Qi Cheng,Hongru Cao,Sian-Jheng Lin

2024-10-17

Abstract:The evolving $k$-threshold secret sharing scheme allows the dealer to distribute the secret to many participants such that only no less than $k$ shares together can restore the secret. In contrast to the conventional secret sharing scheme, the evolving scheme allows the number of participants to be uncertain and even ever-growing. In this paper, we consider the evolving secret sharing scheme with $k=3$. First, we point out that the prior approach has risks in the security. To solve this issue, we then propose a new evolving $3$-threshold scheme with perfect security. Given a $\ell$-bit secret, the $t$-th share of the proposed scheme has $\lceil\log_2 t\rceil +O({\lceil \log_4 \log_2 t\rceil}^2)+\log_2 p(2\lceil \log_4 \log_2 t\rceil-1)$ bits, where $p$ is a prime. Compared with the prior result $2 \lfloor\log_2 t\rfloor+O(\lfloor\log_2 t\rfloor)+\ell$, the proposed scheme reduces the leading constant from $2$ to $1$. Finally, we propose a conventional $3$-threshold secret sharing scheme over a finite field. Based on this model of the revised scheme and the proposed conventional $3$-threshold scheme, we present a brand-new and more concise evolving $3$-threshold secret sharing scheme.

Cryptography and Security

Chaoping Xing,Chen Yuan

DOI: https://doi.org/10.1109/tit.2024.3379278

IF: 2.5

2024-01-01

IEEE Transactions on Information Theory

Abstract:A secret sharing scheme enables the dealer to share a secret among n parties. A classic secret sharing scheme takes the number n of parties and the secret as the input. If n is not known in advance, the classic secret sharing scheme may fail. Komargodski, Naor, and Yogev [8] first proposed the evolving secret sharing scheme that only takes the secret as the input. In the work [8], [9], and [2], evolving threshold and ramp secret sharing schemes were extensively investigated. However, all of their constructions except for the first construction in [2] are inspired by the scheme given in [8], namely, these schemes rely on the scheme for st-connectivity which allows to generate infinite number of shares. In this work, we revisit evolving secret sharing schemes and present three constructions that take completely different approach. Our first scheme is an evolving k-threshold secret sharing scheme with share size k1+ϵ log t for any constant ϵ > 0. Thus, our scheme achieves almost the same share size as in [8]. Moreover, our scheme is obtained by a direct construction while the scheme in [8] that achieves the (k - 1) log t share size is obtained by a recursive construction, which makes their structure complicated. Our second scheme is an evolving kt-threshold secret sharing scheme with any sequence {kt}∞ t=1 of threshold values that has share size t4. This scheme improves the share size by log t given in [9], where a dynamic evolving kt-threshold secret sharing scheme with the share size O(t4 log t) was proposed. In addition, we also show that if the threshold values kt grow in rate ⌊tβ⌋ for a real β ∈ (0, 1), then we have a dynamic evolving threshold secret sharing scheme with the share size O(t4β). Our last scheme is an evolving (αt, βt)-ramp secret sharing scheme with constant share size for some α, β. One major feature of this ramp scheme is that it is multiplicative as the scheme is also an arithmetic secret sharing scheme. We note that the same technique in [9] can also transform all of our schemes to a robust scheme as our scheme is linear.

