CS 161
Computer Security
Fall 2005
Joseph/Tygar/Vazirani/Wagner
Notes 16
In a secret sharing scheme there is a trusted authority TA and
n
users
U
1
,...,
U
n
. The TA has a secret value
K
called the secret or key. The TA uses a share generation algorithm to split
K
into
n
shares
s
1
,...,
s
n
. Each
share
s
i
is then transmitted to user
U
i
by a secure channel. The secret sharing protocol guarantees that two
properties hold:
• A reconstruction algorithm can be used to efficiently reconstruct the secret
K
from any
t
of the
n
shares.
• Any
t

1 of the
n
shares reveal
no
information about the secret
K
.
Such a scheme is called an
(
n
,
t
)
threshold scheme.
For example, if the secret
K
is an integer between 0 and
M

1, then an
(
n
,
n
)
threshold scheme can
be obtained by selecting
s
1
,...,
s
n

1
uniformly at randomly between 0 and
M

1, and setting
s
n
=
K

∑
n

1
i
=
i
s
i
mod
M
. Now,
•
K
=
∑
n
i
=
1
s
i
mod
M
.
• Given all shares except
s
j
,
K
can take on any value modulo
M
.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Fall '05
 Joseph
 Computer Security, TA, Prime number, Secrecy, Secret sharing, Shamir's Secret Sharing, threshold scheme

Click to edit the document details