This blog is subject the DISCLAIMER below.

Thursday, February 25, 2010

Shared secrets

This post continues the other approach to secure multi-party computation, which is called "Secret-sharing".

The problem
Consider the problem that, there is a nuclear missile, and there is its launch code. Only the president has that code. But what if the president is unavailable ? We can't trust any of the executives alone. We would require for example that 3 of them can launch the missile, but not any single one of them alone. This is what secret-sharing is about. It's goal is quite different than homomorphic encryption, but it used also for secure multi-party computation.





Which is more secure?
Homomorphic encryption relies on the assumption that it would take long time to crack it. Typically for example, the problem of factoring a very big number. Secret-sharing, on the other hand, is secure in information-theory sense. That means that even if given the entire eternity, you can not break it, simply because there is no information leakage (unlike the other approach where is information leakage with small probability).

Shamir's Secret Sharing
The first to publish about a practical secret sharing scheme was Shamir, in 1979 [1]. It's target is to create $n$ shares of the secret, such that any $k$ shares are sufficient to reconstruct the secret. Each person would be given some shares. The president is allowed to launch the missile alone, so he will have $k$ shares. The executes must be 3, so each one will take $k/3$ shares. The total number of shares is unbounded. Such a scheme is called $(k,n)$ secret-sharing.

What if some shares was stolen ?
If the number of shares stolen were less than $k$, then the other shares can be renewed by adding a random shared secret whose value is zero [2]. The old stolen shares are useless now since their compatible shares were replaced by new ones.

How does it work ?
Shamir's scheme depends on Lagrange Interpolation of polynomials. Using Lagrange interpolation, you can recover a polynomial $f(x)$ of degree $t$, given $t$ pairs $(x_i,y_i)$ such that $y_i=f(x_i)$.

Encoding a secret
To encode a secret value $v$ in a $(k,n)$ secret-sharing scheme, do the following:
- Generate a random polynomial of degree $k$ whose free coefficient is $v$ (that means $f(0)=v$).
- Evaluate the polynomial at $n$ different points $x_1,x_2,..,x_n$
- Each share consists of a pair $(x_i,f(x_i))$

Reconstructing a secret
to reconstruct the secret, collect $k$ shares, and follow the Lagrange interpolation and substitute $x$ by zero. That is we reconstruct the polynomial and evaluate it at zero. The result is $f(0)$, which is $v$. If you have less than $k$ points, the constructed polynomial is wrong and you can not retrieve the secret.

[1] A. Shamir, "How to share a secret," Communications of the ACM, vol. 22, 1979, p. 612–613.
[2] Herzberg, A., Jarecki, S., Krawczyk, H., and Yung, M. 1995. Proactive Secret Sharing Or: How to Cope With Perpetual Leakage. In Proceedings of the 15th Annual international Cryptology Conference on Advances in Cryptology (August 27 - 31, 1995). D. Coppersmith, Ed. Lecture Notes In Computer Science, vol. 963. Springer-Verlag, London, 339-352.

Originally posted to http://fci-h.blogspot.com/. This is just an automatically forwarded copy. (To read the Latex-typeset mathematics correctly, please visit the original post).

.. more.

Replication Error "SQL Server is unable to connect to server.."

If you're working in SQL Server Replication, you may get this message
SQL Server is unable to connect to server 'Your server name'.

SQL Server replication requires the actual server name to make a connection to the server. Connections through a server alias, IP address, or any other alternate name are not supported. Specify the actual server name, 'Another server name'. (Replication.Utilities)



It always appears as you change the instance name manually or network administrators change the computer name.

Actually your server name still as it's and not changed with above changes so to avoid getting this message you should write these couple of T-SQL scripts every time you do one or all changes on the instance name

SELECT @@SERVERNAME -- you'll get a strange name, you may didn't see it before...
GO
sp_dropserver 'Old server name' -- you got it from pervious select.
GO
sp_addserver 'SQL server instance name','local' -- the name of current instance.
GO
Then, restart the service, and go on you replication work...

.. more.

Sunday, February 14, 2010

Ultimus: JFG can't return with workaround

With Ultimus you have a flexibility to "submit" or "return" any step using Ultimus APIs (EIK) whatever the recipient of that step expect the "Job Function Group" (JFG) and "Group" as it fails in the "return" because the JFG contains more than one user and this is my problem.

I need to return from a step with recipient type JFG have more than one user using EIK.
Note: submitting the step with condition to return back to the previous step is not a solution as I need to keep the status of the returned step as returned.

After asking Ultimus support about this issue they answered me that as per Ultimus BPM Studio Documentation, Page 175:
Any step with multiple recipients from a group or dynamic group cannot
return the task and this is a design behavior.

So I came up with workaround to solve this behavior that allow you to return a step one level back and keep the status of the returned step as returned even the recipient type was JFG.

Assume this case study:
you have two steps one for "officer" who collect some data and then pass this step to "manager" who review the officer's data then submit his task, both steps(Officer & Manager)have "Job Function Group" as a "Recipient Type".

If your business needs is to return the task from manager to officer again if the manager have some comments and needs changes in the officer's data so the problem will come here as the task can't be returned because it's JFG.

To solve this problem you can follow me pattern with fake or dummy step as in the following picture.

1-When the Officer submit the step then he will activate two step Not only the manager step but also the fake(Dummy) step.
2-the straight forward scenario is that the manager will submit the task and raise a flag so the Complete Event of the step will fire as the following:

  • The flag will foreword the manager to the junction step to go throw the normal path.
  • The flag will abort the fake step.

