If an adversary tries to obtain a secret s in a(t,n)threshold secret sharing(SS)scheme,it has to capture no less than t shares instead of the secret s directly.However,if a shareholder keeps a fixed share for a long t...If an adversary tries to obtain a secret s in a(t,n)threshold secret sharing(SS)scheme,it has to capture no less than t shares instead of the secret s directly.However,if a shareholder keeps a fixed share for a long time,an adversary may have chances to filch some shareholders’shares.In a proactive secret sharing(PSS)scheme,shareholders are supposed to refresh shares at fixed period without changing the secret.In this way,an adversary can recover the secret if and only if it captures at least t shares during a period rather than any time,and thus PSS provides enhanced protection to long-lived secrets.The existing PSS schemes are almost based on linear SS but no Chinese Remainder Theorem(CRT)-based PSS scheme was proposed.This paper proposes a PSS scheme based on CRT for integer ring to analyze the reason why traditional CRT-based SS is not suitable to design PSS schemes.Then,an ideal PSS scheme based on CRT for polynomial ring is also proposed.The scheme utilizes isomorphism of CRT to implement efficient share refreshing.展开更多
Secret sharing(SS)is part of the essential techniques in cryptography but still faces many challenges in efficiency and security.Currently,SS schemes based on the Chinese Remainder Theorem(CRT)are either low in the in...Secret sharing(SS)is part of the essential techniques in cryptography but still faces many challenges in efficiency and security.Currently,SS schemes based on the Chinese Remainder Theorem(CRT)are either low in the information rate or complicated in construction.To solve the above problems,1)a simple construction of an ideal(t,n)-SS scheme is proposed based on CRT for a polynomial ring.Compared with Ning’s scheme,it is much more efficient in generating n pairwise coprime modular polynomials during the scheme construction phase.Moreover,Shamir’s scheme is also a special case of our scheme.To further improve the security,2)a common-factor-based(t,n)-SS scheme is proposed in which all shareholders share a common polynomial factor.It enables both the verification of received shares and the establishment of a secure channel among shareholders during the reconstruction phase.As a result,the scheme is resistant to eavesdropping and modification attacks by outside adversaries.展开更多
基金This work was supported by the National Natural Science Foundation of China(Grant No.61572454)National Key R&D Project(2018YFB2100301,2018YFB0803400)the National Natural Science Foundation of China(Grant Nos.61572453,61520106007).
文摘If an adversary tries to obtain a secret s in a(t,n)threshold secret sharing(SS)scheme,it has to capture no less than t shares instead of the secret s directly.However,if a shareholder keeps a fixed share for a long time,an adversary may have chances to filch some shareholders’shares.In a proactive secret sharing(PSS)scheme,shareholders are supposed to refresh shares at fixed period without changing the secret.In this way,an adversary can recover the secret if and only if it captures at least t shares during a period rather than any time,and thus PSS provides enhanced protection to long-lived secrets.The existing PSS schemes are almost based on linear SS but no Chinese Remainder Theorem(CRT)-based PSS scheme was proposed.This paper proposes a PSS scheme based on CRT for integer ring to analyze the reason why traditional CRT-based SS is not suitable to design PSS schemes.Then,an ideal PSS scheme based on CRT for polynomial ring is also proposed.The scheme utilizes isomorphism of CRT to implement efficient share refreshing.
基金This work was supported by National Key R&D Project 2018YFB2100300the National Natural Science Foundation of China(Grant No.61520106007).
文摘Secret sharing(SS)is part of the essential techniques in cryptography but still faces many challenges in efficiency and security.Currently,SS schemes based on the Chinese Remainder Theorem(CRT)are either low in the information rate or complicated in construction.To solve the above problems,1)a simple construction of an ideal(t,n)-SS scheme is proposed based on CRT for a polynomial ring.Compared with Ning’s scheme,it is much more efficient in generating n pairwise coprime modular polynomials during the scheme construction phase.Moreover,Shamir’s scheme is also a special case of our scheme.To further improve the security,2)a common-factor-based(t,n)-SS scheme is proposed in which all shareholders share a common polynomial factor.It enables both the verification of received shares and the establishment of a secure channel among shareholders during the reconstruction phase.As a result,the scheme is resistant to eavesdropping and modification attacks by outside adversaries.