[Resource Topic] 2010/495: A Practical (Non-interactive) Publicly Verifiable Secret Sharing Scheme

Welcome to the resource topic for 2010/495

A Practical (Non-interactive) Publicly Verifiable Secret Sharing Scheme

Authors: Mahabir Prasad Jhanwar


A publicly verifiable secret sharing (PVSS) scheme, proposed by Stadler in \cite{DBLP:conf/eurocrypt/Stadler96}, is a VSS scheme in which anyone, not only the shareholders, can verify that the secret shares are correctly distributed. PVSS can play essential roles in the systems using VSS. Achieving simultaneously the following two features for PVSS is a challenging job: \begin{itemize} \item Efficient non-interactive public verification. \item Proving security for the public verifiability in the standard model. \end{itemize} In this paper we propose a (t, n)-threshold PVSS scheme which satisfies both of these properties. Efficiency of the non-interactive public verification step of the proposed scheme is optimal (in terms of computations of bilinear maps (pairing)) while comparing with the earlier solution by \cite{DBLP:conf/sacrypt/HeidarvandV08}. In public verification step of \cite{DBLP:conf/sacrypt/HeidarvandV08}, one needs to compute 2n many pairings, where n is the number of shareholders, whereas in our scheme the number of pairing computations is 4 only. This count is irrespective of the number of shareholders. We also provide a formal proof for the semantic security (IND) of our scheme based on the hardness of a problem that we call the (n,t)-multi-sequence of exponents Diffie-Hellman problem (MSE-DDH). This problem falls under the general Diffie-Hellman exponent problem framework \cite{DBLP:conf/eurocrypt/BonehBG05}.

ePrint: https://eprint.iacr.org/2010/495

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .