How to Verify the Threshold t of Shamir's (t, n)-Threshold Scheme

情報処理学会 Web Site 参考文献13件

書誌事項

タイトル別名
  • How to Verify the Threshold t of Shamir's (t n)-Threshold Scheme
  • セキュリティ基盤技術

この論文をさがす

抄録

In the Shamir (t n)-threshold scheme the dealer constructs a random polynomial f(x) ∈ GF(p)[x] of degree at most t ? 1 in which the constant term is the secret K ∈ GF(p). However if the chosen polynomial f(x) is of degree less than t ? 1 then a conspiracy of any t ? 1 participants can reconstruct the secret K; on the other hand if the degree of f(x) is greater than t ? 1 then even t participants can not reconstruct the secret K properly. To prevent these from happening the degree of the polynomial f(x) should be exactly equal to t ? 1 if the dealer claimed that the threshold of this scheme is t. There also should be some ways for participants to verify whether the threshold is exactly t or not. A few known verifiable threshold schemes provide such ability but the securities of these schemes are based on some cryptographic assumptions. The purpose of this paper is to propose some threshold-verification protocols for the Shamir (t n)-threshold scheme from the viewpoint of unconditional security.

In the Shamir (t, n)-threshold scheme, the dealer constructs a random polynomial f(x) ∈ GF(p)[x] of degree at most t 竏驤€ 1 in which the constant term is the secret K ∈ GF(p). However, if the chosen polynomial f(x) is of degree less than t 竏驤€ 1, then a conspiracy of any t 竏驤€ 1 participants can reconstruct the secret K; on the other hand, if the degree of f(x) is greater than t 竏驤€ 1, then even t participants can not reconstruct the secret K properly. To prevent these from happening, the degree of the polynomial f(x) should be exactly equal to t 竏驤€ 1 if the dealer claimed that the threshold of this scheme is t. There also should be some ways for participants to verify whether the threshold is exactly t or not. A few known verifiable threshold schemes provide such ability but the securities of these schemes are based on some cryptographic assumptions. The purpose of this paper is to propose some threshold-verification protocols for the Shamir (t, n)-threshold scheme from the viewpoint of unconditional security.

収録刊行物

参考文献 (13)*注記

もっと見る

関連プロジェクト

もっと見る

キーワード

詳細情報 詳細情報について

問題の指摘

ページトップへ