An Efficient Compartmented Secret Sharing Scheme Based on Linear Homogeneous Recurrence Relations

Xu, Guoai; Yuan, Jiangtao; Xu, Guosheng; Dang, Zhongkai

doi:https://doi.org/10.1155/2021/5566179

Security and Communication Networks

On this page

Abstract Introduction Discussion Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2021 | Article ID 5566179 | https://doi.org/10.1155/2021/5566179

An Efficient Compartmented Secret Sharing Scheme Based on Linear Homogeneous Recurrence Relations

Guoai Xu,¹Jiangtao Yuan,¹Guosheng Xu,¹and Zhongkai Dang¹

Academic Editor: Stelvio Cimato

Received07 Jan 2021

Revised20 Jun 2021

Accepted08 Jul 2021

Published20 Jul 2021

Abstract

Multipartite secret sharing schemes are those that have multipartite access structures. The set of the participants in those schemes is divided into several parts, and all the participants in the same part play the equivalent role. One type of such access structure is the compartmented access structure, and the other is the hierarchical access structure. We propose an efficient compartmented multisecret sharing scheme based on the linear homogeneous recurrence (LHR) relations. In the construction phase, the shared secrets are hidden in some terms of the linear homogeneous recurrence sequence. In the recovery phase, the shared secrets are obtained by solving those terms in which the shared secrets are hidden. When the global threshold is , our scheme can reduce the computational complexity of the compartmented secret sharing schemes from the exponential time to polynomial time. The security of the proposed scheme is based on Shamir’s threshold scheme, i.e., our scheme is perfect and ideal. Moreover, it is efficient to share the multisecret and to change the shared secrets in the proposed scheme.

1. Introduction

Shamir [1] and Blakley [2] proposed the threshold secret sharing schemes in 1979. Their schemes were based on the Lagrange interpolation algorithm and the linear projective geometry, respectively. In the (t, n) threshold secret sharing scheme, the secrets can be shared among participants, and any or more participants can recover the shared secrets by pooling their shares since greater than or equal to participants (let be the set of the participants, where is the th participant in the set , ) can construct a qualified subset. Less than participants cannot get the shared secrets since less than participants cannot construct a qualified subset. If the participants of any unqualified subset cannot obtain any information about the shared secrets, then the scheme is called as the perfect scheme. We call the secret sharing scheme the ideal scheme, when each participant holds the share as long as the shared secret. The threshold secret sharing schemes proposed by Shamir and Blakley are only special cases when all the participants have the same authority. Many applications [3, 4] were developed based on the secret sharing scheme. This is the reason that the secret sharing scheme is still popular today.

1.1. Related Works

The threshold secret sharing schemes have many limitations in some conditions. Hence, other access structures were proposed successively. Shamir proposed the weighted threshold secret sharing scheme [1]. The construction of this scheme is simple: take a threshold scheme and give as many shares as its weight to each participant. Nevertheless, the obtained scheme is not ideal anymore. In 1987, Ito et al. first proposed a scheme to achieve the secret sharing on the general access structure [5]. Simmons first proposed the multipartite access structure [6]. Brickell proposed a method to construct an ideal secret sharing scheme for the multilevel and compartmented access structures [7], but it is not efficient. The definition of the compartmented access structure can be found in Section 2.2.2. Computational complexity and storage space size are usually used to measure the efficiency of a scheme. The information rate is usually used to measure the efficiency of a secret sharing scheme. Therefore, to improve the efficiency of the secret sharing scheme, many researchers focused on the study of specific families of access structures, such as graph-based access structures [8], weighted threshold access structures [9], bipartite access structures [10–12], tripartite access structures [13, 14], and threshold access structures [15]. Especially Farràs and Martł-Farr gave a complete characterization of the ideal multipartite access structures [16]. The multipartite secret sharing scheme can be divided into two types. The one is the compartmented secret sharing scheme, and the other is the hierarchical secret sharing scheme.

