
Citation: Kwangjoong Kim, Wonhyung Choi. Local dynamics and coexistence of predator–prey model with directional dispersal of predator[J]. Mathematical Biosciences and Engineering, 2020, 17(6): 6737-6755. doi: 10.3934/mbe.2020351
[1] | Zhen Yu, Sheng-Huang Lin, Chia-Ching Cho, Changping Chen . Performance management algorithm of financial shared service center based on Internet of Things public cloud privacy protection. Mathematical Biosciences and Engineering, 2023, 20(7): 12510-12528. doi: 10.3934/mbe.2023557 |
[2] | Kaimeng Chen, Chin-Chen Chang . High-capacity reversible data hiding in encrypted images based on two-phase histogram shifting. Mathematical Biosciences and Engineering, 2019, 16(5): 3947-3964. doi: 10.3934/mbe.2019195 |
[3] | Lihong Guo, Weilei Gao, Ye Cao, Xu Lai . Research on medical data security sharing scheme based on homomorphic encryption. Mathematical Biosciences and Engineering, 2023, 20(2): 2261-2279. doi: 10.3934/mbe.2023106 |
[4] | Li-na Zhang, Chen-yu Cui, Xiao-yu Zhang, Wei Wu . Adaptive visual cryptography scheme design based on QR codes. Mathematical Biosciences and Engineering, 2022, 19(12): 12160-12179. doi: 10.3934/mbe.2022566 |
[5] | Anichur Rahman, Muaz Rahman, Dipanjali Kundu, Md Razaul Karim, Shahab S. Band, Mehdi Sookhak . Study on IoT for SARS-CoV-2 with healthcare: present and future perspective. Mathematical Biosciences and Engineering, 2021, 18(6): 9697-9726. doi: 10.3934/mbe.2021475 |
[6] | Zilong Liu, Jingbing Li, Jing Liu . Encrypted face recognition algorithm based on Ridgelet-DCT transform and THM chaos. Mathematical Biosciences and Engineering, 2022, 19(2): 1373-1387. doi: 10.3934/mbe.2022063 |
[7] | Xiaoping Li, Yanjun Liu, Hefeng Chen, Chin-Chen Chang . A novel secret sharing scheme using multiple share images. Mathematical Biosciences and Engineering, 2019, 16(6): 6350-6366. doi: 10.3934/mbe.2019317 |
[8] | Lina Zhang, Jing Zhang, Jiaqi Sun, Qingpeng Chen . A global progressive image secret sharing scheme under multi-group joint management. Mathematical Biosciences and Engineering, 2024, 21(1): 1286-1304. doi: 10.3934/mbe.2024055 |
[9] | Feng Liu, Xuehu Yan, Lintao Liu, Yuliang Lu, Longdan Tan . Weighted visual secret sharing with multiple decryptions and lossless recovery. Mathematical Biosciences and Engineering, 2019, 16(5): 5750-5764. doi: 10.3934/mbe.2019287 |
[10] | Xuehu Yan, Longlong Li, Lintao Liu, Yuliang Lu, Xianhua Song . Ramp secret image sharing. Mathematical Biosciences and Engineering, 2019, 16(5): 4433-4455. doi: 10.3934/mbe.2019221 |
Internet of Things (IoT) is an emerging technology that utilises cloud connected devices to collect data for analysis. Healthcare industry is one of the most promising fields that have adopted IoT solutions since its early stage. The development of wearable technology, wireless body area network and cloud computing has established a new way for medical practitioners to acquire health data from patients. It greatly benefits health monitoring, epidemiological studies, and pharmaceutical research [1,2,3,4,5]. A common IoT-based architecture for healthcare applications is illustrated in Figure 1, which consists of a gateway device, a cloud server and several sensor nodes. Each sensor node can be viewed as a wearable equipment used for monitoring the health status of an individual, such as heart rate, blood pressure, brain wave, glucose level, etc. Under the given framework, the sensor nodes send the medical data to a local gateway device via wireless communication such as Wi-Fi or Bluetooth, whereas the gateway device agammaegates the data and store it in the cloud server for further analysis. However, there are risks of information leakage during data transmission and storage. For example, an adversary may attempt to eavesdrop the wireless communication, attack the gateway device or even access to the cloud server. Therefore, it is advisable to encrypt the data at each sensor node immediately after it is produced and incorporate secret sharing schemes to realise access control. In more details, each sensor node transmits the encrypted data to the gateway device by which data is integrated and encoded into shares of information. Due to security concerns, these shares are stored in separate cloud servers and the data retrieval must conform with the access policy. To realise this system, we present a novel research upon secret sharing in the encrypted domain.
Secret sharing is a study in cryptography originated independently by Blakley [6] and Shamir [7] in 1979. A secure (t, n)-threshold scheme is defined as splitting a secret message into n pieces of information in such a way that any fewer than t≤n pieces reveal no information about the secret. Only in the presence of t or more pieces will the secret be determined. Each piece of information is generally called a 'share' (as Sharmir's terminology) or a 'shadow' (as Blakley's terminology). An intuitive way of splitting a secret message, say, 'password' is to split it literally into shares: 'pa------', '--ss----', '----wo--', and '------rd'. This naïve approach is, however, insecure in the sense that every share leaks a part of the secret. Shamir proposed an elegant solution to share the secret in a secure manner. Suppose that a dealer wants to share a secret to n participants in such a way that only more than t participants pool their shares together will the secret be reconstructed. Let the secret be denoted by s and we generate t−1 random numbers denoted by r1, r2, ..., and rt−1. Then, we form a polynomial
f(x)≡s+r1x+r2x2+⋯+rt−1xt−1(modP), | (1.1) |
where P is a randomly chosen prime number. Let us draw any n points from the polynomial, for example, (1,f(1)), (2,f(2)), ..., and (n,f(n)), and distribute them to n participants respectively as shares. It is observed that there are t unknown variables in the polynomial and thus with t different points one is able to solve for the variables including the secret (i.e. the constant term). In other words, the reconstruction process is to simply use Lagrange interpolation to solve a set of t simultaneous equations. Shamir's scheme is algebraic in nature in contrast to Blakley's scheme based on geometric structures. As a toy example of Blakley's construction, consider the secret as a point in a three-dimensional space and the shadows as hyperplanes whose common intersection is the secret point. Any three of the planes suffice to identify the point. As each successive shadow is exposed, however, the range of possible values of the secret narrows. Since the introduction of secret sharing, numerous extended problems have appeared. The study towards a general access structure was considered by Ito, Saito, and Nishizeki [8] and had become a principal study since then [9,10,11,12]. To manage various malicious behaviour by dishonest parties, the notion of verifiable secret sharing was introduced by Chor et al. [13] and had been studied extensively thereafter [14,15,16,17,18,19]. Another closely related branch is visual cryptography originated by Naor and Shamir [20] for the secrecy of visual information, including greyscale, colour, and halftone images [21,22,23].
