Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

In SSSS, if you recreate the original secret with one of the decoder inputs bein

ID: 648960 • Letter: I

Question

In SSSS, if you recreate the original secret with one of the decoder inputs being slightly damaged (e.g. one or two chars incorrect), you receive a slightly damaged version of the original secret. So if the original secret was "Abraham Lincoln", decoding using a slightly damaged input might still get you "Ab%aham Lincoln", for example.

What's the best way to encode and decode the secret, on top of SSSS, such that any variance at all in the inputs causes the decoded secret to be completely useless?

One obvious way would be to encrypt the secret before using SSSS. Are there any alternatives? In particular, any alternative that would not require each user to have a final decryption key (for decoding the secret that comes out of SSSS) as well as their SSSS decoding keys?

Explanation / Answer

In general, you cannot encode information such that "any variance at all in the inputs causes the decoded secret to be completely useless." That's because there's a generic attack that can be used to reconstruct the secret with a high probability, given almost enough enough information to uniquely determine it, as long as the correct secret can somehow be distinguished from incorrectly reconstructed secrets.

The attack is simple: you guess the missing information, reconstruct the secret based on your guess, and repeat this for all possible (or at least all sufficiently likely) values of the missing information. Then you compare the resulting secrets and pick the one that appears to be the correct one.

For example, let's say that the secret is a password shared using a threshold secret sharing scheme (like Shamir's) using threshold t, and that we know t?1 full shares plus all but the third byte of the t-th share. Now, there are 256 possible values the missing byte could have, so we can just reconstruct the secret using each of those values, giving us 255 different passwords.

Now, depending on the details of the secret sharing method used, we might be able to guess which of these was the correct password just by inspection; for example, if 255 of the reconstructions looked like random noise, while only one consisted of printable characters, we might well guess that this was the correct reconstruction. However, in this case, we'd have an even more reliable way to tell the correct password from the incorrect ones

Related Questions

In SAS Studio I have a categorical variable called Hearing. In the hearing colum
Question #3586803
In SAS or R: 8.8. Refer to Commercial properties Problems 6.18 and 7.7. The vaca
Question #2932970
In SAS or R: 8.8. Refer to Commercial properties Problems 6.18 and 7.7. The vaca
Question #3336567
In SDS-PAGE, proteins are completely denatured and converted to be uniformly neg
Question #196789
In SI units, a truck of mass 25,000 kg is travelling at 100 km/hr, which is a bi
Question #1884592
In SI units, the electric field in an electromagnetic wave is described by E_ y
Question #1560253
In SI units, the electric field in an electromagnetic wave is described by E_ y
Question #1608838
In SPECIAL RELATIVITY, what or why is - choose one of the three alternatives eac
Question #2304308
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
In SQLSever perform the following queries: 8. a. Insert a new row in the Locatio
Next
In STAT 200 last year, students were asked to rate how much they liked various k

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.