Bivariate polynomial-based secret sharing schemes with secure secret reconstruction
A (t,n)-threshold scheme with secure secret reconstruction, or a (t,n)-SSR scheme for short, is a (t,n)-threshold scheme against the outside adversary who has no valid share, but can impersonate a participant to take part in the secret reconstruction phase. We point out that previous bivariate polyn...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/163882 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | A (t,n)-threshold scheme with secure secret reconstruction, or a (t,n)-SSR scheme for short, is a (t,n)-threshold scheme against the outside adversary who has no valid share, but can impersonate a participant to take part in the secret reconstruction phase. We point out that previous bivariate polynomial-based (t,n)-SSR schemes, such as those of Harn et al. (Information Sciences 2020), are insecure, which is because the outside adversary may obtain the secret by solving a system of [Formula presented] linear equations. We revise Harn et al. scheme and get a secure (t,n)-SSR scheme based on a symmetric bivariate polynomial for the first time, where t⩽n⩽2t-1. To increase the range of n for a given t, we construct a secure (t,n)-SSR scheme based on an asymmetric bivariate polynomial for the first time, where n⩾t. We find that the share sizes of our schemes are the same or almost the same as other existing insecure (t,n)-SSR schemes based on bivariate polynomials. Moreover, our asymmetric bivariate polynomial-based (t,n)-SSR scheme is more easy to be constructed compared to the Chinese Remainder Theorem-based (t,n)-SSR scheme with the stringent condition on moduli, and their share sizes are almost the same. |
|---|