computer science, information systems,engineering, electrical & electronic

Wei Yan,Sian-Jheng Lin,Yunghsiang S. Han

DOI: https://doi.org/10.1109/tcomm.2023.3253720

IF: 6.166

2023-01-01

IEEE Transactions on Communications

Abstract:Evolving secret sharing schemes do not require prior knowledge of the number of parties $n$ , which may be infinitely countable. It is known that the evolving 2-threshold secret sharing scheme and prefix coding of integers have a one-to-one correspondence. However, it is unknown what prefix coding of integers should be used to construct a better secret sharing scheme. In this paper, we introduce a metric $K_{\Sigma }$ to evaluate evolving 2-threshold secret sharing schemes $\Sigma $ such that a smaller $K_{\Sigma }$ of a scheme is better. The metric $K_{\Sigma }$ is related to the ratio of the sum of the share sizes for the first $n$ parties in scheme $\Sigma $ and the sum of the share sizes for the optimal $(2,n)$ -threshold secret sharing scheme. Then we prove that the metric $K_{\Sigma }\geq 1.5$ and construct a new prefix coding of integers, termed $\lambda $ code, to achieve the metric $K_{\Lambda }=1.59375$ . Thus, this shows that the range of the metric $K_{\Sigma }$ for the optimal $(2,\infty)$ -threshold secret sharing scheme is $1.5\leq K_{\Sigma }\leq 1.59375$ . In addition, an achievable lower bound on the sum of share sizes for $(2,n)$ -threshold secret sharing schemes is also provided.

Wei Yan,Sian-Jheng Lin

DOI: https://doi.org/10.48550/arxiv.2205.10614

2022-01-01

Abstract: Evolving secret sharing schemes do not require prior knowledge of the number of parties $n$ and $n$ may be infinitely countable. It is known that the evolving $2$-threshold secret sharing scheme and prefix coding of integers have a one-to-one correspondence. However, it is not known what prefix coding of integers to use to construct the scheme better. In this paper, we propose a new metric $K_{\Sigma}$ for evolving $2$-threshold secret sharing schemes $\Sigma$. We prove that the metric $K_{\Sigma}\geq 1.5$ and construct a new prefix coding of integers, termed $\lambda$ code, to achieve the metric $K_{\Lambda}=1.59375$. Thus, it is proved that the range of the metric $K_{\Sigma}$ for the optimal $(2,\infty)$-threshold secret sharing scheme is $1.5\leq K_{\Sigma}\leq1.59375$. In addition, the reachable lower bound of the sum of share sizes for $(2,n)$-threshold secret sharing schemes is proved.

Xingxing Jia,Daoshun Wang,Daxin Nie,Xiangyang Luo,Jonathan Zheng Sun

DOI: https://doi.org/10.1016/j.ins.2018.09.024

IF: 8.1

2019-01-01

Information Sciences

Abstract:A general (t, n) secret sharing (SS) scheme with fixed threshold allows a secret to be shared without considering the time dynamic nature of the security environment. In this paper, we propose a threshold changeable secret sharing scheme whose threshold can be changed in an integer interval [t, t′] without updating the shares. In this scheme, a different threshold can be activated at any time through the public broadcast channel. At the heart of the proposed scheme is a novel matrix of primes. The validity of the share generation and secret reconstruction is provided by the Chinese Remainder Theorem (CRT). We prove the existence of the proposed matrix and present a method to efficiently construct it, which makes use of a proposed sequence of nested closed intervals generated by large co-prime numbers. We further use the structure to propose a scheme with computational security, without maintaining online dealer. Compared with previous methods, the proposed scheme has short share size and low complexity for recovery. For any changeable threshold in [t, t′], the increase in share size is at most 1t−1 of that from previous methods. Computational complexity for secret recovery is O(t), compared with O(tlog2t) of the best previous methods.

Yu Ning,Fuyou Miao,Wenchao Huang,Keju Meng,Yan Xiong,Xingfu Wang

DOI: https://doi.org/10.1007/978-3-030-03332-3_12

2018-01-01

Abstract:Since (t, n)-threshold secret sharing (SS) was initially proposed by Shamir and Blakley separately in 1979, it has been widely used in many aspects. Later on, Asmuth and Bloom presented a (t, n)-threshold SS scheme based on the Chinese Remainder Theorem (CRT) for integers in 1983. However, compared with the most popular Shamir’s thresholdtn SS scheme, existing CRT based schemes have a lower information rate, moreover, they are harder to construct due to the stringent condition on moduli. To overcome these shortcomings of CRT based schemes, (1) we first propose a generalized (t, n)-threshold SS scheme based on the CRT for polynomial ring over a finite field. We show that our scheme is ideal, i.e., it is perfect in security and has the information rate 1. Comparison show that our scheme has a better information rate and is easier to construct compared with the existing threshold SS schemes based on the CRT for integers. (2) We prove that Shamir’s scheme, which is based on the Lagrange interpolation, is a special case of our scheme. Therefore, we establish the connection among threshold schemes based on the Lagrange interpolation, schemes based on the CRT for integers and our scheme. (3) As a natural extension of our threshold scheme, we present a weighted threshold SS scheme based on the CRT for polynomial rings, which inherits the above advantages of our threshold scheme over existing weighted schemes based on the CRT for integers.

