In the domain of quantum cryptography,the implementation of quantum secret sharing stands as a pivotal element.In this paper,we propose a novel verifiable quantum secret sharing protocol using the d-dimensional produc...In the domain of quantum cryptography,the implementation of quantum secret sharing stands as a pivotal element.In this paper,we propose a novel verifiable quantum secret sharing protocol using the d-dimensional product state and Lagrange interpolation techniques.This protocol is initiated by the dealer Alice,who initially prepares a quantum product state,selected from a predefined set of orthogonal product states within the C~d■C~d framework.Subsequently,the participants execute unitary operations on this product state to recover the underlying secret.Furthermore,we subject the protocol to a rigorous security analysis,considering both eavesdropping attacks and potential dishonesty from the participants.Finally,we conduct a comparative analysis of our protocol against existing schemes.Our scheme exhibits economies of scale by exclusively employing quantum product states,thereby realizing significant cost-efficiency advantages.In terms of access structure,we adopt a(t, n)-threshold architecture,a strategic choice that augments the protocol's practicality and suitability for diverse applications.Furthermore,our protocol includes a rigorous integrity verification mechanism to ensure the honesty and reliability of the participants throughout the execution of the protocol.展开更多
Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selec...Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other partici- pants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each par- ticipant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir’s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.展开更多
A concept of secret sharing scheme with the function of assignment is proposed. It provides great capabilities for many practical applications. In this scheme, the dealer can randomly assign one or more than one parti...A concept of secret sharing scheme with the function of assignment is proposed. It provides great capabilities for many practical applications. In this scheme, the dealer can randomly assign one or more than one participant to get the secret at any time, but these participants can get nothing about the secret before that moment. At the same time, the other participants cannot get anything about the secret by stealing the secret value when it is transferred. However, if the dealer is lost, a certain number or more partidtmnts of them can reoonstruct the secret by ccoperating. In order to clear this concept, an illustrating scheme with geometry method and a practical scheme with algebra method is given.展开更多
Based on Shamir's secret sharing, a (t, n) multi-secret sharing scheme isproposed in this paper p secrets can be shared among n participants, and t or more participants canco-operate to reconstruct these secrets a...Based on Shamir's secret sharing, a (t, n) multi-secret sharing scheme isproposed in this paper p secrets can be shared among n participants, and t or more participants canco-operate to reconstruct these secrets at the same time, but t— 1 or fewerparticipants can derivenothing about these secrets. Each participant's secret shadow is as short as each secret. Comparedwith the existing schemes, the proposed scheme is characterized by the lower complexity of thesecret reconstruction and less public information. The security of this scheme is the same as thatof Shamir' a threshold scheme. Analyses show that this scheme is an efficient, computationallysecure scheme.展开更多
Verifiable secret sharing is a special kind of secret sharing. In this paper, A secure and efficient threshold secret sharing scheme is proposed by using the plane parametric curve on the basis of the principle of sec...Verifiable secret sharing is a special kind of secret sharing. In this paper, A secure and efficient threshold secret sharing scheme is proposed by using the plane parametric curve on the basis of the principle of secret sharing. And the performance of this threshold scheme is analyzed. The results reveal that the threshold scheme has its own advantage of one-parameter representation for a master key, and it is a perfect ideal secret sharing scheme. It can easily detect cheaters by single operation in the participants so that the probability of valid cheating is less than 1/<em>p</em> (where <em>p</em> is a large prime).展开更多
A (t, n)--secret sharing scheme is a method of distribution of information among n participants such that t 〉 1 can reconstruct the secret but (t - 1) cannot. We explore some (k, n)--secret sharing schemes base...A (t, n)--secret sharing scheme is a method of distribution of information among n participants such that t 〉 1 can reconstruct the secret but (t - 1) cannot. We explore some (k, n)--secret sharing schemes based on the finite fields.展开更多
The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme...The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.展开更多
In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or mor...In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or more than t shares;and (b) the secret cannot be obtained when there are fewer than t shares. In the secret reconstruction, participating users can be either legitimate shareholders or attackers. Shamir’s scheme only considers the situation when all participating users are legitimate shareholders. In this paper, we show that when there are more than t users participating and shares are released asynchronously in the secret reconstruction, an attacker can always release his share last. In such a way, after knowing t valid shares of legitimate shareholders, the attacker can obtain the secret and therefore, can successfully impersonate to be a legitimate shareholder without being detected. We propose a simple modification of Shamir’s scheme to fix this security problem. Threshold cryptography is a research of group-oriented applications based on the secret sharing scheme. We show that a similar security problem also exists in threshold cryptographic applications. We propose a modified scheme to fix this security problem as well.展开更多
In this paper an advanced threshold secret sharing scheme for identifyingcheaters is proposed by using authentication codes. The performance of the scheme is discussed. Theresults show that in the scheme the valid sha...In this paper an advanced threshold secret sharing scheme for identifyingcheaters is proposed by using authentication codes. The performance of the scheme is discussed. Theresults show that in the scheme the valid shareholders can not only identify the impersonation of anadversary, but also detect cheating of some valid shareholders . In particular one honestshareholder is able to detect cheating of other participants forming a collection, and theinformation rate of the scheme is higher than that of others.展开更多
The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provabl...The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols: initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.展开更多
In a linear multi-secret sharing scheme with non-threshold structures, several secret values are shared among n participants, and every secret value has a specified access structure. The efficiency of a multi- secret ...In a linear multi-secret sharing scheme with non-threshold structures, several secret values are shared among n participants, and every secret value has a specified access structure. The efficiency of a multi- secret sharing scheme is measured by means of the complexity a and the randomness . Informally, the com- plexity a is the ratio between the maximum of information received by each participant and the minimum of information corresponding to every key. The randomness is the ratio between the amount of information distributed to the set of users U = {1, …, n} and the minimum of information corresponding to every key. In this paper, we discuss a and of any linear multi-secret sharing schemes realized by linear codes with non-threshold structures, and provide two algorithms to make a and to be the minimum, respectively. That is, they are optimal.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.12301590)the Natural Science Foundation of Hebei Province(Grant No.A2022210002)。
文摘In the domain of quantum cryptography,the implementation of quantum secret sharing stands as a pivotal element.In this paper,we propose a novel verifiable quantum secret sharing protocol using the d-dimensional product state and Lagrange interpolation techniques.This protocol is initiated by the dealer Alice,who initially prepares a quantum product state,selected from a predefined set of orthogonal product states within the C~d■C~d framework.Subsequently,the participants execute unitary operations on this product state to recover the underlying secret.Furthermore,we subject the protocol to a rigorous security analysis,considering both eavesdropping attacks and potential dishonesty from the participants.Finally,we conduct a comparative analysis of our protocol against existing schemes.Our scheme exhibits economies of scale by exclusively employing quantum product states,thereby realizing significant cost-efficiency advantages.In terms of access structure,we adopt a(t, n)-threshold architecture,a strategic choice that augments the protocol's practicality and suitability for diverse applications.Furthermore,our protocol includes a rigorous integrity verification mechanism to ensure the honesty and reliability of the participants throughout the execution of the protocol.
