摘要:In the Shamir ( t , n )-threshold scheme, the dealer constructs a random polynomial f ( x ) ∈ GF ( p )[ x ] of degree at most t -1 in which the constant term is the secret K ∈ GF ( p ). However, if the chosen polynomial f ( x ) is of degree less than t -1, then a conspiracy of any t -1 participants can reconstruct the secret K ;on the other hand, if the degree of f ( x ) is greater than t -1, then even t participants can not reconstruct the secret K properly. To prevent these from happening, the degree of the polynomial f ( x ) should be exactly equal to t -1 if the dealer claimed that the threshold of this scheme is t . There also should be some ways for participants to verify whether the threshold is exactly t or not. A few known verifiable threshold schemes provide such ability but the securities of these schemes are based on some cryptographic assumptions. The purpose of this paper is to propose some threshold-verification protocols for the Shamir ( t , n )-threshold scheme from the viewpoint of unconditional security.
Loading...