Recently, there were some research studies on the compartmented access structure [17–19]. Tassa et al. proposed two types of the compartmented secret sharing schemes based on the bivariate Lagrange interpolation [20]. Though some of the existing schemes are proved to be ideal, the abovementioned methods are not efficient. Farràs and Martł-Farr used the matroids and the integer polymatroids to study the compartmented access structure [16, 19], and it is easy to determine whether the secret sharing schemes are ideal or not by the matroids and the integer polymatroids. The problem that how to design a scheme to realize a compartmented access structure can be considered as the problem that how to find a representation of a matroid from the presentation of its associated polymatroid [21]. Chen et al. [21] proposed a compartmented secret sharing scheme based on the general polymatroid and the Gabidulin codes, but the scheme is also to try to obtain nonsingular matrices. Later, Chen et al. [22] gave another method based on the idea of Brickell [7], and this scheme also needed to check many matrices for nonsingularity. But Farràs and Martł-Farr [16, 19] showed that it remains open whether or not there exist efficient algorithms to obtain the representations of multipartite matroids from representations of their associated polymatroids in general. Especially, the compartmented access structure is useful in some applications. For example, a company is divided into several departments. A decision of this company needs the approval of at least some persons in each department. That is to say, a decision requires the cooperation of all departments, and a minimum number of employees in each department needs to involve in it.

Mashhadi and Dehkordi first introduced the Linear Homogeneous Recurrence (LHR) relations to the threshold secret sharing scheme [23]. Later, they introduced the linear nonhomogeneous recurrence (LNHR) relations to the secret sharing scheme [24]. But the participants have the equal authority, and the qualified subset satisfies in Mashhadi and Dehkordis schemes. Yuan et al. [25] introduced the LHR relations to the hierarchical secret sharing scheme. They reduced the computational complexity of the hierarchical secret sharing schemes from exponential time to polynomial time () ( in [25] is different to it in our scheme). But there is no scheme that realizes the compartmented secret sharing scheme in polynomial time. Thus, in this paper, we mainly discuss the compartmented access structure.

1.2. Our Contributions

The motivation of our scheme is to design an efficient secret sharing scheme with the access structures which are more general than the threshold access structures. One of the key contributions is to introduce the LHR relations into the compartmented access structure, which divides the degree of a polynomial into the low degrees of some polynomials, and each low degree equals to a fixed compartment threshold minus one. In the proposed scheme, the compartmented access structure is realized by using the linear homogeneous recurrence (LHR) relations. The LHR relations are suitable for the compartmented access structure since it has the ability to associate each compartment with a different polynomial. Another key contribution is to reduce the computational complexity of the compartmented secret sharing schemes from exponential time to polynomial time (). It is easy to share multisecret in our scheme. Each participant holds a share that is as long as the secret. The security of the proposed scheme is based on Shamir’s threshold scheme.

The remainder of this paper is organized as follows. Section 2 introduces the basic knowledge of the linear homogeneous recurrence relations and secret sharing scheme. Section 3 gives the proposed scheme. In Section 4, we analyze the security of the proposed scheme. Section 5 discusses some important properties of the proposed scheme and its performance. Finally, Section 6 draws our conclusion.

2. Preliminary Knowledge

In this section, first of all, we introduce the basic mathematical knowledge used in the proposed scheme. A detailed description of the linear homogeneous recurrence relations can be found in [24–28]. We also give a brief description about the perfect scheme, ideal scheme, and the compartmented access structure.

2.1. Linear Homogeneous Recurrence Relations

Theorem 1 (Richard [26]). Let be a sequence of integers, and let be the distinct roots of the following characteristic equation of the linear homogeneous recurrence relation with constant coefficients:where , is selected over GF (q) (), and is a large prime.

If is a -fold root of the characteristic equation of (1), then the part of the general solution of this recurrence relation corresponding to is given as

Let . So, we can get

The general solution of the recurrence relation iswhere .

Corollary 1. If , then the general solution of the recurrence relation iswhere

Definition 2 (Richard [26]). Let be an infinite sequence of numbers. Its generating function is defined to be the infinite series:The coefficient of in is the th term . Thus, acts as a placeholder for . A finite sequence can be regarded as the infinite sequence , in which all but a finite number of terms equal 0. Hence, every finite sequence has a generating function:which is a polynomial.