基金Supported by the 973 Project of China(G19990358?04)
文摘Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other partici- pants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each par- ticipant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir’s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.
基金This project was supported by Liuhui Applied Mathematics Center of Nankai University .
文摘A concept of secret sharing scheme with the function of assignment is proposed. It provides great capabilities for many practical applications. In this scheme, the dealer can randomly assign one or more than one participant to get the secret at any time, but these participants can get nothing about the secret before that moment. At the same time, the other participants cannot get anything about the secret by stealing the secret value when it is transferred. However, if the dealer is lost, a certain number or more partidtmnts of them can reoonstruct the secret by ccoperating. In order to clear this concept, an illustrating scheme with geometry method and a practical scheme with algebra method is given.
文摘Based on Shamir's secret sharing, a (t, n) multi-secret sharing scheme isproposed in this paper p secrets can be shared among n participants, and t or more participants canco-operate to reconstruct these secrets at the same time, but t— 1 or fewerparticipants can derivenothing about these secrets. Each participant's secret shadow is as short as each secret. Comparedwith the existing schemes, the proposed scheme is characterized by the lower complexity of thesecret reconstruction and less public information. The security of this scheme is the same as thatof Shamir' a threshold scheme. Analyses show that this scheme is an efficient, computationallysecure scheme.
文摘Verifiable secret sharing is a special kind of secret sharing. In this paper, A secure and efficient threshold secret sharing scheme is proposed by using the plane parametric curve on the basis of the principle of secret sharing. And the performance of this threshold scheme is analyzed. The results reveal that the threshold scheme has its own advantage of one-parameter representation for a master key, and it is a perfect ideal secret sharing scheme. It can easily detect cheaters by single operation in the participants so that the probability of valid cheating is less than 1/<em>p</em> (where <em>p</em> is a large prime).
文摘A (t, n)--secret sharing scheme is a method of distribution of information among n participants such that t 〉 1 can reconstruct the secret but (t - 1) cannot. We explore some (k, n)--secret sharing schemes based on the finite fields.
文摘The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.
文摘In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or more than t shares;and (b) the secret cannot be obtained when there are fewer than t shares. In the secret reconstruction, participating users can be either legitimate shareholders or attackers. Shamir’s scheme only considers the situation when all participating users are legitimate shareholders. In this paper, we show that when there are more than t users participating and shares are released asynchronously in the secret reconstruction, an attacker can always release his share last. In such a way, after knowing t valid shares of legitimate shareholders, the attacker can obtain the secret and therefore, can successfully impersonate to be a legitimate shareholder without being detected. We propose a simple modification of Shamir’s scheme to fix this security problem. Threshold cryptography is a research of group-oriented applications based on the secret sharing scheme. We show that a similar security problem also exists in threshold cryptographic applications. We propose a modified scheme to fix this security problem as well.
文摘In this paper an advanced threshold secret sharing scheme for identifyingcheaters is proposed by using authentication codes. The performance of the scheme is discussed. Theresults show that in the scheme the valid shareholders can not only identify the impersonation of anadversary, but also detect cheating of some valid shareholders . In particular one honestshareholder is able to detect cheating of other participants forming a collection, and theinformation rate of the scheme is higher than that of others.
文摘The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols: initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.
基金Supported in part by the National Natural Science Foundation of China under Grant No.11271003the National Research Foundation for the Doctoral Program of Higher Education of China under Grant No.20134410110003+3 种基金High Level Talents Project of GuangdongGuangdong Provincial Natural Science Foundation under Grant No.S2012010009950the Project of Department of Education of Guangdong Province under Grant No 2013KJCX0146the Natural Science Foundation of Bureau of Education of Guangzhou under Grant No.2012A004
文摘In a linear multi-secret sharing scheme with non-threshold structures, several secret values are shared among n participants, and every secret value has a specified access structure. The efficiency of a multi- secret sharing scheme is measured by means of the complexity a and the randomness . Informally, the com- plexity a is the ratio between the maximum of information received by each participant and the minimum of information corresponding to every key. The randomness is the ratio between the amount of information distributed to the set of users U = {1, …, n} and the minimum of information corresponding to every key. In this paper, we discuss a and of any linear multi-secret sharing schemes realized by linear codes with non-threshold structures, and provide two algorithms to make a and to be the minimum, respectively. That is, they are optimal.