Constructing ideal (t,n) threshold secret sharing schemes leads to some limitations on the maximum number of users, that are able to join the secret sharing scheme. We aim to remove these limitations by reducing the information rate of the constructed threshold secret sharing schemes. In this paper we propose recursive construction algorithms of (t,n) threshold secret sharing schemes, based on the generalized vector space construction. Using these algorithms we are able to construct a (t,n) threshold secret sharing scheme for any arbitrary n.

The concept of personal networks is very user-centric and representative for the next generation networks. However, the present security mechanism does not consider at all what happens whenever a mobile node (device) is compromised, lost or stolen. Of course, a compromised, lost or stolen mobile node (device) is a main factor to leak stored secrets. This kind of leakage of stored secrets remains a great danger in the field of communication security since it can lead to the complete breakdown of the intended security level. In order to solve this problem, we propose a 3-way Leakage-Resilient and Forward-Secure Authenticated Key Exchange (3LRFS-AKE) protocol and its security architecture suitable for personal networks. The 3LRFS-AKE protocol guarantees not only forward secrecy of the shared key between device and its server as well as providing a new additional layer of security against the leakage of stored secrets. The proposed security architecture includes two different types of communications: PN wide communication and communication between P-PANs of two different users. In addition, we give a performance evaluation and numerical results of the delay generated by the proposed security architecture.

In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. And we show that the LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem. In addition, we discuss about some possible applications of the LRP-AKE protocol.

In Shamir's (k,n)-threshold secret sharing scheme [1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k ≥ 3 and n is arbitrary. This paper proposes a new fast (3,n)-threshold scheme by using just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret, which is an ideal secret sharing scheme similar to Shamir's scheme. Furthermore, we evaluate the efficiency of the scheme, and show that it is more efficient than Shamir's in terms of computational cost. Moreover, we suggest a fast (k,n)-threshold scheme can be constructed in a similar way by increasing the sets of random numbers constructing pieces of shares.

In this letter, we show that Jung's ID-based scheme, which is the improved version of the Chikazawa-Yamagishi scheme, satisfies only the weak forward secrecy. But the weak forward secrecy is not quite realistic, since it is not sufficient for modeling the real attacks. To address this problem, the strong forward secrecy has been pursued, which is modeling the more realistic attacks. We then suggest a modification of Jung's ID-based scheme to provide the strong forward secrecy.

We have been developing a secure and reliable distributed storage system, which uses a secret sharing scheme. In order to efficiently store data in the system, this paper introduces an optimal share transfer problem, and proves it to be, generally, NP-hard. It is also shown that the problem can be resolved into a Steiner tree problem. Finally, through computational experiments we perform the comparison of heuristic algorithms for the Steiner tree problem.

In a secure group communication, a group key agreement is to provide a secret key exchange among a group of users. When a new user joins the group, a new group key will be established. In this paper, we analyse Horng's joint protocol and show that this protocol does not provide backward secrecy. This means that a new joining user is able to discover the previous group key used by the previous group member.

We propose constant-round protocols for interval tests, equality tests, and comparisons where shared secret inputs are not given bitwise. In [9]. Damgård et al. presented a novel protocol called the bit-decomposition, which can convert a polynomial sharing of an element in prime field Zp into sharings of bits. Though, by using the bit-decomposition protocol, those protocols can be constructed with constant round complexities theoretically, it involves expensive computation, leading to relatively high round and communication complexities. In this paper, we construct more efficient protocols for those protocols without relying on the bit-decomposition protocol. In the interval test protocol, checking whether a shared secret exists in the known interval is reduced to checking whether a bitwise-shared random secret exists in the appropriate interval. In the comparison protocol, comparing two shared secrets is reduced to comparing the two secrets viaindirectly where p is an odd prime for an underlying linear secret sharing scheme. In the equality test protocol, checking whether two shared secrets are equal is reduced to checking whether the difference of the two secrets is zero and furthermore checking whether the difference is a zero is reduced to checking quadratice residuosity of a random secret in a probabilistic way.

Web metering is an effective means of measuring the number of visits from clients to Web servers during a specific time frame. Naor and Pinkas, in 1998, first introduced metering schemes to evaluate the popularity of Web servers. Ogata and Kurosawa proposed two schemes that improve on the Naor-Pinkas metering schemes. This study presents a Web metering scheme which is based on the bilinear pairings and built on the GDH group. The proposed scheme can resist fraud attempts by malicious Web servers and disruptive attacks by malicious clients.

Both mutual authentication and generation of session keys can be accomplished by an authenticated key exchange (AKE) protocol. Let us consider the following situation: (1) a client, who communicates with many different servers, remembers only one password and has insecure devices (e.g., mobile phones or PDAs) with very-restricted computing power and built-in memory capacity; (2) the counterpart servers have enormous computing power, but they are not perfectly secure against various attacks (e.g., virus or hackers); (3) neither PKI (Public Key Infrastructures) nor TRM (Tamper-Resistant Modules) is available. The main goal of this paper is to provide security against the leakage of stored secrets as well as to attain high efficiency on client's side. For those, we propose an efficient and leakage-resilient RSA-based AKE (RSA-AKE) protocol suitable for the above situation whose authenticity is based on password and another secret. In the extended model where an adversary is given access to the stored secret of client, we prove that its security of the RSA-AKE protocol is reduced tightly to the RSA one-wayness in the random oracle model. We also show that the RSA-AKE protocol guarantees several security properties (e.g., security of password, multiple sever scenario with only one password, perfect forward secrecy and anonymity). To our best knowledge, the RSA-AKE protocol is the most efficient, in terms of both computation costs of client and communication costs, over the previous AKE protocols of their kind (using password and RSA).

