On the graph coloring check-digit scheme with applications to verifiable secret sharing

In the paper we apply graph vertex coloring for verification of secret shares. We start from showing how to convert any graph into the number and vice versa. Next, theoretical result concerning properties of n-colorable graphs is stated and proven. From this result we derive graph coloring check-digit scheme. Feasibility of proposed scheme increases with the size of the number, which digits are checked and overall probability of errors. The check-digit scheme is used to build shares verification method that does not require cooperation of the third party. It allows implementing verification structure different from the access structure. It does not depend on particular secret sharing method. It can be used as long as the secret shares can be represented by numbers or graphs. 1.Introduction Graphs find applications in every field of computer science. Graph theory provides many NP class problems, hence, it is not surprising that they find applications in the cryptography and data security. Minimal vertex coloring for an arbitrary graph, is known to be NP (see [11] [13]). A very good example of public-key cryptosystem, “Polly Cracker”, that makes use graph n-coloring, can be found in [10]. In the field of secret sharing, graphs were applied while studying access structures, for instance by Blundo, De Santis, Stinson and Vaccaro [3]. Secret sharing allows splitting a secret into different pieces, called shares, which are given to the participants, such that only certain group (authorized set of participants) can recover the secret. Participants not forming such set should have no information about the secret. Secret sharing schemes were independently invented by George Blakley [2] and Adi Shamir [15]. Many schemes were presented since, for instance, Asmuth and Bloom [1], Brickell [4], Karin-Greene-Hellman (KGH method) [9]. In our paper we use last method in order to illustrate proposed method for shares verification. The secret in KGH method is a vector of η numbers { } η η s s s S ,..., , 2 1 = . Some modulus k is chosen, such that ) ,..., , max( 2 1 η s s s k > . All t participants are given shares that are η dimensional vectors t j S j ,..., 2 , 1 , ) ( = η with elements in Zk. To retrieve the secret they have to add the vectors component-wise in Zk. For 2 = k , KGH method works like ⊕ (xor) on η -bits numbers, much in the same way like Vernam one-time pad. If t participants are needed to recover the secret, adding 1 − t (or less) shares reveals no information about secret itself. Interesting feature of KGH is that when certain vectors * η S are excluded (not allowed) from the set of possible secret values, method remains equally secure. Again, having 1 − t parts (or less) of the secret reveals no information about the secret itself. KGH with excluded vectors is referred as KGHe. Certainly, for same η (vector length) the size of the “secret space” is smaller for KGHe than for KGH. In practice, it is often needed that only certain specified subsets of the participants should be able to recover the secret. The authorized set is a subset of secret participants that are able to recover secret. The access structure describes all the authorized subsets. To design the access structure with required capabilities, the cumulative array construction can be used, for details see, for example, [8]. Combining cumulative arrays with KGH method, one obtains implementation of general secret sharing scheme (see, e.g., [14]). While designing such an implementation, one can introduce required capabilities not only in terms of access structure but also others, like security (e.g., perfectness), see [12], [17]. The simple secret sharing schemes are not secure against cheating (e.g., some participants alter their shares). Cheating can result not only in problems with recovering the secret, but also can compromise it. For the Shamir scheme, it was shown (see [18]) that in some instances a cheating participant might submit the false secret share, that provides no information about the secret, and recover secret once all participants from an authorized subset pool their shares. The problem can be addressed by verifiable secret sharing (VSS) schemes. Then, an adequate verification algorithm allows the honest participants to detect cheating (at least, with known probability) and avoid compromising the secret. Cheating is not limited to secret participants only, but such a topic is beyond scope of this paper. Verification set of shares (VSoS) is the set of shares that are required for verification procedure to take place. Verification structure is the superset containing all verification sets of shares. The verification of the secret shares can take place in public; moreover, often the set of participants can verify the validity of their shares together. This is the case of publicly verifiable secret sharing (PVSS), for instance see [16]. Major idea of this paper to use graph’s integral property such as vertex coloring for verification of secret shares. First we present method for binary strings verification and next apply it to the secret shares. Every number can be assigned corresponding graph structure and vice versa (sections 2.1 – 2.3). This allows to treat any number as the graph and test for properties associated with the graphs. Many of the graphs’ properties are related to NP problems. We focus on the graph vertex n-coloring and discuss known results that are needed further in the paper (section 2.4). In the next section, we find and prove upper bound for maximum number of graphs, that have fixed number of vertices and can be colored with n colors. Graph coloring based check-digit scheme follows in section 3. We describe and justify scheme capabilities. Check digit scheme is preliminary step to develop shares verification method. Before going that far, we devote section 4 to discuss secret sharing for the graph having in mind equivalence between graphs and numbers. At this point all preliminaries are provided, hence we can introduce shares verification method (section 5.1). Check digit scheme serves as the engine for the method and allows to describe its security in section 5.2. Finally, we propose generalization of verification method to arbitrary numbers (section 6). 2. Into the realm of graph coloring At the beginning simple scheme that allows conversion between graphs and numbers is presented. While more sophisticated methods can be used (e.g. [11]), the one chosen well illustrates development of main results. Notation: G(V,E) is the graph, where V is a set of vertices and E is a set of edges, with E edges and V vertices; vi denotes ith vertex of the graph, vi ∈ V; Kn stands for the complete graph on n vertices , χ(G) is chromatic number for the graph G. 2.1 Graph description Graph G is described by the square adjacency matrix m j i aij ,..., 2 , 1 , ], [ = = A . The elements of A satisfy: • for j i ≠ , 1 = ij a if E v v j i ∈ (vertices vi, vj are connected by an edge) and 0 = ij a ,