destroyed. We define two natural notions of security: no-signaling security and adaptive security. Next, we show how to construct (i) a secret sharing scheme with no-signaling certified deletion for any monotone access structure, and (ii) a threshold secret sharing scheme with adaptive certified deletion. Our first construction uses Bartusek and Khurana's (CRYPTO 2023) 2-out-of-2 secret sharing scheme with certified deletion as
Modern AI agents routinely depend on secrets such as API keys and SSH credentials, yet the dominant deployment model still exposes those secrets directly to the agent process through environment variables, local files, or forwarding sockets. This design fails against prompt injection, tool misuse, and model-controlled exfiltration because the agent can both use and reveal the same bearer credential. We present CapSeal, a capability-sealed secret mediation architecture that replaces direct secret access with constrained invocations through a local trusted broker. CapSeal combines capability issuance, schema-constrained HTTP execution, broker-executed SSH actions, anti-replay session binding, policy evaluation, and tamper-evident audit trails. We describe a Rust prototype integrated with an MCP-facing adapter, formulate conditional security goals for non-disclosure, constrained use, replay resistance, and auditability, and define an evaluation plan spanning prompt injection, tool misuse, and SSH abuse. The resulting system reframes secret handling for agentic systems from handing the model a key to granting the model a narrowly scoped, non-exportable action capability.
Background: According to GitGuardian's monitoring of public GitHub repositories, secrets sprawl continued accelerating in 2022 by 67% compared to 2021, exposing over 10 million secrets (API keys and other credentials). Though many open-source and proprietary secret detection tools are available, these tools output many false positives, making it difficult for developers to take action and teams to choose one tool out of many. To our knowledge, the secret detection tools are not yet compared and evaluated. Aims: The goal of our study is to aid developers in choosing a secret detection tool to reduce the exposure of secrets through an empirical investigation of existing secret detection tools. Method: We present an evaluation of five open-source and four proprietary tools against a benchmark dataset. Results: The top three tools based on precision are: GitHub Secret Scanner (75%), Gitleaks (46%), and Commercial X (25%), and based on recall are: Gitleaks (88%), SpectralOps (67%) and TruffleHog (52%). Our manual analysis of reported secrets reveals that false positives are due to employing generic regular expressions and ineffective entropy calculation. In contrast, false negatives are
Secret sharing schemes for classical secrets can be classified into classical secret sharing schemes and quantum secret sharing schemes. Classical secret sharing has been known to be able to distribute some shares before a given secret. On the other hand, quantum mechanics extends the capabilities of secret sharing beyond those of classical secret sharing. We propose quantum secret sharing with the capabilities in designing of access structures more flexibly and realizing higher efficiency beyond those of classical secret sharing, that can distribute some shares before a given secret.
According to GitGuardian's monitoring of public GitHub repositories, the exposure of secrets (API keys and other credentials) increased two-fold in 2021 compared to 2020, totaling more than six million secrets. However, no benchmark dataset is publicly available for researchers and tool developers to evaluate secret detection tools that produce many false positive warnings. The goal of our paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories. We present a labeled dataset of source codes containing 97,479 secrets (of which 15,084 are true secrets) of various secret types extracted from 818 public GitHub repositories. The dataset covers 49 programming languages and 311 file types.
Sharing a secret efficiently amongst a group of participants is not easy since there is always an adversary / eavesdropper trying to retrieve the secret. In secret sharing schemes, every participant is given a unique share. When the desired group of participants come together and provide their shares, the secret is obtained. For other combinations of shares, a garbage value is returned. A threshold secret sharing scheme was proposed by Shamir and Blakley independently. In this (n,t) threshold secret sharing scheme, the secret can be obtained when at least t out of n participants contribute their shares. This paper proposes a novel algorithm to reveal the secret only to the subsets of participants belonging to the access structure. This scheme implements totally generalized ideal secret sharing. Unlike threshold secret sharing schemes, this scheme reveals the secret only to the authorized sets of participants, not any arbitrary set of users with cardinality more than or equal to t. Since any access structure can be realized with this scheme, this scheme can be exploited to implement various access priorities and access control mechanisms. A major advantage of this scheme over the ex
For a quantum secret sharing scheme built from a general quantum stabilizer code, no measurement-free circuit has been known for reconstructing its quantum secrets, except particular classes, such as one proposed by Cleve, Gottesman and Lo. We propose a measurement-free reconstruction circuit of quantum secrets in quantum secret sharing based on stabilizer codes. Our reconstruction circuit has width $k+|J|$ and consists of $O(k|J|)$ one- or two-qudit unitary gates when $|J|$ participants reconstruct $k$-qudit quantum secrets.