Keju Meng,Fuyou Miao,Wenchao Huang,Yan Xiong

DOI: https://doi.org/10.1016/j.ipl.2020.105928

IF: 0.851

2020-01-01

Information Processing Letters

Abstract:(t, n) threshold secret sharing (SS) is an important cryptographic primitive in which a secret is divided into n shares, and then any t or more shareholders can exchange shares to reconstruct the secret without help of any trusted third party. However, if an illegal participant, without any valid share, impersonates a shareholder to recover the secret with m (m >= t) legal shareholders in a traditional (t, n) threshold SS scheme, it may obtain the secret. Therefore, this paper utilizes a bivariate symmetry polynomial to propose a basic threshold changeable secret sharing (TCSS) scheme which is cheating immune and thwarts the above illegal participant attack. In the basic TCSS scheme, threshold is allowed to increase from t to the exact number of all participants during secret reconstruction. In this way, the secret can be recovered only if all the participants have valid shares. However, each shareholder has to keep t coefficients of its share. Then, an improved TCSS scheme based on both univariate polynomial and bivariate symmetry polynomial is proposed to reduce coefficients of shares for each shareholder. (C) 2020 Elsevier B.V. All rights reserved.

Daoshun Wang,Ziwei Ye,Xiaobo Li

DOI: https://doi.org/10.48550/arXiv.1305.1146

2013-05-06

Cryptography and Security

Abstract:Threshold schemes have been used to protect secrets by distributing shares to participants. To protect two secrets, we can use two separate traditional schemes, say, a (t1, n1) scheme and a (t2, n2) scheme. If there are u (<=min(t1, t2)) participants involved in both schemes, each of these u participants must keep two different shares. This paper proposes a method that allows each common participant to keep only one share. Our method constructs two polynomials with u common crossover points. We give theoretical details and two demonstrative examples. This algorithm can also handle the collaboration between more than two schemes.

Runhua Shi,Hong Zhong,Liusheng Huang

DOI: https://doi.org/10.1109/snpd.2007.416

2007-01-01

Abstract:In this article, we propose a (t,n) threshold verifiable multi-secret sharing scheme, in which to reconstruct t secrets needs to solve t simultaneous equations. The analysis results show that our scheme is as easy as Yang's scheme [8] in the secret reconstruction and requires less public values than Chien's [7] and Yang's schemes. Furthermore, the shares in our scheme can be verified their validity with t public values based on ECDLP, and there are two verified forms: one is computationally secure as Feldman's scheme [12] and other is unconditionally secure as Pedersen's scheme [13]. In addition, for the main computation: a(i,1) P-1 + a(i,2) P-2 +... + a(i,)t P-t in our scheme, we present a new method based on the signed factorial expansion and implement it, the results show that it is more efficient than the current public methods. Thus our scheme is a secure and efficient (t,n) threshold verified multi-secret sharing scheme.

HM SUN,SP SHIEH

DOI: https://doi.org/10.1049/el:19941411

1994-01-01

Electronics Letters

Abstract:An (m, n) threshold scheme is to decompose a shared secret into n shares in such a way that the shared secret cannot be reclaimed unless any m shares are collected. A new dynamic threshold scheme that allows the shared secret to be updated without changing the shares is proposed.<>

SHI Run-hua,ZHONG hong,HUANG Liu-sheng

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2008.01.007

2008-01-01

Abstract:This paper presents a non-interactive PVSS scheme. In this scheme, it evolves all participants' shares from the sharing secret based on the natural evolution thought, and ensures that any party can verify the correctness of the shares using the method of knowledge signature; In turn, any k shares after verified their validness can restructure the secret based on the theory of solving the linear equations. It is information-theoretic secure. It is more efficient to be extended and renewed.

