1. bookVolume 2020 (2020): Issue 2 (April 2020)
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year
access type Open Access

Mind the Gap: Ceremonies for Applied Secret Sharing

Published Online: 08 May 2020
Page range: 397 - 415
Received: 31 Aug 2019
Accepted: 16 Dec 2019
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year

Secret sharing schemes are desirable across a variety of real-world settings due to the security and privacy properties they can provide, such as availability and separation of privilege. However, transitioning secret sharing schemes from theoretical research to practical use must account for gaps in achieving these properties that arise due to the realities of concrete implementations, threat models, and use cases. We present a formalization and analysis, using Ellison’s notion of ceremonies, that demonstrates how simple variations in use cases of secret sharing schemes result in the potential loss of some security properties, a result that cannot be derived from the analysis of the underlying cryptographic protocol alone. Our framework accounts for such variations in the design and analysis of secret sharing implementations by presenting a more detailed user-focused process and defining previously overlooked assumptions about user roles and actions within the scheme to support analysis when designing such ceremonies. We identify existing mechanisms that, when applied to an appropriate implementation, close the security gaps we identified. We present our implementation including these mechanisms and a corresponding security assessment using our framework.


[1] Erinn Atwater and Ian Goldberg. Shatter Secrets: Using Secret Sharing to Cross Borders with Encrypted Devices. In Cambridge International Workshop on Security Protocols, pages 289–294. Springer, 2018.Search in Google Scholar

[2] Erinn Atwater and Urs Hengartner. Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pages 91–102. ACM, 2016.Search in Google Scholar

[3] James Ball. Unredacted US embassy cables available online after WikiLeaks breach. https://www.theguardian.com/world/2011/sep/01/unredacted-us-embassy-cables-online. Accessed 2019-05-29.Search in Google Scholar

[4] James Ball. WikiLeaks publishes full cache of unredacted cables. https://www.theguardian.com/media/2011/sep/02/wikileaks-publishes-cache-unredacted-cables. Accessed 2019-05-29.Search in Google Scholar

[5] Elana Beiser. Record Number of Journalists Jailed as Turkey, China, Egypt Pay Scant Price for Repression. Committee to Protect Journalists, 2017.Search in Google Scholar

[6] Luís T.A.N. Brandão, Nicky Mouha, and Apostol Vassilev. NISTIR 8214 Threshold Schemes for Cryptographic Primitives. https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8214.pdf, 2019. Accessed 2019-05-24.Search in Google Scholar

[7] Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw, and Rodney Thayer. OpenPGP Message Format. https://tools.ietf.org/html/rfc4880, November 2007.Search in Google Scholar

[8] Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science, 2001. Proceedings. 42nd IEEE Symposium on, pages 136–145. IEEE, 2001.Search in Google Scholar

[9] Marcelo Carlomagno Carlos, Jean Everson Martina, Geraint Price, and Ricardo Felipe Custódio. A Proposed Framework for Analysing Security Ceremonies. In SECRYPT, pages 440–445, 2012.Search in Google Scholar

[10] Marcelo Carlomagno Carlos, Jean Everson Martina, Geraint Price, and Ricardo Felipe Custódio. An updated threat model for security ceremonies. In Proceedings of the 28th annual ACM symposium on applied computing, pages 1836–1843. ACM, 2013.Search in Google Scholar

[11] Department of Homeland Affairs, Australian Government. The Assistance and Access Act 2018. https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/data-encryption. Accessed 2019-05-20.Search in Google Scholar

[12] Rachna Dhamija, J Doug Tygar, and Marti Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581–590. ACM, 2006.Search in Google Scholar

[13] Benjamin Dowling and Kenneth G Paterson. A Cryptographic Analysis of the WireGuard Protocol. In International Conference on Applied Cryptography and Network Security, pages 3–21. Springer, 2018.Search in Google Scholar

[14] Carl M. Ellison. Ceremony Design and Analysis. IACR Cryptology ePrint Archive, 2007:399, 2007.Search in Google Scholar

[15] Paul Feldman. A practical scheme for non-interactive verifiable secret sharing. Annual Symposium on Foundations of Computer Science (Proceedings), pages 427–438, 11 1987.Search in Google Scholar

[16] Diogo AB Fernandes, Liliana FB Soares, João V Gomes, Mário M Freire, and Pedro RM Inácio. Security Issues in Cloud Environments: A Survey. International Journal of Information Security, 13(2):113–170, 2014.Search in Google Scholar

[17] Freedom of the Press Foundation. Sunder is a user-friendly graphical interface for Shamir’s Secret Sharing. https://github.com/freedomofpress/sunder, 2018. Accessed 2019-05-28.Search in Google Scholar

[18] Freedom of the Press Foundation. Welcome to Sunder. https://sunder.readthedocs.io/en/latest/, 2018. Accessed 2019-05-28.Search in Google Scholar

