Communications of the ACM
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
| Hi-index | 0.00 |
Most (t, n) threshold-oriented cryptosystems incorporate the polynomial-based (t, n) threshold secret sharing scheme of Shamir. This makes them vulnerable to the collusion problem which imposes two security problems: 1) A set of t colluding participants can compute the shared secret (i.e., a secret polynomial coefficient). Any person holding the shared secret can subsequently carry out group-oriented threshold-oriented computations individually, thereby bypassing the threshold requirement. 2) A set of t participants can moreover deduce all the secret polynomial coefficients which enables establishment of new user shares. In this paper, we propose a method applied to the threshold decryption scheme of Desmedt and Frankel that prohibits colluding participants to deduce any of the secret coefficients of the underlying threshold Shamir secret sharing scheme.