Johnston and Gemmell proposed an authenticated key exchange protocol based on the difficulty of the q-th root problem. They showed that it is provably secure against man-in-the-middle attacks. In this paper we show that the protocol is insecure against an unknown key-share attack and does not achieve forward secrecy.

It is known that for any general access structure, a secret sharing scheme (SSS) can be constructed from an (m,m)-threshold scheme by using the so-called cumulative map or from a (t,m)-threshold SSS by a modified cumulative map. However, such constructed SSSs are not efficient generally. In this paper, a new method is proposed to construct a SSS from a (t,m)-threshold scheme for any given general access structure. In the proposed method, integer programming is used to derive the optimal (t,m)-threshold scheme and the optimal distribution of the shares to minimize the average or maximum size of the distributed shares to participants. From the optimality, it can always attain lower coding rate than the cumulative maps because the cumulative maps cannot attain the optimal distribution in many cases. The same method is also applied to construct SSSs for incomplete access structures and/or ramp access structures.

Data retrieval is used to obtain a particular data item from a database. A user requests an item in the database from a database server by sending a query, and obtains the item from an answer to the query. Security requirements of data retrieval include protecting the privacy of the user, the secrecy of the database, and the consistency of answers. In this paper, a data retrieval scheme which satisfies all the security requirements is defined and an efficient construction is proposed. In the proposed construction, the size of a query and an answer is O((log N)2), and the size of data published by the database server when the database is updated is only O(1). The proposed construction uses the Merkle tree, a commitment scheme, and Oblivious Transfer. The proof of the security is given under the assumption that the used cryptographic schemes are secure.

Secret sharing is a method for distributing a secret among a party of participants. Each of them is allocated a share of the secret, and the secret can only be reconstructed when the shares are combined together. We have been proposing a secret sharing distributed database system (SSDDB) that uses a secret sharing scheme to improve confidentiality and robustness of distributed database systems. This paper proposes a vertical partitioning algorithm for the SSDDB, and evaluates the algorithm by computational experiments.

Secret key agreement is a procedure for agreeing on a secret key by exchanging messages over a public channel when a sender, a legitimate receiver (henceforth referred to as a receiver), and an eavesdropper have access to correlated sources. Maurer [6] defined secret key capacity, which is the least upper bound of the key generation rate of the secret key agreement, and presented an upper and a lower bound for the secret key capacity. The advantage distillation capacity is introduced and it is shown that this quantity equals to the secret key capacity. Naive information theoretical expressions of the secret key capacity and the advantage distillation capacity are also presented. An example of correlated sources, for which an analytic expression of the secret key capacity can be obtained, is also presented.

This paper deals with a secret key agreement problem from correlated random numbers. It is proved that there is a pair of linear matrices that yields a secret key agreement in the situation wherein a sender, a legitimate receiver, and an eavesdropper have access to correlated random numbers. A relation between the coding problem of correlated sources and a secret key agreement problem from correlated random numbers are also discussed.

In this paper, a method is proposed to construct a visual secret sharing (VSS) scheme for multiple secret images in which each share can be rotated with 180 degrees in decryption. The proposed VSS scheme can encrypt more number of secret images compared with the normal VSS schemes. Furthermore, the proposed technique can be applied to the VSS scheme that allows to turn over some shares in decryption. From the theoretical point of view, it is interesting to note that such VSS schemes cannot be obtained from so-called basis matrices straightforwardly.

The Visual Secret Sharing (VSS) scheme proposed by Naor and Shamir is a perfectly secure scheme to share a secret image. By using m sub pixels to represent one pixel, we encrypt the secret image into several noise-like shadow images. The value of m is known as the pixel expansion. More pixel expansion increases the shadow size and makes VSS schemes impractical for real application. In this paper, we propose new size-reduced VSS schemes and dramatically decrease the pixel expansion by a half.

Visual secret sharing (VSS) scheme is a perfect secure method that protects a secret image by breaking it into shadows. Unlike other secret sharing schemes, the VSS scheme can be easily decoded by the human visual sight when staking the shadows. We replace a pixel in the secret image by m sub pixels in the shadow image and the value m is called as pixel expansion. In general, most papers are dedicated to find the minimum m for a VSS scheme, i.e. a smaller shadow size. However, it seems that no one studies how to trade the shadow size for the contrast. In this paper, we take the lead in studying size-adjustable VSS schemes such that one can choose appropriate shadow size and the recovered image contrast for practical use.

Simultaneous recordings of eight channel surface myoelectric signals (EMGs) of the biceps brachii muscles of seven subjects were measured in isovelocity elbow flexion against constant load torque. The velocity was 10, 15, 20 and 25 degree/s and the load torque was 5-15 % of the torque obtained at the maximum voluntary contraction (MVC). Individual motor units were identified from the eight-channel surface EMG, by tracking the waveform change which originated from the change of relative position of muscle fiber and electrode. In the low-load (5 and 7% MVC) experiment, 36 examples of recruitment and 22 examples of derecruitment were measured. In the middle-load (10 and 15% MVC) experiment, most of the motor units did not show an obvious change in the firing rate with the elbow joint angle. Average of the firing rates of all the motor units measured at the elbow angle of 0 to 120 degree (13.3-14.7 Hz) did not depend on flexion velocity between 10 to 25 degree/s. It was concluded that the firing rates of the activated MUs were almost constant and that some MUs were recruited and derecruited during the isovelocity flexion movements. These are the first findings.