Search for: All records

Secret sharing (SS) is a foundational cryptographic primitive with diverse applications, including secure multiparty computation and conditional disclosure of secrets. While traditional schemes have primarily emphasized information-theoretic security, recent advancements have increasingly leveraged computational assumptions to achieve more efficient constructions and support broader access policies. Despite these successes, most existing computational secret sharing (CSS) schemes are limited to a static security model, where adversaries must commit to their choice of corrupted participants at the outset. A critical challenge in CSS lies in achieving adaptive security, where adversaries can dynamically select participants to corrupt, better reflecting real-world threat models. In this paper, we present a novel transformation that converts any statically secure CSS scheme into an adaptively secure one while preserving the original access policy and computational assumptions, providing a framework for bridging the gap between static and adaptive security. Our construction introduces a multiplicative share size overhead of where is the number of parties. Additionally, we explore trade-offs in efficiency and security, offering more efficient adaptive CSS constructions for specific, restricted policy classes. This work addresses key limitations in the current landscape of CSS and paves the way for broader adoption of adaptively secure secret sharing in cryptographic applications. 

Abstract. Ice-sheet models used to predict sea-level rise often neglect subglacial hydrology. However, theory and observations suggest that ice flow and subglacial water flow are bidirectionally coupled: ice geometry affects hydraulic potential, hydraulic potential modulates basal shear stress via the basal water pressure, and ice flow advects the subglacial drainage system. This coupling could impact rates of ice mass change but remains poorly understood. We develop a coupled ice–subglacial-hydrology model to investigate the effects of coupling on the long-term evolution of marine-terminating ice sheets. We combine a one-dimensional channelized subglacial hydrology model with a depth-integrated marine-ice-sheet model, incorporating each component of the coupling listed above, yielding a set of differential equations that we solve using a finite-difference, implicit time-stepping approach. We conduct a series of experiments with this model, using either bidirectional or unidirectional coupling. These experiments generate profiles of channel cross-sectional area, channel flow rate, channel effective pressure, ice thickness, and ice velocity. We discuss how the profiles shape one another, resulting in the effective pressure reaching a local maximum in a region near the grounding line. We also describe the impact of bidirectional coupling on the transient retreat of ice sheets through a comparison of our coupled model with ice-flow models that have imposed static basal conditions. We find that including coupled subglacial hydrology leads to grounding-line retreat that is virtually absent when static basal conditions are assumed. This work highlights the role time-evolving subglacial drainage may have in ice-sheet change and informs efforts to include it in ice-sheet models. This work also supplies a physical basis for a commonly used parameterization which assumes that the subglacial water pressure is set by the bed's depth beneath the sea surface. 

Attribute-based encryption (ABE) generalizes public-key encryption and enables fine-grained control to encrypted data. However, ABE upends the traditional trust model of public-key encryption by requiring a single trusted authority to issue decryption keys. If an adversary compromises the central authority and exfiltrates its secret key, then the adversary can decrypt every ciphertext in the system. This work introduces registered ABE, a primitive that allows users to generate secret keys on their own and then register the associated public key with a “key curator” along with their attributes. The key curator aggregates the public keys from the different users into a single compact master public key. To decrypt, users occasionally need to obtain helper decryption keys from the key curator which they combine with their own secret keys. We require that the size of the aggregated public key, the helper decryption keys, the ciphertexts, as well as the encryption/decryption times to be polylogarithmic in the number of registered users. Moreover, the key curator is entirely transparent and maintains no secrets. Registered ABE generalizes the notion of registration-based encryption (RBE) introduced by Garg et al. (TCC 2018), who focused on the simpler setting of identity-based encryption. We construct a registered ABE scheme that supports an a priori bounded number of users and policies that can be described by a linear secret sharing scheme (e.g., monotone Boolean formulas) from assumptions on composite-order pairing groups. Our approach deviates sharply from previous techniques for constructing RBE and only makes black-box use of cryptography. All existing RBE constructions (a weaker notion than registered ABE) rely on heavy non-black-box techniques. The encryption and decryption costs of our construction are comparable to those of vanilla pairing-based ABE. Two limitations of our scheme are that it requires a structured reference string whose size scales quadratically with the number of users (and linearly with the size of the attribute universe) and the running time of registration scales linearly with the number of users. Finally, as a feasibility result, we construct a registered ABE scheme that supports general policies and an arbitrary number of users from indistinguishability obfuscation and somewhere statistically binding hash functions. 

Functional Encryption is a powerful notion of encryption in which each decryption key is associated with a function such that decryption recovers the function evaluation . Informally, security states that a user with access to function keys (and so on) can only learn (and so on) but nothing more about the message. The system is said to be -bounded collusion resistant if the security holds as long as an adversary gets access to at most function keys. A major drawback of such "statically" bounded collusion systems is that the collusion bound must be declared at setup time and is fixed for the entire lifetime of the system. We initiate the study of "dynamically" bounded collusion resistant functional encryption systems which provide more flexibility in terms of selecting the collusion bound, while reaping the benefits of statically bounded collusion FE systems (such as quantum resistance, simulation security, and general assumptions). Briefly, the virtues of a dynamically bounded scheme can be summarized as: (i) [Fine-grained individualized selection.] It lets each encryptor select the collusion bound by weighing the trade-off between performance overhead and the amount of collusion resilience. (ii) [Evolving encryption strategies.] Since the system is no longer tied to a single collusion bound, thus it allows to dynamically adjust the desired collusion resilience based on any number of evolving factors such as the age of the system, or a number of active users, etc. (iii) [Ease and simplicity of updatability.] None of the system parameters have to be updated when adjusting the collusion bound. That is, the same key can be used to decrypt ciphertexts for collusion bound as well as . We construct such a dynamically bounded functional encryption scheme for the class of all polynomial-size circuits under the general assumption of Identity-Based Encryption.