In $(t, n)$-threshold secret sharing, a secret $S$ is distributed among $n$ participants such that any subset of size $t$ can recover $S$, while any subset of size $t-1$ or fewer learns nothing about it. For information-theoretic secret sharing, it is known that the share size must be at least as large as the secret, i.e., $|S|$. When computational security is employed using cryptographic encryption with a secret key $K$, previous work has shown that the share size can be reduced to $\tfrac{|S|}{t} + |K|$. In this paper, we present a construction achieving a share size of $\tfrac{|S| + |K|}{t}$. Furthermore, we prove that, under reasonable assumptions on the encryption scheme -- namely, the non-compressibility of pseudorandom encryption and the non-redundancy of the secret key -- this share size is optimal.
Unclonable cryptography utilizes the principles of quantum mechanics to addresses cryptographic tasks that are impossible classically. We introduce a novel unclonable primitive in the context of secret sharing, called unclonable secret sharing (USS). In a USS scheme, there are $n$ shareholders, each holding a share of a classical secret represented as a quantum state. They can recover the secret once all parties (or at least $t$ parties) come together with their shares. Importantly, it should be infeasible to copy their own shares and send the copies to two non-communicating parties, enabling both of them to recover the secret. Our work initiates a formal investigation into the realm of unclonable secret sharing, shedding light on its implications, constructions, and inherent limitations. ** Connections: We explore the connections between USS and other quantum cryptographic primitives such as unclonable encryption and position verification, showing the difficulties to achieve USS in different scenarios. **Limited Entanglement: In the case where the adversarial shareholders do not share any entanglement or limited entanglement, we demonstrate information-theoretic constructions for
In addition to secret splitting, secret reconstruction is another important component of secret sharing. In this paper, the first quantum secret reconstruction protocol based on cluster states is proposed. Before the protocol, a classical secret is divided into multiple shares, which are distributed among shareholders via secret splitting. In the protocol, the dealer utilizes her secret to encrypt a private quantum state, and sends the encrypted state to a combiner chosen by her from the shareholders. With the help of other shareholders, the combiner utilizes the properties of cluster states to recover the privacy quantum state. It is shown that the proposed protocol is secure against several common attacks, including external and internal attacks. Compared with classical secret reconstruction protocols, this protocol not only achieves theoretical security of all shares, but also is more efficient due to reducing the distribution cost and computation cost. To demonstrate the feasibility of the protocol, a corresponding simulation quantum experiment is conducted on the IBM Q platform. Furthermore, in conjunction with quantum fingerprinting, it can be directly applied to achieve the
One crucial and basic method for disclosing a secret to every participant in quantum cryptography is quantum secret sharing. Numerous intricate protocols, including secure multiparty summation, multiplication, sorting, voting, and more, can be designed with it. A quantum secret sharing protocol with a $(t,n)$ threshold approach and modulo d, where t and n represent the threshold number of participants and the total number of participants, respectively was recently discussed by Song et al. Kao et al. notes that without the information of other participants, the secret in Song {\em et al.'s}protocol cannot be reconstructed. We address a protocol that solves this issue in this paper.
We study a secret sharing problem with three secrets where the secrets are allowed to be related to each other, i.e., only certain combinations of the three secrets are permitted. The dealer produces three shares such that every pair of shares reveals a unique secret and reveals nothing about the other two secrets, other than what can be inferred from the revealed secret. For the case of binary secrets, we exactly determine the minimum amount of randomness required by the dealer, for each possible set of permitted combinations. Our characterization is based on new lower and upper bounds.
