How to share a secret with cheaters
Proceedings on Advances in cryptology---CRYPTO '86
Verifiable secret sharing and multiparty protocols with honest majority
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Highly resilient correctors for polynomials
Information Processing Letters
An integrity check value algorithm for stream ciphers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
On the relation between A-codes and codes correcting independent errors
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Communications of the ACM
On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Secret Sharing Schemes with Detection of Cheaters for a General Access Structure
FCT '99 Proceedings of the 12th International Symposium on Fundamentals of Computation Theory
Optimum Secret Sharing Scheme Secure against Cheating
SIAM Journal on Discrete Mathematics
New classes and applications of hash functions
SFCS '79 Proceedings of the 20th Annual Symposium on Foundations of Computer Science
Verifiable secret sharing and achieving simultaneity in the presence of faults
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Perfectly secure message transmission
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Secure message transmission by public discussion: a brief survey
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Secure message transmission with small public discussion
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Identifying cheaters without an honest majority
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Hi-index | 0.00 |
We consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3≤tn/2, where reconstruction of a shared secret in the presence of faulty shares is possible, but only with an increase in the share size, and only if one admits a small failure probability. The goal of this work is to minimize this overhead in the share size. Known schemes either have a Ω(κn)-overhead in share size, where κ is the security parameter, or they have a close-to-optimal overhead of order O(κ+n) but have an exponential running time (in n). In this paper, we propose a new scheme that has a close-to-optimal overhead in the share size of order Õ(κ + n), and a polynomial running time. Interestingly, the shares in our new scheme are prepared in the very same way as in the well-known scheme by Rabin and Ben-Or, which relies on message authentication, but we use a message authentication code with short tags and keys and with correspondingly weak security. The short tags and keys give us the required saving in the share size. Surprisingly, we can compensate for the weakened security of the authentication and achieve an exponentially small (in κ) failure probability by means of a more sophisticated reconstruction procedure.