Theorem 2 (Richard [26]). Suppose that the LHR sequence {} is defined as (1), and the characteristic equation has different roots with multiplicities , where . Then, the generating function of the sequence {} iswhere is a polynomial function of with the degree at most . Thus, we can getwhere is a polynomial function of with the degree at most . Conversely, given such polynomials,and there is a sequence satisfying a linear homogeneous recurrence relation with constant coefficients of order of type (1) whose generating function is given by (5).

2.2. Secret Sharing Schemes

In the following section, we will give the definition of the perfect scheme and ideal scheme, and the hierarchical access structure is also listed.

2.2.1. Perfect Scheme and Ideal Scheme

Definition 3. A (t, n) threshold secret sharing scheme over M, where is the shared secret space, is a set of random inputs, and () is the share space, satisfies the following two conditions:(1)For all AM and t, , where is the subset of the participants, is the number of the participants in the subset , denotes the information of the shares to be obtained by the participants in the subset , and is the entropy.(2)For all and , . If , then the scheme is called as the perfect scheme.

Definition 4 (Tassa and Dyn [20]). Let denote the set of possible shares for the participant . The information rate of the scheme is defined aswhere denotes the size of the shared secret and denotes the size of the shares saved by the participant . If , the scheme is called as the ideal scheme.

2.2.2. Compartmented Access Structure

is used to denote the total number of the participants in the set , i.e., . In the compartmented secret sharing scheme, the set is divided into disjoint compartments , i.e., and . The participants in the same compartment play an equivalent role. Let be the compartment threshold. The compartment contains participants, where and . The qualified subset of the compartmented threshold secret sharing scheme contains at least participants from the compartment , where and . In the proposed scheme, we suppose that the global threshold is equal to . The compartmented access structure is given by

3. The Proposed Scheme

Our scheme is based on the linear homogeneous recurrence relations. In the compartmented secret sharing, the set of participants is partitioned into compartments and the shared secrets can be recovered only if the number of participants from any compartment is greater than or equal to a fixed compartment threshold , and the total number of participants is greater than the global threshold . In our scheme, we suppose that . The proposed scheme consists of three phases, i.e., the initialization phase, the construction phase (share generation phase and share distribution phase), and the recovery phase. The basic idea of the proposed scheme is illustrated as follows. The system consists of some participants and a distributor. The distributor generates a LHR relation with different roots, where is the number of the disjoint compartment. Then, the distributor chooses the shared secrets and hides the shared secrets in some terms of this LHR sequence. The difficulty of our scheme is how to generate this LHR relation. The recovery of the shared secrets is realized by solving the general term of the LHR sequence {}. Then, the participants who want to recover the shared secrets should get those terms in which the shared secrets are hidden.

3.1. Initialization Phase

In the proposed scheme, suppose that the compartmented access structure is monotone, that is, if there exists and (the access structure), , and , then we can get . Ito et al. presented that if the access structure was monotone, then there existed a perfect secret sharing scheme for the access structure [29].

The proposed scheme requires a public bulletin board. Any person has the right to read or download the contents from the public bulletin board. Only the legitimate participants in the system can publish the information to the directory and modify or update the published content according to their own permissions.

The proposed scheme is based on the LHR relation over , where is a large prime and is the finite field. denotes shared secrets that can be shared among the participants. The distributor selects over as the th participant’s in , where (this makes sure that we can hide the shared secrets in the first terms of the sequence), and . denotes -th participant in compartment , where . Then, the distributor publishes the on the public bulletin board.

3.2. Construction Phase

The dealer performs the following steps to generate the shares, distribute the shares, and hide the shared secrets in the first terms :(1)The dealer chooses different integers over , where each of them is not zero and corresponds to the number of disjoint compartments of the participants.(2)The dealer chooses different polynomials over . Let denote different polynomials. The degree of the polynomial is equal to , and is the fixed compartment threshold, that is, where the global threshold is equal to and .(3) computes and sends the share to in compartment privately in a secure channel, where and . This participant keeps the share .(4)After all the shares have been sent to the participants through , where , the dealer computes Let(5)After the general term is obtained, the dealer continues to compute . Then, hides the shared secrets in these terms .(6)The dealer computes , where .(7)The dealer publishes , and on the public bulletin board.

