Verifiable secret sharing

About: Verifiable secret sharing is a research topic. Over the lifetime, 4241 publications have been published within this topic receiving 99569 citations.

Utility Dependence in Correct and Fair Rational Secret Sharing

Abstract: The problem of carrying out cryptographic computations when the participating parties are rational in a game-theoretic sense has recently gained much attention. One problem that has been studied considerably is that of rational secret sharing. In this setting, the aim is to construct a mechanism (protocol) so that parties behaving rationally have incentive to cooperate and provide their shares in the reconstruction phase, even if each party prefers to be the only one to learn the secret. Although this question was only recently asked by Halpern and Teague (STOC 2004), a number of works with beautiful ideas have been presented to solve this problem. However, they all have the property that the protocols constructed need to know the actual utility values of the parties (or at least a bound on them). This assumption is very problematic because the utilities of parties are not public knowledge. We ask whether this dependence on the actual utility values is really necessary and prove that in the basic setting, rational secret sharing cannot be achieved without it. On the positive side, we show that by somewhat relaxing the standard assumptions on the utility functions, it is possible to achieve utility independence. In addition to the above, observe that the known protocols for rational secret sharing that do not assume simultaneous channels all suffer from the problem that one of the parties can cause the others to output an incorrect value. (This problem arises when a party gains higher utility by having another output an incorrect value than by learning the secret itself; we argue that such a scenario is not at all unlikely.) We show that this problem is inherent in the non-simultaneous channels model, unless the actual values of the parties' utilities from this attack is known, in which case it is possible to prevent this from happening.

Secure secret reconstruction and multi-secret sharing schemes with unconditional security

Abstract: In Shamir's t, n secret sharing SS scheme, the secret s is divided into n shares by a dealer and is shared among n shareholders in such a way that any t or more than t shares can reconstruct this secret; but fewer than t shares cannot obtain any information about the secret s. In this paper, we will introduce the security problem that an adversary can obtain the secret when there are more than t participants in Shamir's secret reconstruction. A secure secret reconstruction scheme, which prevents the adversary from obtaining the secret is proposed. In our scheme, Lagrange components, which are linear combination of shares, are used to reconstruct the secret. Lagrange component can protect shares unconditionally. We show that this scheme can be extended to design a multi-secret sharing scheme. All existing multi-secret sharing schemes are based on some cryptographic assumptions, such as a secure one-way function or solving the discrete logarithm problem; but, our proposed multi-secret sharing scheme is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.