3-if the decision of manager was return to officer then:

  • The manager will submit the step with no valid condition so the submition will do nothing than make the step as not active.
  • Using EIK you can get the fake step by Ultimus Filter and call the Return function so it will return it in the officer step with returned status and that is what we already need to do.

.. more.

Saturday, February 13, 2010

Homomorphic Encryption

We will talk in this post about a very useful cryptographic tool. But lets talk first about the motivation or the problem it solves first.

As the first example, we will introduce the private voting problem:
We want to make an online voting application, no one can know what anyone else has voted (not ever the server itself), but at the end, we will know how many votes each candidate has received. The problem is even harder if there is no "central" trusted server and it is a distributed system which all nodes interact with all others and no one can trust anyone else.

Now, lets introduce homomorphic encryption. Homomorphic encryption, is an encryption system which allows you to do calculations on the encrypted data, without knowing the original text. At the end you will get the encryption of the result, not the result itself.

Caution: the notation used is simplified and there are some details that are not mentioned in order to simplify the presentation.

To make it more elaborate, assume $a, b$ are plain texts, and $E(a), E(b)$, are their encryption. If the encryption system you are using allows for addition, you can then call $Add(E(a),E(b))$ and you will get $E(a+b)$.

Ok, so how can this help us in our voting problem ? We will describe the protocol to show how. There is a node which will start the voting, it is the only node that can decrypt values. He will send his vote $v_1$, either 0 or 1, encrypted to the the next node. The next node will take the encrypted vote and adds his encrypted vote, either 0 or 1, and forwards it to the next one, and so forth, in a ring-like fashion, until it reaches the first node again. The first node will then decrypt and will find the sum of the votes for the first candidate. This is repeated for each candidate.

Homomorphic encryption has a lot more applications, and is more sophisticated that the simplified version mentioned here. For example, it usually has "semantic" security, which means that it is a probabilistic encryption, which means that every time you encrypt the same value, you will get a different cipher text. That is, if two people sent you $E(1)$, you will not be able to know it is the same value just by looking at the cipher text alone. Also, there are encryption schemes that only allows for addition, and others that only allow for multiplication. There is one that allows for addition and only one multiplication. Those who supports unlimited number of addition and multiplication are called "algebraic homomorphic encryption", or "fully homomorphic". So far, fully homomorphic schemes incur very big overhead for practical purposes.

Note that homomorphic properties are usually intended in a cipher. If a cipher had these properties and it was not intended, it is called "malleable" encryption and it is considered a flaw instead. Remarkable homomorphic cryptosystem are RSA, ElGamal, and Paillier.

Note also that these schemes are also asymmetric. So anyone with public key can encrypt a value, but can not decrypt it except with a public key.

References:
- Pascal Paillier: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. EUROCRYPT 1999:223-238

- http://en.wikipedia.org/wiki/Homomorphic_encryption


Author: Mohammad Alaggan

.. more.

Wednesday, February 03, 2010

Automated build for ATG, Ant or Maven ??

If you are not working with ATG, then, this article will be a waste of time, this article is for those guys working - or in other words suffering - with ATG. The case is you want to automate the build of ATG projects which are not following most of the JEE standards, they are using their own methodology which is not bad, but somehow weird. This article is to discuss whether it is better to use Ant or Maven for the build process of ATG projects.
------------
You can read about Ant here and Maven here.
------------

Well, maven is great tool indeed and i pesonally like it, unlike Ant, maven has knowledge about the whole project and handles alot of work in a declarative way, you just tell maven to compile the project and it compiles it without any configuration, this is due to its knowledge about the project, on the other side, Ant only knows about the build process, you define targets using XML script and define their sequence of execution, each target in an Ant build script does not know about other targets, it executes what you tell it to execute and nothing more, for example; to compile a project using Ant you need to define a compile target and tell it the classpath to use and where to place the .class files. Orginially, Ant did not support any dependency management technique, however, now Ant have a powerfull extension named Ivy which eanbles Ant to resolve project dependcies using maven's way, however, this does not change the main Ant concept of separate targets who do not know anyhing about each other, ivy enables you to tell it what artifacts (jars) you want and is gets it from a repository and places it in a directory.

It is very clear that maven is more advanced, more smart than Ant, but, for ATG projects the story is somehow different, the minimum build process for JEE application is as follows:

1- Checkout code.
2- Compile.
3- Test.
4- Package and deploy.

Maven and Ant works the same for ATG projects for the first step. Starting from the second step we see that to work with maven you need to add your project's artifacts to a repository and configure maven to look up that repository. To package an ATG project - (step 4) - you need ATG to be installed on the build machine to assemble (package) the project, this indicates that the needed artifacts are surely on the same machine you are working on, so the need of a repository is vanished. Why defining a repository while i know that the needed jars are on the build machine for sure. Here, Ant is more flexible and logic to use, you will just define the place of the jars and that's it, you can do this with maven, but you will end up loosing the power of it.

That packaging step makes maven loose its leverage over the prject even more, as in ATG projects the packaging will be done by making maven execute a shell command to run the assembler which is not what maven understands. The generated EAR will be totally outside the scope of maven and to deploy it you will execute another shell command to copy it to the desired location and loosing again the deploy feature of maven. Here also, the build process shows to be more likely an Ant style build.

Testing ATG modules is the most painful, all ATG developers knows the amount of hassle to unit test ATG modules, it is not as direct as spring. In  this step neither Ant or Maven have power points over each other it is bad all along the way and to get it done you need a lot of workarounds related to ATG.

Although you can do it with Maven, Ant is a better fit here as it is designed to handle builds that need flexibility and do not follow the normal and well known build steps.

.. more.