张险峰,秦志光

2004-01-01

Journal of Computer Applications

Abstract:Threshold secret sharing is the foundation of implementing threshold cryptosystem. This paper introduces and analyzes existing threshold secret sharing. The theoretical background of secret sharing is described. Based on the introduction, a recursive-algorithm based secret sharing scheme is proposed. Then the performance analysis of the scheme is conducted. It shows that this scheme is characterized by excellent security as well as high efficiency.

YongZhong He,XueJiao Xu,DaoShun Wang,ShunDong Li,XiangHui Zhao,ChingNung Yang

DOI: https://doi.org/10.1007/978-3-030-16946-6_52

2020-01-01

Abstract:There are many schemes to detect and identify cheaters when the number of participants is exactly equal to t in secret sharing schemes. However, most of them need dealers or redundant information to detect the dishonest participants when participants are greater than threshold t. Harn et al. proposed a dynamic threshold secret reconstruction scheme, which the threshold can be improved to k during reconstruction. Less than k - 1 participants cannot recover the shared secret. Their scheme uses the symmetric polynomial to resist the external adversary. However, each participant needs to hold a polynomial. Thus, the complexity of storage of the scheme is high. Furthermore, the scheme cannot detect and identify the cheaters who present falsified information during secret reconstruction. In this paper, we propose a secret sharing scheme with dynamic threshold k that can identify up to k - 1 dishonest participants who have no legal share information. The scheme does not need the help of the dealer to detect cheaters. The dealer uses the traditional polynomial to distribute a secret to each participant. In the secret reconstruction phase, the share information of each participant is transformed and then presents to other participants who verify it using the public key of the sender. If the presented information is falsified, it will fail the verification and the related participant is identified as a cheater. Otherwise, the secret can be correctly reconstructed. Meanwhile, our scheme ensures that the external adversary who eavesdrops the reconstruction messages cannot recover the secret. The trade-off is that our scheme has additional computation overhead.

Dong-ping HUANG,Duo LIU,Dao-shun WANG,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.11.001

2006-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:A verifiable threshold multi-secret sharing scheme is proposed in this paper. As the secret can be recovered with the shadows provided by participants and it is computationally difficult to get the sub-keys from the shadows, the sub-keys can be reused to share the multi-secret in this scheme. By verifying the information published by the dealer as well as the shadows of sub-keys provided by participants, this scheme can prevent both dealer and participant from cheating. The security of this scheme is the same as that of RSA cryptosystem and Shamir's (k, n)-threshold scheme. Two kinds of cheating methods against threshold multi-secret sharing scheme are also proposed, which can threaten the security of previous schemes more or less. But the scheme proposed in this paper provides efficient solutions against these cheatings and achieves the same computational security with a better performance compared with the previous schemes.

Shi Runhua,Huang Liusheng,Luo yonglong,Zhong Hong

DOI: https://doi.org/10.1109/icnsc.2008.4525497

2008-01-01

Abstract:This paper proposes a threshold multi-secret sharing scheme. In such a scheme, many secrets are shared in such a way that all secrets can be reconstructed independently without refreshing the shares. Every share is of the same size as that of any single shared secret in the proposed scheme. The number of public values in the proposed scheme is same as that of He and Dawson's scheme, which has been proved that it is only one-time-use scheme, but the proposed scheme is a multi-use scheme really, what is more important, it is more efficient since there will be t i secrets to be shared and reconstructed at the same time according to each (t i , n)-threshold access structure. That is, there are more secrets to be shared and reconstructed in the proposed scheme.

Dongping HUANG,Duo LIU,Yiqi DAI

DOI: https://doi.org/10.3321/j.issn:1000-0054.2007.04.036

2007-01-01

Abstract:A verifiable multi-level threshold multi-secret sharing scheme based on the intractability of the discrete logarithm and integer factorization was developed to eliminate limitations of previous threshold schemes that secrets can only be shared in the same level threshold. The secrets are shared with a polynomial which degenerates to a lower order polynomial for different thresholds. Compared with previous schemes, this scheme simultaneously maintains multi-level thresholds and multiple secrets for the same threshold level. The recovery of any shared secret on any threshold level will not leak any other un-recovered secret. The system is easily managed and uses sub-secret because only one sub-secret need be kept for each participant.

