Page 1

What is Black Box Secret Sharing?

Using Algebraic Number FieldsNew Approach: Primitive SetsConclusion

Black-Box Secret Sharing from Primitive Sets

in Algebraic Number Fields

Ronald Cramer1,2

Serge Fehr1

Martijn Stam3

1CWI (Amsterdam)

2Mathematical Institute, Leiden University

3Department of Computer Science, University of Bristol

17 August 2005

Page 2

What is Black Box Secret Sharing?

Using Algebraic Number Fields New Approach: Primitive SetsConclusion

Outline

What is Black Box Secret Sharing?

Threshold Secret Sharing

Example: Shamir Secret Sharing

Black Box Secret Sharing Schemes

Using Algebraic Number Fields

Weak Black Box Secret Sharing

Two Previous Proposals

New Approach: Primitive Sets

In Theory

In Practice

Conclusion

Page 3

What is Black Box Secret Sharing?

Using Algebraic Number Fields New Approach: Primitive SetsConclusion

Threshold Secret Sharing

Dealing

n the number of participants;

s the secret;

siA share, 0 < i ≤ n

distribution phase

players

shares

s1

s2

...

...

sn

s

dealer

secret

Page 4

What is Black Box Secret Sharing?

Using Algebraic Number Fields New Approach: Primitive SetsConclusion

Threshold Secret Sharing

Requirements

n the number of participants;

t the threshold;

s the secret;

siA share, 0 < i ≤ n

Completeness: Any qualified subset A (of at least t + 1

participants) can recover the secret;

Privacy: No non-qualified subset (of at most t participants)

obtains any Shannon information about the secret.

Share Expansion: The average length of a share:

?n

i=1(length of si)

n × length of s

Page 5

What is Black Box Secret Sharing?

Using Algebraic Number Fields New Approach: Primitive SetsConclusion

Shamir Secret Sharing

Based on polynomial evaluation.

Setting: s ∈ F, where F any finite field.

Dealing: Pick (g0,...,gt−1) ∈ Ftat random. Let gt= s.

g(x) := g0+ g1x + ··· + gtxt

Participant i gets share si= g(αi), where αi∈ F.

Reconstruction: Lagrange Interpolation,

s = gt=

?

i∈A

?

j∈A,j?=i

1

αi− αj

si