Shamir's celebrated secret sharing scheme provides an efficient method for encoding a secret of arbitrary length $\ell$ among any $N \leq 2^\ell$ players such that for a threshold parameter $t$, (i) the knowledge of any $t$ shares does not reveal any information about the secret and, (ii) any choice of $t+1$ shares fully reveals the secret. It is known that any such threshold secret sharing scheme necessarily requires shares of length $\ell$, and in this sense Shamir's scheme is optimal. The more general notion of ramp schemes requires the reconstruction of secret from any $t+g$ shares, for a positive integer gap parameter $g$. Ramp secret sharing scheme necessarily requires shares of length $\ell/g$. Other than the bound related to secret length $\ell$, the share lengths of ramp schemes can not go below a quantity that depends only on the gap ratio $g/N$. In this work, we study secret sharing in the extremal case of bit-long shares and arbitrarily small gap ratio $g/N$, where standard ramp secret sharing becomes impossible. We show, however, that a slightly relaxed but equally effective notion of semantic security for the secret, and negligible reconstruction error probability, el
Publicly verifiable secret sharing (PVSS) allows a dealer to share a secret among a set of shareholders so that the secret can be reconstructed later from any set of qualified participants. In addition, any public verifier should be able to check the correctness of the sharing and reconstruction process. PVSS has been demonstrated to yield various applications, such as e-voting, distributed key generation, decentralized random number generation protocols, and multi-party computation. Although many concrete PVSS protocols have been proposed, their security is either proven in the random oracle model or relies on quantum-vulnerable assumptions such as factoring or discrete logarithm. In this work, we put forward a generic construction for PVSS that can be instantiated in the standard model under the Learning With Errors (LWE) assumption. Our instantiation provides the first post-quantum PVSS in the standard model, with a reasonable level of asymptotic efficiency.
In this paper we investigate the use of quantum information to share classical secrets. While every quantum secret sharing scheme is a quantum error correcting code, the converse is not true. Motivated by this we sought to find quantum codes which can be converted to secret sharing schemes. If we are interested in sharing classical secrets using quantum information, then we show that a class of pure $[[n,1,d]]_q$ CSS codes can be converted to perfect secret sharing schemes. These secret sharing schemes are perfect in the sense the unauthorized parties do not learn anything about the secret. Gottesman had given conditions to test whether a given subset is an authorized or unauthorized set; they enable us to determine the access structure of quantum secret sharing schemes. For the secret sharing schemes proposed in this paper the access structure can be characterized in terms of minimal codewords of the classical code underlying the CSS code. This characterization of the access structure for quantum secret sharing schemes is thought to be new.
Secret sharing is the well-known problem of splitting a secret into multiple shares, which are distributed to shareholders. When enough or the correct combination of shareholders work together the secret can be restored. We introduce two new types of shares to the secret sharing scheme of Shamir. Crucial shares are always needed for the reconstruction of the secret, whereas mutual redundant shares only help once in reconstructing the secret. Further, we extend the idea of crucial and redundant shares to a compartmented secret sharing scheme. The scheme, which is based on Shamir's, allows distributing the secret to different compartments, that hold shareholders themselves. In each compartment, another secret sharing scheme can be applied. Using the modifications the overall complexity of general access structures realized through compartmented secret sharing schemes can be reduced. This improves the computational complexity. Also, the number of shares can be reduced and some complex access structures can be realized with ideal amount and size of shares.
We study the arithmetic circuit complexity of threshold secret sharing schemes by characterizing the graph-theoretic properties of arithmetic circuits that compute the shares. Using information inequalities, we prove that any unrestricted arithmetic circuit (with arbitrary gates and unbounded fan-in) computing the shares must satisfy superconcentrator-like connectivity properties. Specifically, when the inputs consist of the secret and $t-1$ random elements, and the outputs are the $n$ shares of a $(t, n)$-threshold secret sharing scheme, the circuit graph must be a $(t, n)$-concentrator; moreover, after removing the secret input, the remaining graph is a $(t-1, n)$-concentrator. Conversely, we show that any graph satisfying these properties can be transformed into a linear arithmetic circuit computing the shares of a threshold secret sharing scheme, assuming a sufficiently large field. As a consequence, we derive upper and lower bounds on the arithmetic circuit complexity of computing the shares in threshold secret sharing schemes.