Cover Page The following handle

Cover Page

The following handle holds various files of this Leiden University dissertation:

http://hdl.handle.net/1887/59475

Author: Spini, G.

Title: Unconditionally secure cryptographic protocols from coding-theoretic primitives

Issue Date: 2017-12-06

Unconditionally Secure Cryptographic Protocols from Coding-Theoretic Primitives

Proefschrift ter verkrijging van

de graad van Doctor aan de Universiteit Leiden op gezag van Rector Magnificus prof. mr. C.J.J.M. Stolker,

volgens besluit van het College voor Promoties te verdedigen op woensdag 6 december 2017

klokke 12:30 uur

door

Gabriele Spini geboren te Sondrio, Itali¨ e,

in 1989

Promotores:

Prof. dr. Ronald Cramer (CWI, Amsterdam & Universiteit Leiden) Prof. dr. Gilles Z´emor (Universit´e de Bordeaux)

Copromotor:

Dr. Serge Fehr (CWI, Amsterdam)

Samenstelling van de promotiecommissie:

Prof. dr. Yuval Ishai (Technion, Haifa) Dr. Emmanuela Orsini (University of Bristol)

Dr. Berry Schoenmakers (Technische Universiteit Eindhoven) Prof. dr. Bart de Smit (Universiteit Leiden)

Prof. dr. Aad van der Vaart (Universiteit Leiden)

This work was funded by Erasmus Mundus Algant-Doc and was carried out at Universiteit Leiden, Universit´e de Bordeaux and CWI Amsterdam.

TH `ESE EN COTUTELLE PR ´ESENT ´EE POUR OBTENIR LE GRADE DE

DOCTEUR

DE L’UNIVERSIT´ E DE BORDEAUX ET DE L’UNIVERSIT´ E DE LEYDE

ECOLE DOCTORALE DE MATH ´´ EMATIQUES ET INFORMATIQUE INSTITUT DES MATH ´EMATIQUES DE L’UNIVERSIT ´E DE LEYDE

SP ´ECIALIT ´E Math´ematiques Pures

Par Gabriele SPINI

Protocoles avec S´ ecurit´ e Inconditionnelle issus de Techniques de la Th´ eorie des Codes

Sous la direction de Ronald CRAMER, Serge FEHR et Gilles Z ´EMOR Soutenue le 6 d´ecembre 2017

Membres du jury :

Anne CANTEAUT Directrice de recherche, Inria Paris Examinatrice

Bart DE SMIT Universiteit Leiden Examinateur

Yuval ISHAI Professeur, Technion, Haifa Rapporteur

Berry SCHOENMAKERS Universitair Hoofddocent, TU Eindhoven Rapporteur Aad VAN DER VAART Professeur, Universiteit Leiden Examinateur Gilles Z ´EMOR Professeur, Universit´e de Bordeaux Directeur

Contents

1 Introduction 1

1.1 Context . . . 1

1.2 Thesis Outline and Contributions . . . 8

2 Preliminaries 13 2.1 General Notation . . . 13

2.2 Error-Correcting Codes . . . 14

2.2.1 Basic Definitions and Properties . . . 14

2.2.2 MDS Codes . . . 16

2.3 Probability Theory . . . 18

2.3.1 Modeling Non-Determinism . . . 18

2.3.2 Kolmogorov’s Probability Theory . . . 19

2.3.3 Abstract Probability Theory . . . 20

2.4 Modeling Algorithms and Protocols . . . 22

2.4.1 Complexity . . . 23

2.5 Secret Sharing . . . 24

2.5.1 Basic Definitions and Properties . . . 25

2.6 Linear Secret Sharing and Error-Correcting Codes: Massey’s Paradigm . . . 28

3 New Constructions of Secret-Sharing Schemes from Error- Correcting Codes 31 3.1 A New Connection between Secret Sharing and Error-Correcting Codes . . . 32

3.2 A First Application: Linear-Time Sharing and Reconstruction via Linear Universal Hash Functions . . . 35

3.2.1 Universal Hash Functions . . . 35

3.2.2 A New Scheme from Codes and Universal Hash Functions 38 3.2.3 A Linear-Time Family of Secret-Sharing Schemes . . . . 40

3.3 The Second Application: Robust Secret Sharing via List-Decodable Codes and AMD Codes . . . 44

3.3.1 Robust Secret Sharing . . . 45

3.3.2 AMD Codes . . . 47

3.3.3 List-Decodable Codes . . . 48

3.3.4 The Construction . . . 48

3.3.5 A Shamir-based Scheme . . . 51

3.3.6 With Universal Hash Functions . . . 53

4 New Protocols for Secure Multi-Round Communication 57 4.1 Perfectly Secure Message Transmission . . . 58

4.1.1 An Overview of PSMT . . . 59

4.1.2 An Overview of our Protocol . . . 61

4.1.3 Private and Reliable Communication Tools . . . 62

4.1.4 Pseudo-Bases or Syndrome-Spanning Subsets . . . 64

4.1.5 A First Protocol . . . 66

4.1.6 The Improvements to the Protocol . . . 69

4.1.7 Concluding Remarks and Open Problems . . . 79

4.2 Generalization of PSMT to Linear Combinations of Errors and Eavesdropped Data . . . 79

4.2.1 Motivation: Secure Network Coding . . . 81

4.2.2 The Two-Round Protocol . . . 84

4.2.3 The Three-Round Protocol . . . 90

5 Improvements to the SPDZ Multi-Party Computation Proto- col 93 5.1 An Introduction to Secure Multi-Party Computation and the SPDZ Protocol . . . 93

5.2 The Standard SPDZ Protocol . . . 97

5.2.1 A Brief Discussion on Information-Theoretic and Com- putational Security . . . 98

5.2.2 Setting and Goal of SPDZ. . . 98

5.2.3 The Pre-Processing Phase . . . 101

5.2.4 The Online Phase . . . 102

5.2.5 The Security of SPDZ and Its Cost . . . 104

5.3 Adding Cheater Detection . . . 105

5.3.1 An Overview of The New Protocol . . . 105

5.3.2 The Checking Protocol BlockCheck . . . 107

5.3.3 The Tag Check . . . 114

5.3.4 Secure Input Sharing and Output Reconstruction . . . . 118

5.3.5 The Complete Protocol . . . 121

5.3.6 The Commitment Check . . . 127