Xiangzhen Meng,Hui Li,Weijuan Yin,Caifang Zhang,Xiaopeng Wang,Han Wang

DOI: https://doi.org/10.1109/CECIT58139.2022.00014

2022-01-01

Abstract:Secret sharing ensures the security and accuracy of the transmitted information. However, the classic secret sharing scheme has the problem of large time overhead. In this paper, we introduce the Binary Addition and Shift Implementable Convolutional Regenerating Code (BASIC-RGC) to secret sharing and propose a scheme which realizes the essential requirement of (n, k) threshold secret sharing, reduces the time overhead due to the use of binary calculations and could repair lost secret shares through regeneration characteristics. We also adapt the generation of the BASIC-RGC coefficient matrix for processing small secret data to save storage space. Experimental results show that the proposed scheme has the advantage of low computational complexity and small storage usage compared to the classic SHAMIR scheme.

Ignacio Cascudo,Ronald Cramer,Chaoping Xing

DOI: https://doi.org/10.1109/tit.2013.2264504

IF: 2.5

2013-01-01

IEEE Transactions on Information Theory

Abstract:We consider the class of secret sharing schemes where there is no a priori bound on the number of players n but where each of the n share-spaces has fixed cardinality q. We show two fundamental lower bounds on the threshold gap of such schemes. The threshold gap g is defined as r-t, where r is minimal and t is maximal such that the following holds: for a secret with arbitrary a priori distribution, each r-subset of players can reconstruct this secret from their joint shares without error ( r-reconstruction) and the information gain about the secret is nil for each t-subset of players jointly ( t-privacy). Our first bound, which is completely general, implies that if , then g ≥ [( n-t+1)/q] independently of the cardinality of the secret-space. Our second bound pertains to \BBF q-linear schemes with secret-space \BBF qk ( k ≥ 2). It improves the first bound when k is large enough. Concretely, it implies that g ≥ [( n-t+1)/ q]+f(q,k,t,n), for some function f that is strictly positive when k is large enough. Moreover, also in the \BBF q-linear case, bounds on the threshold gap independent of t or r are obtained by additionally employing a dualization argument. As an application of our results, we answer an open question about the asymptotics of arithmetic secret sharing schemes and prove that the asymptotic optimal corruption tolerance rate is strictly smaller than 1.

HAN Jin-guang,KANG Bao-yuan,WANG Qing-ju

DOI: https://doi.org/10.3969/j.issn.1005-0523.2005.04.041

2005-01-01

Abstract:A threshold sheme is a method whereby pieces of the secret , called shares are distributed to participants so that : the secret can be reconstructed from the knowledge of any or more shares, and the secret cannot be reconstructed from the knowledge of any or less shares. A dynamic secret sharing sheme is an especial threshold sheme.Its character is that the secret can be renewed without modifying and rebaking any share. This paper proposes a new dynamic threshold secrete sharing sheme to identify cheaters by integrating the discrete logarithm problem and the integer factorization problem with higher roots problem.This paper also discusses the security of the sheme.

Dongping HUANG,Huayong WANG,Liansheng HUANG,Yiqi DAI

DOI: https://doi.org/10.3321/j.issn:1000-0054.2006.01.027

2006-01-01

Abstract:Known threshold secret sharing schemes have limited flexibility when dealing with the dynamic joining and leaving of the participants. A threshold secret sharing scheme was developed and a utility method to solve the Lagrange interpolation was proposed. The scheme allows the participants to join or leave dynamically, without re-distributing the sub-secrets, which is easier to implement. As the sub-secrets are kept secretly by the participants and it is the shadows of the sub-secrets that is published, the sub-secrets can be re-utilized. The scheme requires less computing time than threshold secret sharing with direct general access structure secret sharing.