无条件安全的公平秘密共享方案

Fair Secret Sharing Scheme with Unconditional Security

秘密共享是现代密码学领域的一个重要分支,是信息安全和数据保密中的重要手段,在数字签名、安全多方计算、纠错码等领域有着重要的应用,同时也被广泛应用于政治、经济、军事、外交.现有的多数秘密共享方案都是基于Shamir的方法构造.在Shamir的(t,n)门限方案中,分发者将共享的秘密在n个参与者中分享,使得其中任意t个或者更多个参与者合作可以恢复共享的秘密而少于t个参与者却不可以.但是在Shamir方案的秘密重构阶段,如果t个参与者中有恶意的参与者出示虚假的子秘密而其余参与者都出示真实的子秘密,即使这种攻击行为可以被检测到,但不能阻止恶意的参与者获得正确的秘密,而诚实的参与者却获得错误的秘密,这对诚实参与者是不公平的.针对这类攻击行为,本文构造了一个公平的门限秘密共享方案,并基于四种攻击模型(同步非合谋攻击、异步非合谋攻击、同步合谋攻击及异步合谋攻击)证明方案的安全性与公平性.该方案无须任何密码学假设是无条件安全的,这使得方案更加高效实用.

Secret sharing scheme is an important branch of modern cryptography. It is also an important tool for information security and data privacy, and has been widely used in digital signature,secure multiparty computation, error-correcting codes, politics, economy, military and diplomacy. In many existing secret sharing schemes, the construction is based on Shamir's method. In Shamir's(t,n) threshold scheme, the secret is shared among n participants, such that t or more participants can cooperate to recover the secret, and t-1 or fewer participants cannot. However, in the secret recovery phase of Shamir's scheme, if a dishonest participant presents a fake share and other participants provide the true shares, although verification algorithm can be used to check the validity of shares, it cannot,prevent the adversary from obtaining the true secret while the honest participants recover a false secret, so it is not fair for the honest participants. This paper proposes a fair threshold secret sharing scheme and shows its fairness and security against non-cooperative attack with synchronization, noncooperative attack with asynchrornization, cooperative attack with synchronization and cooperative attack with asynchronization. There is no cryptographic assumption, so it is unconditionally secure,which makes this scheme more efficient and useful in practical applications.