Over the past decades, secret sharing schemes have found various applications. One of the possible applications in the healthcare industry is to protect the privacy of patients' health records against cybersecurity threats while allowing efficient access for a group of authorised physicians and surgeons. In IoT-based healthcare applications, a patient's health record often contains medical data acquired from different sensor nodes. A full measure of privacy protection ought to even prevent data revelation between sensor nodes. More generally, we consider the problem of sharing multiple secrets (i.e. health data) generated from t different sources (i.e. sensor nodes) amongst a society of n participants (i.e. cloud servers of medical institutions). Every secret is prohibited from being revealed to another source as well as the dealer (i.e. gateway device). We remark that this statement can also be applied to other mutually distrustful situations, especially in the case of commercial applications. This problem, though different, is similar to that studied by Iirgemarsson and Simmons [24]. In their study, they noted that the problem of sharing the secret in the absence of a trusted dealer has been largely ignored by researchers in this area. In response to this, they introduced a two-level control protocol to share a secret determined by a democratic consent scheme without mutually trusted parties. Each participant equally contributes a private input to the determination of the secret and distributes the contribution among other participants through an autocratic sharing scheme.
In the following, let us consider two naïve solutions to our research problem and analyse their pros and cons. Among a variety of privacy protection mechanisms, encryption has a high level of reliability and universality. Naturally, the secrets are encrypted once they have been produced from the sources. The problem is therefore reduced to the sharing of encrypted data. Consider a key server who has a pair of public and private keys. The public key is used for encryption, whereas the private key is employed for decryption. The first solution is to create shares of the private key by arranging the key as the constant term in Eq. (1.1). The encrypted files, instead of being encoded as shares, are stored in a database. At the time when the number of collaborative participants are as many as required, the private key will be reconstructed and then the files in the database can be deciphered. On the one hand, this solution is simple and the computational load of the sharing procedure is light. On the other hand, however, to access the secret files, one must perform one reconstruction algorithm for the key plus one decryption algorithm for the files. In addition to this, this scheme requires different pairs of public and private keys for different sets of secret files (e.g. different patients' health records); otherwise, once the participants reconstruct the private key, they will be able to decipher all the files stored in the database. Furthermore, storing all the important files in a central database may be vulnerable to a number of cyber attacks. Thus, it is reasonable to share the files to authorised participants to reduce the risk of cyber threats.
The second solution is that suppose there are t encrypted secrets denoted by E(s0), E(s1), ..., and E(st−1). We form a polynomial by arranging t encrypted secrets as t coefficients in Eq. (1.1). More generally, we can assume that there are k encrypted secrets, where k≤t, and choose t−k random numbers as the rest of the coefficients to complete the polynomial. Either way, we can draw n points as the shares for individual participants. In the presence of t shares or more, the encrypted data will be reconstructed. With the decryption key, the data will eventually be revealed. In practice, this scheme has a non-trivial issue of key distribution amongst the participants. It may be addressed by one of the following approaches. First, use a secure channel to transmit the key to individual participants. Second, let the pair of encryption and decryption keys be generated by a key agreement protocol (e.g. Diffie–Hellman key exchange protocol [25]) amongst the group of participants, instead of being generated by the key server. Third, encrypt the key with each participant's public key and send it to the corresponding one as an instance of asymmetrical cryptography (e.g. elliptic curve cryptosystems [26]). Aside from the issue of key distribution, this scheme still requires extra efforts of participants, namely, one reconstruction step for the encrypted data plus one decryption step for the original data. It may be troublesome in particular situations. For instance, when there is a surgical emergency, the time delay for accessing health records becomes problematic. Hence, we conclude that these naïve solutions, though feasible, are deficient in several aspects, which motivate us towards finer constructions.
In this paper, we study how multiple sources are possible to share their secrets amongst a group of n participants without revealing their own secrets to one another. We analyse the pros and cons of several possible solutions and develop practical schemes: a simple (2, 2)-threshold scheme, an extended (n, n)-threshold scheme, and a generalised (t, n)-threshold scheme. The developed schemes follow Sharmir's construction in which a collusion of fewer than t participants has no better chance of guessing the secret than a non-participant who has no privileged information at all. The remainder of this paper is organised as follows. Section 2 gives the preliminaries of privacy homomorphisms. Section 3 reviews a naïve (2, 2)-threshold scheme. Section 4 discusses an extended (n, n)-threshold scheme. Section 5 studies a generalised (t, n)-threshold scheme. The paper is concluded in Section 6 with directions for future research.
The term 'privacy homomorphisms' was coined by Rivest et al. to describe special encryption functions which permit encrypted data to be operated on [27]. These special algebraic mappings between the paintext and ciphertext spaces allow the result of operations on the ciphertexts, when deciphered, to match the result of operations on the plaintexts. Let us see a well-understood example of privacy homomorphisms. Let p and q be two large primes and the modulus N=p⋅q. Let e and d be the public and private keys of the RSA cryptosystem, respectively. Note that e and d satisfy the condition that
e⋅d≡1(modϕ(N)), | (2.1) |
where ϕ is Euler's phi function, i.e. ϕ(N)=(p−1)(q−1). The RSA cryptosystem has an encryption function
c≡me(modN), | (2.2) |
and a decryption function
m≡cd(modN), | (2.3) |
where m denotes the message and c denotes the ciphertext. Suppose that we wish to generate the encrypted result which, when decrypted, matches the product of two messages m1 and m2 through the operations on the ciphertexts c1 and c2. This is achieved by
(m1e)⋅(m2e)≡(m1⋅m2)e(modN). | (2.4) |
For more information about the RSA cryptosystem, the reader is referred to [28].
Since the introduction of privacy homomorphisms, there has been a surge of interests in the design of homomorphic cryptosystems (e.g. ElGamal [29], Okamoto–Uchiyama [30], and Damgård–Jurik [31] cryptosystems). One of the well-studied homomorphic cryptosystems is the Paillier cryptosystem [32]. Let m1 and m2 be two arbitrary messages, N be the product of two large primes, E(⋅) be the encryption function, and D(⋅) be the decryption function. The Paillier cryptosystem permits homomorphic addition:
D(E(m1)⋅E(m2)modN2)≡m1+m2(modN), | (2.5) |
and homomorphic multiplication:
D(E(m1)m2modN2)≡m1⋅m2(modN). | (2.6) |
More details of the Paillier cryptosystem are described as follows. This consists of three phases: key generation phase, encryption phase, and decryption phase. In the key generation phase, we choose two large primes p and q. Then, we compute N=pq and λ=lcm(p−1,q−1), where 'lcm' stands for least common multiple. Afterwards, we select a random integer g∈Z/N2Z∗ and calculate
μ≡(L(gλ(modN2)))−1(modN), | (2.7) |
where
L(x)=x−1N. | (2.8) |
As a result, the public key is (n,g) and the private key is (λ,μ). In the encryption phase, let m be a message to be encrypted and r be a randomly selected integer, where m,r∈Z/NZ. The ciphertext is then computed as
c≡gm⋅rN(modN2). | (2.9) |
This scheme has a ciphertext expansion phenomenon as the message space is M=Z/NZ and the ciphertext spac is C=Z/N2Z∗. In the decryption phase, the plaintext message is deciphered by
m≡L(cλ(modN2))⋅μ(modN). | (2.10) |
It is observed that the decryption process involves a modular exponentiation, which is computationally expensive, with the addition of other operations of minor cost. Therefore, as aforementioned, in some time-sensitive applications, one would wish not to involve decryption in the secret reconstruction process. In the remainder of this paper, we assume all the homomorphisms applied are those of the Paillier cryptosystem unless otherwise specified. Nevertheless, the applicable homomorphisms are included but by no means limited to the homomorphisms of this particular cryptosystem.
Recently, we proposed a (2, 2)-threshold multi-secret sharing scheme to split a batch of two secrets into two shares via a semi-honest (or honest-but-curious) cloud service provider [33]. Only in the presence of two shares, the batch of two secrets can be restored. Let us describe how this scheme can solve the problem of privacy-preserving secret sharing. Let s1 and s2 be two secrets generated from two separate sources, respectively. To preserve the privacy of secrets, s1 and s2 are encrypted immediately after being produced. The encrypted secrets E(s2) and E(s2) are uploaded to the dealer for sharing. Let x1 and x2 be any integers that satisfy
gcd(x1+x2,N)=1,gcd(x1−x2,N)=1. | (3.1) |
Note that 'gcd' stands for greatest common divisor. It is not difficult to find proper x1 and x2 because N is the product of two large primes. Since
x12−x22≡(x1+x2)⋅(x1−x2)(modN), | (3.2) |
we derive
gcd(x12−x22,N)=1. | (3.3) |
This also implies
gcd(x12−x22,N)=1. | (3.4) |
Then, two shares are created as
E(y1)≡E(s1)x1⋅E(s2)x2(modN2),E(y2)≡E(s1)x2⋅E(s2)x1(modN2). | (3.5) |
Following the homomorphic properties, we rewrite
E(y1)≡E(s1x1+s2x2)(modN2),E(y2)≡E(s1x2+s2x1)(modN2). | (3.6) |
The dealer distributes x1 and x2 to two participants and sends E(y1) and E(y2) to the key server for decryption. The decrypted results are
y1≡s1x1+s2x2(modN),y2≡s1x2+s2x1(modN). | (3.7) |
Then, y1 and y2 are also dispensed to the participants. When the participants pool their shares (x1,y1) and (x2,y2) together, they compute
x1y1−x2y2≡(x12−x22)s1(modN). | (3.8) |
Note that
x1y1≡(x12s1+x1x2s2)(modN)x2y2≡(x22s1+x1x2s2)(modN). | (3.9) |
Since gcd(x12−x22,n)=1, we know there exists one and only one modular multiplicative inverse such that
(x12−x22)⋅(x12−x22)−1≡1(modN). | (3.10) |
The value of (x12−x22)−1 can be solved by the extended Euclidean algorithm. Eventually, the secret s1 is unveiled by
s1≡(x1y1−x2y2)⋅(x12−x22)−1(modN). | (3.11) |
In the same manner, the secret s2 is decoded as
s2≡(x2y1−x1y2)⋅(x22−x12)−1(modN). | (3.12) |
It is worth noting that even though y1 and y2 have been disclosed to the key server during the process, s1 and s2 are still kept secret since the key server has no knowledge about x1 and x2. The secret reconstruction process does not involve the decryption operation and thus is time-efficient.
Let us extend the previous (2, 2)-threshold scheme to a (n, n)-threshold scheme. For conciseness, we omit modulus symbols in the following description where there is no ambiguity. Let n secrets generated from sources be denoted by s1, s2, …, and sn. After encryption, the encrypted results, written as E(s1), E(s2), …, and E(sn), are transmitted to the dealer for sharing. The dealer chooses n random numbers x1, x2, …, and xn such that a matrix
X=(x1x2x3⋯xnx2x3x4⋯x1⋮⋮⋮⋱⋮xnx1x2⋯xn−1) | (4.1) |
has a modular multiplicative inverse X−1 in Z/NZ. Alternatively, X must satisfy gcd(det(X),N)=1 and det(X)≠0. Note that 'det' stands for determinant. Let the dealer compute
E(y1)=E(s1)x1E(s2)x2⋯E(sn)xn,E(y2)=E(s1)x2E(s2)x3⋯E(sn)x1,⋮E(yn)=E(s1)xnE(s2)x1⋯E(sn)xn−1. | (4.2) |
According to the homomorphic properties, we derive
E(y1)=E(s1x1+s2x2+⋯+snxn),E(y2)=E(s1x2+s2x3+⋯+snx1),⋮E(yn)=E(s1xn+s2x1+⋯+snxn−1). | (4.3) |
The sharing process can be fulfilled by cloud computing to relieve the dealer of computational burdens without revealing the private information about the secrets. The dealer dispenses x1, x2, …, and xn to n participants respectively and passes E(y1), E(y2), …, and E(yn) to the key server for decryption. The decrypted results, written as
(y1y2⋮yn)=X(s1s2⋮sn), | (4.4) |
are allocated to individual participants as well. When all the participants pool their shares together, they retrieve the secrets by
(s1s2⋮sn)=X−1(y1y2⋮yn). | (4.5) |
Example. Let us demonstrate that the previous (2, 2)-threshold scheme is actually a special case of the (n, n)-threshold scheme. In the case where there are two secrets s1 and s2 to be encoded, the dealer randomly chooses x1 and x2 to form a matrix
(x1x2x2x1). |
Then, we compute
E(y1)=E(s1)x1E(s2)x2=E(s1x1+s2x2),E(y2)=E(s1)x1E(s2)x2=E(s1x2+s2x1), |
which are equivalent to the results in Eq. (3.5) and Eq. (3.6). By decryption, we obtain
(y1y2)=(x1x2x2x1)(s1s2), |
which are equal to the results in Eq. (3.7). Eventually, we retrieve the secrets by
(s1s2)=(x1x2x2x1)−1(y1y2), |
which are identical to the results in Eq. (3.11) and Eq. (3.12).
As an extension of the (2, 2)-threshold scheme, this scheme has the same security strength. It is theoretically secure in the sense that any subset of participants has absolutely no knowledge about the secrets unless all the shares are in presence. The secret reconstruction procedure does not involve decryption. Thus, it is time-efficient and can be established without the means of key distribution.
In light of the previous (n, n)-threshold scheme, we further derive a generalised (t, n)-threshold scheme. Before we proceed further, let us discuss some possible (t, n)-threshold schemes and analyse their pros and cons. Let {si}ti=1 denote t secrets generated from separate sources and P be a large prime. With Shamir's algorithm, the dealer constructs a polynomial
f(x)≡t∑i=1sixi−1(modP), | (5.1) |
and draws n points (x1, f(x1)), (x2, f(x2)), …, (xn, f(xn)) as shares for n participants. In our defined scenario, the secrets are encrypted into {E(si)}ti=1 immediately after being produced. Let k denotes the decryption key. The first possible scheme is to split k into n shares by drawing n points from the following polynomial:
f1(x)≡k+t−1∑j=1rjxj(modP), | (5.2) |
where {rj}t−1j=1 are t−1 randomly chosen integers. The encrypted data has to be stored in a database so that when t or more participants reconstruct the key collaboratively, they can retrieve and decrypt the data. Nonetheless, the database may be vulnerable to numerous cyber attacks. The second possible scheme is to create shares according to the following polynomial:
f2(x)≡t∑i=1E(si)xi−1(modP). | (5.3) |
When t or more participants co-operate, they can reconstruct the encrypted data. In order to decrypt the data, the scheme must engage a key distribution protocol to share the key amongst the participants. To compensate for the shortcomings, one may think of combining the previous two solutions and build a polynomial in the following form:
f3(x)≡k+t−1∑j=1E(sj)xj(modP). | (5.4) |
In this way, the authorised subset of participants is able to reconstruct and decrypt the data from the shares. With the knowledge of the key, however, the dealer is able to decipher the data and thus the privacy is threatened. Regrettably, as previous strategies all have obvious limitations, we need to find another way to do so.
For a moment, let us forget about the problem of sharing ciphertexts and only consider sharing the plaintexts since extending the idea to the sharing of the ciphertexts is easy once the following concepts are understood. Let st,1 denote a vector of t secrets, yn,1 denote a vector of n shares, and Xn,t denote an n×t matrix. We define an encoding function
yn,1=Xn,t⋅st,1 | (5.5) |
and a decoding function
st,1=X−1t,t⋅yt,1, | (5.6) |
where yt,1⊂yn,1, and Xt,t⊂Xn,t. In the case of (n, n)-threshold secret sharing, the above encoding and decoding functions are equivalent to Eq. (4.4) and Eq. (4.5), respectively. In the previous special case, we only require that Xn,n has a modular multiplicative inverse. In the current generalised case, however, we require that any t×t sub-matrix of Xn,t has a modular multiplicative inverse. In fact, when t=n, the current requirement reduces to the previous one since the one and only sub-matrix of Xn,t is Xn,t itself. Our question is hence 'is it possible to construct a valid matrix Xn,t such that any square matrix Xt,t consisting of t rows of Xn,t has a multiplicative inverse?'.
A matrix A is invertible if and only if its determinant is non-zero. When t and n are small numbers, we could use trial and error to construct a valid Xn,t such that det(Xt,t)≠0 for any Xt,t. This approach is, however, not practical since collisions become difficult to be handled as the ratio between n and t, implying the number of possible combinations, grows large. To obtain a valid matrix in a systematic way, one of the possible solutions is to construct a Vandermonde matrix.
Definition (Vandermonde matrix). An n×t Vandermonde matrix has a form
An,t=(α10α11α12⋯α1t−1α20α21α22⋯α2t−1⋮⋮⋮⋱⋮αn0αn1αn2⋯αnt−1). |
For a t×t square Vandermonde matrix, the determinant is given by
det(At,t)=∏1≤i<j≤t(αj−αi). |
Example. Let us compute det(A), where
A=(1α1α121α2α221α3α32). |
The determinant of A is given by
det(1α1α121α2α221α3α32)=det(1α1α120α2−α1α22−α120α3−α1α32−α12)=det(α2−α1α22−α12α3−α1α32−α12)=(α2−α1)(α3−α1)det(1α2−α11α3−α1)=(α2−α1)(α3−α1)det(1α2−α10α3−α2)=(α2−α1)(α3−α1)(α3−α2) |
Corollary (Invertible Vandermonde matrix). A square Vandermonde matrix is invertible if and only if all αi are distinct. When the condition suffices, the matrix has a nonzero determinant.
Given the above preliminaries, we can start with the detailed construction of sharing ciphertexts. Consider a Vandermonde matrix written as
Xn,t=(x10x11x12⋯x1t−1x20x21x22⋯x2t−1⋮⋮⋮⋱⋮xn0xn1xn2⋯xnt−1), | (5.7) |
where {xi}ni=1 are all distinct. The shares are created as
E(y1)=E(s1)x10E(s2)x11⋯E(st)x1t−1,E(y2)=E(s1)x20E(s2)x21⋯E(st)x2t−1,⋮E(yn)=E(s1)xn0E(s2)xn1⋯E(st)xnt−1. | (5.8) |
Due to privacy homomorphisms, the above results are equivalent to
E(y1)=E(s1x10+s2x11+⋯+stx1t−1),E(y2)=E(s1x20+s2x21+⋯+stx2t−1),⋮E(yn)=E(s1xn0+s2xn1+⋯+stxnt−1). | (5.9) |
After decryption, the results become
y1=s1x10+s2x11+⋯+stx1t−1,y2=s1x20+s2x21+⋯+stx2t−1,⋮yn=s1xn0+s2xn1+⋯+stxnt−1, | (5.10) |
or alternatively, as expressed in Eq. (5.5). Each participant will receive a share (xi, yi), where i∈{1,2,…,n}. Suppose that a subset of participants has gathered a collection of shares, say, (xj, yj), where j∈{1,2,…,t}. Hence, the participants form a matrix
Xt,t=(x10x11x12⋯x1t−1x20x21x22⋯x2t−1⋮⋮⋮⋱⋮xt0xt1xt2⋯xtt−1), | (5.11) |
and reconstruct the secrets with Eq. (5.6). Note that Xt,t is a square Vandermonde matrix, thus invertible. The reader may have observed that when Xn,t is a Vandermonde matrix, Eq. (5.5) and Eq. (5.6) are the encoding and decoding functions of Shamir's scheme per se. Let f(x) denote Shamir's encoding function, while g(x) denote ours. The connection between two functions can be expressed as
g(x)=t∏i=1E(si)xi−1=E(t∑i=1sixi−1)=E(f(x)). | (5.12) |
Except for the processing domain (either the plaintext or ciphertext domain), a noticeable difference between two schemes is the decoding process for which Shamir uses the Lagrange interpolation and we utilise a matrix multiplication. We remark that there are many studies on fast algorithms for matrix inversion [34] and multiplication [35,36,37].
In this paper, we address a novel research problem of secret sharing in the encrypted domain for IoT-based healthcare applications. We study the problem of sharing encrypted data, acquired from different sensor nodes, among a set of cloud servers. In conclusion, the proposed schemes are theoretically secure in the following senses. First, since the secret data is concealed by a secure encryption algorithm immediately after its creation, the dealer as well as other sources cannot access the secret data. Second, the key server only has partial shares and thus is also unable to retrieve the secret data. Third, conforming with the access policy, a subset of fewer than a certain number of participants does not suffice to decode the secrets either. In addition to this, the data is not required to be stored in a common database so that the scheme is not vulnerable to cyber threats against the database. Furthermore, since data retrieval does not involve computationally expensive decryption operations, the scheme is advantageous in time-sensitive circumstances. In the near future we intend to extend this work into a more general access structure based on the assumption that there are dishonest parties involved. Another line of further investigation is the application of this work in visual cryptography.
This work was supported by the Marie Skłodowska-Curie actions of EU Horizon 2020 programme through the project entitled 'Computer Vision Enabled Multimedia Forensics and People Identification' (Project No. 690907, Acronym: IDENTITY).
All authors declare no conflicts of interest in this paper.
[1] | M. Iida, M. Mimura, H. Ninomiya, Diffusion, cross-diffusion and competitive interaction, J. Math. Biol., 53 (2006), 617-641. |
[2] |
W. Ko, K. Ryu, On a predator-prey system with cross diffusion representing the tendency of predators in the presence of prey species, J. Math. Anal. Appl., 341 (2008), 1133-1142. doi: 10.1016/j.jmaa.2007.11.018
![]() |
[3] |
T. Kadota, K. Kuto, Positive steady states for a prey-predator model with some nonlinear diffusion terms, J. Math. Anal. Appl., 323 (2006), 1387-1401. doi: 10.1016/j.jmaa.2005.11.065
![]() |
[4] | K. Kuto, A strongly coupled diffusion effect on the stationary solution set of a prey-predator model, Adv. Differential. Equ., 12 (2007), 145-172. |
[5] | K. Kuto, Y. Yamada, Coexistence problem for a prey-predator model with density-dependent diffusion, Nonlinear Anal.-Theor., 71 (2009), e2223-e2232. |
[6] | K. Kuto, Y. Yamada, Limiting characterization of stationary solutions for a prey-predator model with nonlinear diffusion of fractional type, Differ. Integral. Equ., 22 (2009), 725-752. |
[7] |
Y. Lou, W. Ni, Diffusion vs cross-diffusion: an elliptic approach, J. Differ. Equations, 154 (1999), 157-190. doi: 10.1006/jdeq.1998.3559
![]() |
[8] |
K. Ryu, I. Ahn, Positive steady-states for two interacting species models with linear self-cross diffusions, Discrete Contin. Dyn-A, 9 (2003), 1049. doi: 10.3934/dcds.2003.9.1049
![]() |
[9] |
K. Ryu, I. Ahn, Coexistence theorem of steady states for nonlinear self-cross diffusion systems with competitive dynamics, J. Math. Anal. Appl., 283 (2003), 46-65. doi: 10.1016/S0022-247X(03)00162-8
![]() |
[10] |
N. Shigesada, K. Kawasaki, E. Teramoto, Spatial segregation of interacting species, J. Theor. Biol., 79 (1979), 83-99. doi: 10.1016/0022-5193(79)90258-3
![]() |
[11] | I. Averill, K. Lam, Y. Lou, The role of advection in a two-species competition model: a bifurcation approach, volume 245. American Mathematical Society, 2017. |
[12] |
X. Chen, K. Lam, Y. Lou, Dynamics of a reaction-diffusion-advection model for two competing species, Discrete Contin. Dyn. S., 32 (2012), 3841-3859. doi: 10.3934/dcds.2012.32.3841
![]() |
[13] |
C. Cosner, Reaction-diffusion-advection models for the effects and evolution of dispersal, Discrete Contin. Dyn-A, 34 (2014), 1701-1745. doi: 10.3934/dcds.2014.34.1701
![]() |
[14] |
R. S. Cantrell, C. Cosner, Y. Lou, Movement toward better environments and the evolution of rapid diffusion, Math. Biosci., 204 (2006), 199-214. doi: 10.1016/j.mbs.2006.09.003
![]() |
[15] |
R. S. Cantrell, C. Cosner, Y. Lou, Advection-mediated coexistence of competing species, P. Roy. Soc. Edinb. A., 137 (2007), 497-518. doi: 10.1017/S0308210506000047
![]() |
[16] |
R. S. Cantrell, C. Cosner, Y. Lou, Approximating the ideal free distribution via reaction-diffusion- advection equations, J. Differ. Equations, 245 (2008), 3687-3703. doi: 10.1016/j.jde.2008.07.024
![]() |
[17] |
C. Cosner, Y. Lou, Does movement toward better environments always benefit a population?, J. Math. Anal. Appl., 277 (2003), 489-503. doi: 10.1016/S0022-247X(02)00575-9
![]() |
[18] |
K. Kuto, T. Tsujikawa, Limiting structure of steady-states to the lotka-volterra competition model with large diffusion and advection, J. Differ. Equations, 258 (2015), 1801-1858. doi: 10.1016/j.jde.2014.11.016
![]() |
[19] |
K.-Y. Lam, W.-M. Ni, Advection-mediated competition in general environments, J. Differ. Equations, 257 (2014), 3466-3500. doi: 10.1016/j.jde.2014.06.019
![]() |
[20] |
K.-Y. Lam, W. M. Ni, Limiting profiles of semilinear elliptic equations with large advection in population dynamics, Discrete Contin. Dyn. Syst., 28 (2010), 1051-1067. doi: 10.3934/dcds.2010.28.1051
![]() |
[21] |
E. Cho, Y.-J. Kim, Starvation driven diffusion as a survival strategy of biological organisms, B. Math. Biol., 75 (2013), 845-870. doi: 10.1007/s11538-013-9838-1
![]() |
[22] |
W. Choi, S. Baek, I. Ahn, Intraguild predation with evolutionary dispersal in a spatially heterogeneous environment, J. Math. Biol., 78 (2019), 2141-2169. doi: 10.1007/s00285-019-01336-5
![]() |
[23] |
W. Choi, I. Ahn, Strong competition model with non-uniform dispersal in a heterogeneous environment, Appl. Math. Lett., 88 (2019), 96-102. doi: 10.1016/j.aml.2018.08.014
![]() |
[24] |
W. Choi, I. Ahn, Non-uniform dispersal of logistic population models with free boundaries in a spatially heterogeneous environment, J. Math. Anal. Appl., 479 (2019), 283-314. doi: 10.1016/j.jmaa.2019.06.027
![]() |
[25] |
W. Choi, I. Ahn, Predator-prey interaction systems with non-uniform dispersal in a spatially heterogeneous environment, J. Math. Anal. Appl., 485 (2020), 123860. doi: 10.1016/j.jmaa.2020.123860
![]() |
[26] |
Y.-J. Kim, O. Kwon, F. Li, Evolution of dispersal toward fitness, B. Math. Biol., 75 (2013), 2474- 2498. doi: 10.1007/s11538-013-9904-8
![]() |
[27] |
Y.-J. Kim, O. Kwon, F. Li, Global asymptotic stability and the ideal free distribution in a starvation driven diffusion, J. Math. Biol., 68 (2014), 1341-1370. doi: 10.1007/s00285-013-0674-6
![]() |
[28] |
Y.-J. Kim, O. Kwon, Evolution of dispersal with starvation measure and coexistence, B. Math. Biol., 78 (2016), 254-279. doi: 10.1007/s11538-016-0142-8
![]() |
[29] |
W. Choi, I. Ahn, Effect of prey-taxis on predator's invasion in a spatially heterogeneous environment, Appl. Math. Lett., 98 (2019), 256-262. doi: 10.1016/j.aml.2019.06.021
![]() |
[30] |
S. Wu, J. Shi, B. Wu, Global existence of solutions and uniform persistence of a diffusive predator- prey model with prey-taxis, J. Differ. Equations, 260 (2016), 5847-5874. doi: 10.1016/j.jde.2015.12.024
![]() |
[31] |
H. Jin, Z. Wang, Global stability of prey-taxis systems, J. Differ. Equations, 262 (2017), 1257- 1290. doi: 10.1016/j.jde.2016.10.010
![]() |
[32] |
Y. Tao, Global existence of classical solutions to a predator-prey model with nonlinear prey-taxis, Nonlinear Anal.-Real., 11 (2010), 2056-2064. doi: 10.1016/j.nonrwa.2009.05.005
![]() |
[33] |
X. He, S. Zheng, Global boundedness of solutions in a reaction-diffusion system of predator-prey model with prey-taxis, Appl. Math. Lett., 49 (2015), 73-77. doi: 10.1016/j.aml.2015.04.017
![]() |
[34] |
C. Li, X. Wang, Y. Shao, Steady states of a predator-prey model with prey-taxis, Nonlinear Anal.- Theor., 97 (2014), 155-168. doi: 10.1016/j.na.2013.11.022
![]() |
[35] | P. A. Abrams, L. R. Ginzburg, The nature of predation: prey dependent, ratio dependent or neither?, Trends Ecol. Evol., 15 (2000), 337-341. |
[36] |
R. Arditi, L. R. Ginzburg, Coupling in predator-prey dynamics: ratio-dependence, J. Theor. Biol., 139 (1989), 311-326. doi: 10.1016/S0022-5193(89)80211-5
![]() |
[37] |
C. Cosner, D. L. DeAngelis, J. S. Ault, D. B. Olson, Effects of spatial grouping on the functional response of predators, Theor. Popul. Biol., 56 (1999), 65-75. doi: 10.1006/tpbi.1999.1414
![]() |
[38] |
J. M. Culp, N. E. Glozier, G. J. Scrimgeour, Reduction of predation risk under the cover of darkness: avoidance responses of mayfly larvae to a benthic fish, Oecologia, 86 (1991), 163-169. doi: 10.1007/BF00317527
![]() |
[39] |
F. Mougeot, V. Bretagnolle, Predation risk and moonlight avoidance in nocturnal seabirds, J. Avian. Biol., 31 (2000), 376-386. doi: 10.1034/j.1600-048X.2000.310314.x
![]() |
[40] | T. Caro, Antipredator defenses in birds and mammals, University of Chicago Press, 2005. |
[41] | H. B. Cott, Adaptive coloration in animals, 1940. |
[42] |
J. M. Hemmi, Predator avoidance in fiddler crabs: 1. escape decisions in relation to the risk of predation, Anim. Behav., 69 (2005), 603-614. doi: 10.1016/j.anbehav.2004.06.018
![]() |
[43] | W. J. Bell, Searching behaviour: the behavioural ecology of finding resources, Springer Science & Business Media, 2012. |
[44] |
S. Benhamou, Spatial memory and searching efficiency, Anim. Behav., 47 (1994), 1423-1433. doi: 10.1006/anbe.1994.1189
![]() |
[45] |
S. Benhamou, Bicoordinate navigation based on non-orthogonal gradient fields, J. Theo. Biol., 225 (2003), 235-239. doi: 10.1016/S0022-5193(03)00242-X
![]() |
[46] | W. F. Fagan, M. A. Lewis, M. Auger-Meth ′ e, T. Avgar, S. Benhamou, G. Breed, et al., Spatial ′ memory and animal movement, Ecol. Lett., 16 (2013), 1316-1329. |
[47] |
S. M. Flaxman, Y. Lou, Tracking prey or tracking the prey's resource? mechanisms of movement and optimal habitat selection by predators, J. Theor. Biol., 256 (2009), 187-200. doi: 10.1016/j.jtbi.2008.09.024
![]() |
[48] |
S. M. Flaxman, Y. Lou, F. G. Meyer, Evolutionary ecology of movement by predators and prey, Theor. Ecol., 4 (2011), 255-267. doi: 10.1007/s12080-011-0120-6
![]() |
[49] | A. M. Kittle, M. Anderson, T. Avgar, J. A. Baker, G. S. Brown, J. Hagens, et al., Landscape-level wolf space use is correlated with prey abundance, ease of mobility, and the distribution of prey habitat, Ecosphere, 8 (2017), e01783. |
[50] | H. Amann, Nonhomogeneous linear and quasilinear elliptic and parabolic boundary value problems, In Function spaces, differential operators and nonlinear analysis, pages 9-126. Springer, 1993. |
[51] | R. S. Cantrell, C. Cosner, Spatial ecology via reaction-diffusion equations, John Wiley & Sons, 2004. |
[52] |
L. J. S. Allen, B. M. Bolker, Y. Lou, A. L. Nevai, Asymptotic profiles of the steady states for an sis epidemic reaction-diffusion model, Discrete Contin. Dyn. Syst. Ser. A, 21 (2008), 1. doi: 10.3934/dcds.2008.21.1
![]() |
[53] |
X. He, W.-M. Ni, Global dynamics of the lotka-volterra competition-diffusion system: Diffusion and spatial heterogeneity i, Commun. Pur. Appl. Math., 69 (2016), 981-1014. doi: 10.1002/cpa.21596
![]() |
[54] |
E. N. Dancer, On the indices of fixed points of mappings in cones and applications, J. Math. Anal. Appl., 91 (1983), 131-151. doi: 10.1016/0022-247X(83)90098-7
![]() |
[55] |
L. Li, Coexistence theorems of steady states for predator-prey interacting systems, T. Am. Math. Soc., 305 (1988), 143-166. doi: 10.1090/S0002-9947-1988-0920151-1
![]() |
[56] | M. Wang, Z. Li, Q. Ye, Existence of positive solutions for semilinear elliptic system, In Qualitative aspects and applications of nonlinear evolution equations, 1991. |
[57] |
K. Ryu, I. Ahn, Positive solutions for ratio-dependent predator-prey interaction systems, J. Differ. Equations, 218 (2005), 117-135. doi: 10.1016/j.jde.2005.06.020
![]() |
1. | Guo-Dong Su, Chin-Chen Chang, Chia-Chen Lin, Zhi-Qiang Yao, Secure high capacity tetris-based scheme for data hiding , 2021, 1751-9659, 10.1049/iet-ipr.2019.1694 | |
2. | Xiao-Zhu Xie, Chin-Chen Chang, Ji-Hwei Horng, An EMD-based data hiding scheme for JPEG images, 2020, 0954-0091, 1, 10.1080/09540091.2020.1853055 | |
3. | Ya Liu, Guangdong Feng, Chuan Qin, Haining Lu, Chin-Chen Chang, High-Capacity Reversible Data Hiding in Encrypted Images Based on Hierarchical Quad-Tree Coding and Multi-MSB Prediction, 2021, 10, 2079-9292, 664, 10.3390/electronics10060664 | |
4. | Shuying Xu, Chin-Chen Chang, Yanjun Liu, A high-capacity reversible data hiding scheme for encrypted images employing vector quantization prediction, 2021, 1380-7501, 10.1007/s11042-021-10698-2 | |
