Secret sharing schemes are desirable across a variety of real-world settings due to the security and privacy properties they can provide, such as availability and separation of privilege. However, transitioning secret sharing schemes from theoretical research to practical use must account for gaps in achieving these properties that arise due to the realities of concrete implementations, threat models, and use cases. We present a formalization and analysis, using Ellison’s notion of ceremonies, that demonstrates how simple variations in use cases of secret sharing schemes result in the potential loss of some security properties, a result that cannot be derived from the analysis of the underlying cryptographic protocol alone. Our framework accounts for such variations in the design and analysis of secret sharing implementations by presenting a more detailed user-focused process and defining previously overlooked assumptions about user roles and actions within the scheme to support analysis when designing such ceremonies. We identify existing mechanisms that, when applied to an appropriate implementation, close the security gaps we identified. We present our implementation including these mechanisms and a corresponding security assessment using our framework.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 Erinn Atwater and Ian Goldberg. Shatter Secrets: Using Secret Sharing to Cross Borders with Encrypted Devices. In Cambridge International Workshop on Security Protocols, pages 289–294. Springer, 2018.
 Erinn Atwater and Urs Hengartner. Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pages 91–102. ACM, 2016.
 Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science, 2001. Proceedings. 42nd IEEE Symposium on, pages 136–145. IEEE, 2001.
 Marcelo Carlomagno Carlos, Jean Everson Martina, Geraint Price, and Ricardo Felipe Custódio. A Proposed Framework for Analysing Security Ceremonies. In SECRYPT, pages 440–445, 2012.
 Marcelo Carlomagno Carlos, Jean Everson Martina, Geraint Price, and Ricardo Felipe Custódio. An updated threat model for security ceremonies. In Proceedings of the 28th annual ACM symposium on applied computing, pages 1836–1843. ACM, 2013.
 Rachna Dhamija, J Doug Tygar, and Marti Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581–590. ACM, 2006.
 Benjamin Dowling and Kenneth G Paterson. A Cryptographic Analysis of the WireGuard Protocol. In International Conference on Applied Cryptography and Network Security, pages 3–21. Springer, 2018.
 Carl M. Ellison. Ceremony Design and Analysis. IACR Cryptology ePrint Archive, 2007:399, 2007.
 Paul Feldman. A practical scheme for non-interactive verifiable secret sharing. Annual Symposium on Foundations of Computer Science (Proceedings), pages 427–438, 11 1987.
 Diogo AB Fernandes, Liliana FB Soares, João V Gomes, Mário M Freire, and Pedro RM Inácio. Security Issues in Cloud Environments: A Survey. International Journal of Information Security, 13(2):113–170, 2014.
 Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz. How secure is TextSecure? In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pages 457–472. IEEE, 2016.
 Ryan Gallagher and Glenn Greenwald. How the NSA Plans to Infect ‘Millions’ of Computers with Malware. The Intercept, 2014.
 Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Robust Threshold DSS Signatures. In EUROCRYPT, pages 354–371, 1996.
 Amir Herzberg, Stanisław Jarecki, Hugo Krawczyk, and Moti Yung. Proactive Secret Sharing Or: How to Cope With Perpetual Leakage. In Don Coppersmith, editor, Advances in Cryptology — CRYPT0’ 95, pages 339–352, Berlin, Heidelberg, 1995. Springer Berlin Heidelberg.
 Markus Jakobsson. The human factor in phishing. Privacy & Security of Consumer Information, 7(1):1–19, 2007.
 Taciane Martimiano, Jean Everson Martina, M Maina Olembo, and Marcelo Carlomagno Carlos. Modelling user devices in security ceremonies. In 2014 Workshop on Socio-Technical Aspects in Security and Trust, pages 16–23. IEEE, 2014.
 Jean Everson Martina, Túlio Cícero Salavaro de Souza, and Ricardo Felipe Custodio. Ceremonies Formal Analysis in PKI’s Context. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 392–398. IEEE, 2009.
 Chris McGreal. Martin Luther King friend and photographer was FBI informant. The Guardian, 2010.
 Susan E. McGregor, Elizabeth Anne Watkins, Mahdi Nasrullah Al-Ameen, Kelly Caine, and Franziska Roesner. When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers. In 26th USENIX Security Symposium (USENIX Security 2017), pages 505–522, Vancouver, BC, 2017. USENIX Association.
 Ventzislav Nikov and Svetla Nikova. On Proactive Secret Sharing Schemes. In International Workshop on Selected Areas in Cryptography, pages 308–325. Springer, 2004.
 Rafail Ostrovsky and Moti Yung. How to Withstand Mobile Virus Attacks (Extended Abstract). In Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, PODC ’91, pages 51–59, New York, NY, USA, 1991. ACM.
 Torben P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’91, pages 129–140, London, UK, UK, 1992. Springer-Verlag.
 Kenneth Radke, Colin Boyd, Juan Gonzalez Nieto, and Margot Brereton. Ceremony analysis: Strengths and weaknesses. In IFIP International Information Security Conference, pages 104–115. Springer, 2011.
 Anjana Rajan, Lucy Qin, David W Archer, Dan Boneh, Tancrede Lepoint, and Mayank Varia. Callisto: A cryptographic approach to detecting serial perpetrators of sexual misconduct. In Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies, page 49. ACM, 2018.
 Joel Reardon. Secure Data Deletion. Springer International Publishing, Cham, 2016.