A proactive secret sharing scheme based on Chinese remainder theorem

  • PDF / 354,406 Bytes
  • 10 Pages / 612.284 x 802.205 pts Page_size
  • 72 Downloads / 253 Views

DOWNLOAD

REPORT


A proactive secret sharing scheme based on Chinese remainder theorem Keju MENG1 , Fuyou MIAO 1

1

, Yu NING1, Wenchao HUANG1, Yan XIONG1, Chin-Chen CHANG2,3

School of Computer Science and Technology, University of Science and Technology of China, Hefei 230026, China 2 Department of Information Engineering and Computer Science, Feng Chia University, Taichung 40724, China 3 School of Computer Science and Technology, Hangzhou Dianzi University, Hangzhou 310018, China

c Higher Education Press 2020 

Abstract If an adversary tries to obtain a secret s in a (t, n) threshold secret sharing (SS) scheme, it has to capture no less than t shares instead of the secret s directly. However, if a shareholder keeps a fixed share for a long time, an adversary may have chances to filch some shareholders’ shares. In a proactive secret sharing (PSS) scheme, shareholders are supposed to refresh shares at fixed period without changing the secret. In this way, an adversary can recover the secret if and only if it captures at least t shares during a period rather than any time, and thus PSS provides enhanced protection to long-lived secrets. The existing PSS schemes are almost based on linear SS but no Chinese Remainder Theorem (CRT)-based PSS scheme was proposed. This paper proposes a PSS scheme based on CRT for integer ring to analyze the reason why traditional CRT-based SS is not suitable to design PSS schemes. Then, an ideal PSS scheme based on CRT for polynomial ring is also proposed. The scheme utilizes isomorphism of CRT to implement efficient share refreshing. Keywords proactive secret sharing, Chinese remainder theorem, polynomial ring, integer ring, isomorphism

1

Introduction

Since the conception of (t, n) threshold secret sharing (SS) was proposed by Shamir [1] and Blakley [2] independently in 1979, it has become one of the most important research areas in modern cryptography. In a (t, n) threshold SS scheme, there exist two types of entities: one dealer and some shareholders. And an SS scheme always consists of two algorithms: share generation and secret reconstruction. In the first algorithm, the dealer divides a secret s into n shares and distributes each share to a shareholder privately. When t or more shareholders pool their shares together to execute the secret reconstruction algorithm, the secret s can be recovered. However, up to t − 1 shareholders cannot reconstruct the secret. Specially, if less than t shareholders cannot get any information about the secret, the threshold SS scheme is perfect. Besides, if the information rate of a Received April 9, 2019; accepted December 16, 2019 E-mail: [email protected]

perfect SS scheme is 1, the scheme is ideal. As a fundamental building block in cryptography, SS is used to design many secure protocols, such as key management [3, 4], threshold signature [5, 6], multiparty computation [7, 8] and so on [9, 10]. For implementing such a (t, n) threshold SS scheme, Shamir and Blakley employed Lagrange interpolation polynomial and hyperplane geometry, respectively. Later, McEliece