5. | Chin-Chen Chang, Ji-Hwei Horng, Chia-Shou Shih, Xu Wang, VQ-oriented data hiding based on adjustable error compensation strategy, 2021, 0954-0091, 1, 10.1080/09540091.2021.1900073 | |
6. | Hyeji Roh, Seulgi Shin, Jinseo Han, Sangsoon Lim, A deep learning-based medication behavior monitoring system, 2021, 18, 1551-0018, 1513, 10.3934/mbe.2021078 | |
7. | Yang Ming, Xiaopeng Yu, Xiaoqin Shen, Efficient Anonymous Certificate-Based Multi- Message and Multi-Receiver Signcryption Scheme for Healthcare Internet of Things, 2020, 8, 2169-3536, 153561, 10.1109/ACCESS.2020.3018488 | |
8. | Ching-Chun Chang, Chi-Hua Chen, Cryptospace Invertible Steganography with Conditional Generative Adversarial Networks, 2021, 2021, 1939-0122, 1, 10.1155/2021/5538720 | |
9. | Guo-Dong Su, Ching-Chun Chang, Toward high-capacity crypto-domain reversible data hiding with huffman-based lossless image coding, 2022, 0178-2789, 10.1007/s00371-022-02613-z | |
10. | Maha A. Sayal, Mali H Hakem Alameady, 2022, Homomorphic Encryption between Client and Cloud Server, 978-1-6654-7013-1, 227, 10.1109/ISMSIT56059.2022.9932781 | |
11. | Yung-Hui Li, Ching-Chun Chang, Guo-Dong Su, Kai-Lin Yang, Muhammad Saqlain Aslam, Yanjun Liu, Coverless image steganography using morphed face recognition based on convolutional neural network, 2022, 2022, 1687-1499, 10.1186/s13638-022-02107-5 | |
12. | Chin-Chen Chang, Ji-Hwei Horng, Jui-Feng Chang, 2021, High-Payload Data Hiding Scheme Based on Ordered Shifting of AC Coefficients for JPEG Images, 978-1-6654-3358-7, 1, 10.1109/iFUZZY53132.2021.9605080 | |
13. | Haoyang Kang, Lu Leng, Chin-Chen Chang, Overlapped (7,4) hamming code for large-capacity and low-loss data hiding, 2023, 1380-7501, 10.1007/s11042-023-14502-1 | |
14. | Guo-Dong Su, Chia-Chen Lin, Chin-Chen Chang, Chi-Hua Chen, Privacy-Preserving Reversible Data Hiding for Medical Images Employing Local Rotation, 2021, 2021, 2040-2309, 1, 10.1155/2021/5709513 | |
15. | Chuan Qin, Chanyu Jiang, Qun Mo, Heng Yao, Chin-Chen Chang, Reversible Data Hiding in Encrypted Image via Secret Sharing Based on GF(p) and GF(2⁸), 2022, 32, 1051-8215, 1928, 10.1109/TCSVT.2021.3091319 | |
16. | Chin-Chen Chang, Jui-Feng Chang, Wei-Jiun Kao, Ji-Hwei Horng, Two-Layer Reversible Data Hiding for VQ-Compressed Images Based on De-Clustering and Indicator-Free Search-Order Coding, 2021, 13, 1999-5903, 215, 10.3390/fi13080215 | |
17. | Chin-Chen Chang, Guo-Dong Su, Chia-Chen Lin, Yung-Hui Li, Position-Aware Guided Hiding Data Scheme with Reversibility and Adaptivity for Dual Images, 2022, 14, 2073-8994, 509, 10.3390/sym14030509 | |
18. | Sisheng Chen, Ching-Chun Chang, Isao Echizen, Steganographic Secret Sharing With GAN-Based Face Synthesis and Morphing for Trustworthy Authentication in IoT, 2021, 9, 2169-3536, 116427, 10.1109/ACCESS.2021.3105590 | |
19. | Xiaoping Li, Ching-Chun Chang, Yanjun Liu, A generalized Chinese remainder theorem-based proactive multi-secret sharing scheme for global wide area network, 2021, 78, 1018-4864, 49, 10.1007/s11235-021-00791-0 | |
20. | Xiao-Zhu Xie, Chin-Chen Chang, Hiding data in dual images based on turtle shell matrix with high embedding capacity and reversibility, 2021, 80, 1380-7501, 36567, 10.1007/s11042-021-11368-z | |
21. | Shuying Xu, Chin-Chen Chang, Ji-Hwei Horng, A Steganography Based on Optimal Multi-Threshold Block Labeling, 2023, 44, 0267-6192, 721, 10.32604/csse.2023.026046 | |
22. | Kai-Meng Chen, Chin-Chen Chang, High-capacity separable reversible data-Hiding method in encrypted images based on block-level encryption and Huffman compression coding, 2021, 33, 0954-0091, 975, 10.1080/09540091.2021.1926930 | |
23. | Arup Kumar Chattopadhyay, Sanchita Saha, Amitava Nag, Sukumar Nandi, Secret sharing: A comprehensive survey, taxonomy and applications, 2024, 51, 15740137, 100608, 10.1016/j.cosrev.2023.100608 | |
24. | Guo-Dong Su, Chin-Chen Chang, Chia-Chen Lin, An effective compressed image authentication scheme based on N-variant AMBTC, 2024, 83, 1380-7501, 3801, 10.1007/s11042-023-15486-8 | |
25. | Saja Kareem Ismael, Mohamed Ibrahim Shujaa, Ahmed Bahaaulddin A. Alwahhab, 2024, 3232, 0094-243X, 020017, 10.1063/5.0236652 | |
26. | Yongning Guo, Guodong Su, Zhiqiang Yao, Wang Zhou, Reversible data hiding scheme for encrypted JPEG bitstreams using adaptive RZL rotation, 2024, 25, 2095-9184, 1353, 10.1631/FITEE.2300749 | |
27. | Yuan Guo, Ziqi Liu, Coverless Steganography for Face Recognition Based on Diffusion Model, 2024, 12, 2169-3536, 148770, 10.1109/ACCESS.2024.3477469 | |
28. | Avinash Srinivasan, Gordon Morewood, Kellie Simmons-Massey, Yanhua Li, 2024, SAFE-CARE: Reversible Privacy-preserving Physician Feedback Framework to Improve Patient Care Quality, 979-8-3315-0689-6, 131, 10.1109/CyberC62439.2024.00032 |