[19] Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz. How secure is TextSecure? In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pages 457–472. IEEE, 2016.Search in Google Scholar

[20] Ryan Gallagher and Glenn Greenwald. How the NSA Plans to Infect ‘Millions’ of Computers with Malware. The Intercept, 2014.Search in Google Scholar

[21] Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Robust Threshold DSS Signatures. In EUROCRYPT, pages 354–371, 1996.Search in Google Scholar

[22] Amir Herzberg, Stanisław Jarecki, Hugo Krawczyk, and Moti Yung. Proactive Secret Sharing Or: How to Cope With Perpetual Leakage. In Don Coppersmith, editor, Advances in Cryptology — CRYPT0’ 95, pages 339–352, Berlin, Heidelberg, 1995. Springer Berlin Heidelberg.Search in Google Scholar

[23] Markus Jakobsson. The human factor in phishing. Privacy & Security of Consumer Information, 7(1):1–19, 2007.Search in Google Scholar

[24] Javelin Strategy & Research. 2017 State of Authentication Report. https://fidoalliance.org/wp-content/uploads/The-State-of-Authentication-Report.pdf, 2017.Search in Google Scholar

[25] Isis Agora Lovecruft and Henry De Valence. https://doc.dalek.rs/curve25519_dalek/, 2018.Search in Google Scholar

[26] Taciane Martimiano, Jean Everson Martina, M Maina Olembo, and Marcelo Carlomagno Carlos. Modelling user devices in security ceremonies. In 2014 Workshop on Socio-Technical Aspects in Security and Trust, pages 16–23. IEEE, 2014.Search in Google Scholar

[27] Jean Everson Martina, Túlio Cícero Salavaro de Souza, and Ricardo Felipe Custodio. Ceremonies Formal Analysis in PKI’s Context. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 392–398. IEEE, 2009.Search in Google Scholar

[28] Chris McGreal. Martin Luther King friend and photographer was FBI informant. The Guardian, 2010.Search in Google Scholar

[29] Susan E. McGregor, Elizabeth Anne Watkins, Mahdi Nasrullah Al-Ameen, Kelly Caine, and Franziska Roesner. When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers. In 26th USENIX Security Symposium (USENIX Security 2017), pages 505–522, Vancouver, BC, 2017. USENIX Association.Search in Google Scholar

[30] Ventzislav Nikov and Svetla Nikova. On Proactive Secret Sharing Schemes. In International Workshop on Selected Areas in Cryptography, pages 308–325. Springer, 2004.Search in Google Scholar

[31] Rafail Ostrovsky and Moti Yung. How to Withstand Mobile Virus Attacks (Extended Abstract). In Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, PODC ’91, pages 51–59, New York, NY, USA, 1991. ACM.Search in Google Scholar

[32] Torben P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’91, pages 129–140, London, UK, UK, 1992. Springer-Verlag.Search in Google Scholar

[33] Trevor Perrin and Moxie Marlinspike. The Double Ratchet Algorithm. https://signal.org/docs/specifications/doubleratchet/, 2016.Search in Google Scholar

[34] Kenneth Radke, Colin Boyd, Juan Gonzalez Nieto, and Margot Brereton. Ceremony analysis: Strengths and weaknesses. In IFIP International Information Security Conference, pages 104–115. Springer, 2011.Search in Google Scholar

[35] Anjana Rajan, Lucy Qin, David W Archer, Dan Boneh, Tancrede Lepoint, and Mayank Varia. Callisto: A cryptographic approach to detecting serial perpetrators of sexual misconduct. In Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies, page 49. ACM, 2018.Search in Google Scholar

[36] Joel Reardon. Secure Data Deletion. Springer International Publishing, Cham, 2016.Search in Google Scholar

[37] Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. https://tools.ietf.org/html/rfc8446, August 2018.Search in Google Scholar

[38] Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, Sep. 1975.Search in Google Scholar

[39] Bruce Schneier. The Operating System That Can Protect You Even if You Get Hacked. https://freedom.press/news/the-operating-system-that-can-protect-you-even-if-you-get-hacked/, 2014. Accessed 2019-05-14.Search in Google Scholar

[40] Bruce Schneier. Cell Phone Opsec. https://www.schneier.com/blog/archives/2015/04/cell_phone_opse.html, 2019. Accessed 2019-05-24.Search in Google Scholar

[41] Adi Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.Search in Google Scholar

[42] Spin Research. https://github.com/spinresearch/rustysecrets, 2018.Search in Google Scholar

[43] Frank Stajano. Pico: No More Passwords! In Proceedings of the 19th International Conference on Security Protocols, SP’11, pages 49–81, Berlin, Heidelberg, 2011. Springer-Verlag.Search in Google Scholar

[44] Alma Whitten and J Doug Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In USENIX Security Symposium, volume 348, 1999.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo