Mind the Gap: Ceremonies for Applied Secret Sharing

  title={Mind the Gap: Ceremonies for Applied Secret Sharing},
  author={Bailey Kacsmar and Chelsea Komlo and Florian Kerschbaum and Ian Goldberg},
  journal={Proceedings on Privacy Enhancing Technologies},
  pages={397 - 415}
Abstract Secret sharing schemes are desirable across a variety of real-world settings due to the security and privacy properties they can provide, such as availability and separation of privilege. However, transitioning secret sharing schemes from theoretical research to practical use must account for gaps in achieving these properties that arise due to the realities of concrete implementations, threat models, and use cases. We present a formalization and analysis, using Ellison’s notion of… Expand
1 Citations
Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements
This work develops definitions, theorems, and efficient constructions for what it calls adept secret-sharing, a more directly useful primitive for human endusers that can withstand both strong adversaries and routine operational errors. Expand


Proactive Secret Sharing Or: How to Cope With Perpetual Leakage
In order to guarantee the availability and integrity of the secret, this work provides mechanisms to detect maliciously (or accidentally) corrupted shares, as well as mechanisms to secretly recover the correct shares when modification is detected. Expand
On Proactive Secret Sharing Schemes
The main contribution of the paper is to show specific weaknesses, when a mobile adversary is considered, when the security of Proactive Secret Sharing Schemes is investigated. Expand
An updated threat model for security ceremonies
It is discussed that even though Dolev-Yao's threat model can represent the most powerful attacker possible in a ceremony, the attacker in this model is not realistic in certain scenarios, especially those related to the human peers. Expand
Universally composable security: a new paradigm for cryptographic protocols
  • R. Canetti
  • Computer Science
  • Proceedings 2001 IEEE International Conference on Cluster Computing
  • 2001
It is shown how to formulate universally composable definitions of security for practically any cryptographic task, and it is demonstrated that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted. Expand
A Proposed Framework for Analysing Security Ceremonies
By properly enlisting human expectations and interactions in security protocols, the authors can minimise the ill-described assumptions they usually see failing and help to better understand where protocols are more prone to break due to human constraints. Expand
A practical scheme for non-interactive verifiable secret sharing
  • Paul Feldman
  • Computer Science
  • 28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
This paper presents an extremely efficient, non-interactive protocol for verifiable secret sharing, which provides asynchronous networks with a constant-round simulation of simultaneous broadcast networks whenever even a bare majority of processors are good. Expand
Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices
Shatter is introduced, an open-source framework that runs on desktops, Android, and Android Wear, and performs key distribution on a user's behalf, and uses threshold cryptography to turn the security weakness of having multiple devices into a strength. Expand
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0
It is concluded that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting the hypothesis that user interface design for effective security remains an open problem. Expand
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
It is shown how to distribute a secret to n persons such that each person can verify that he has received correct information about the secret without talking with other persons. Any k of theseExpand
A Cryptographic Analysis of the WireGuard Protocol
An extra message is added to the WireGuard protocol to prove strong authentication and key indistinguishability properties for the key exchange component of WireGuard under standard cryptographic assumptions. Expand