Remark 1. From Step (3) above, we know that the polynomial corresponds to the compartment , and just greater or equal to participants in the compartment can recover the polynomial by pooling their shares.

Remark 2. From Theorem 1, we can determine that is the general solution of a LHR relation with degree and the roots of the characteristic equation of this LHR relation are . The multiplicity of the root is .

3.3. Recovery Phase

If the participants in the qualified subset want to recover the shared secrets , they should recover the polynomials firstly. From the construction phase, we know that the order of the polynomial is . is equal to the fixed compartment threshold, and only the participants in the compartment can recover the polynomial . Since the order of is , we need greater or equal to participants in the compartment to recover the polynomial .

So, these participants in the qualified subset contain at least participants from the subset , where . Suppose that the subset satisfies these conditions. A participant in the subset can obtain the share of each participant by the exchange in the secure channel. Assume that the participants in the qualified subset want to recover the shared secrets. In the subset , participants from the compartment pool the shares, where . By using these shares, these participants can determine the polynomial , where . After all the polynomials have been obtained, from Theorem 1 and the public parameters on the public bulletin board, the participants in the subset can determine the general solution of the recurrence relation, that is,

From (17), the participants in the subset can compute . From Step (6) of the construction phase, the participants in the subset can obtain the shared secrets by , where .

3.4. Example

In this section, we give a example to show how the dealer distributes the secrets in the construction phase and the participants recover the shared secrets in the recovery phase.

3.4.1. Initialization Phase

(1)Suppose that the set of the participants is divided into two disjoint compartments and , i.e., , and let . Let and .(2) randomly selects two shared secrets over , where the prime . Set over .

3.4.2. Construction Phase

(1) selects two values .(2) randomly selects two polynomials over . Let and .(3) distributes the share to the th participant in , where and . These shares are listed as follows:(4)Let . Then, computes .(5) computes .(6) publishes , and .

3.4.3. Recovery Phase

Before the participants can recover the shared secrets, these participants should recover the two polynomials firstly. For and , a qualified subset must contain at least two participants from and three participants from . These participants recover the shared secrets by exchanging their shares. We suppose two participants from and three participants from . The two polynomials are recovered as follows.(1)Firstly, we show how the polynomial is recovered by . For the two points (3, 7) and (5, 11), a polynomial can be determined by(2)Secondly, the polynomial is recovered by . For the three points (7, 17), (9, 9), and (10, 8), a polynomial can be determined by(3)From the public values , these participants can get Note: from Section 3.4.2, Construction Phase, we know that the participants in the subset obtain the shares through and the participants in the subset get the shares through , respectively. Thus, the participants just only can recover , and the participants just only can recover .(4)These participants compute .(5)From the public values , these participants can obtain the two shared secrets through the following equation: so .

4. Security Analysis

In this section, we will analyze that the unqualified subset cannot obtain the shared secrets and prove that the public values cannot leak any information about the shared secrets. First, we give a proposition below.

Proposition 1. If is a -fold root of the characteristic equation of LHR relation and the general solution for this LHR relation is given bythen its coefficient can be determined by initial values by solving the linear system of equation, where .

From (17), we know when the participants in a unqualified subset want to recover the shared secrets, they must recover every polynomial , . Assume that the number of the participants is in the unqualified subset. If the total number of the participants in the unqualified subset is , where , then there exists the situation that the number of the participants contained in some compartment is .

Theorem 3. The general term of a linear homogeneous recurrence relation is secure for the unqualified participants if and only if the polynomial is secure for the unqualified participants.

Proof. First, we give an analysis that the public values do not leak any information about the shared secrets. From the public values , the characteristic equation of a LHR relation can be determined, according to Theorem 1. If a LHR relation is given, then the characteristic equation of this LHR relation can be determined and the root of the characteristic equation can be found. Thus, the public values do not leak any information except the characteristic equation of a LHR relation. From (4), we haveFor Corollary 1, is also the general term of a LHR relation with degree, where the order of the polynomial is . We have supposed that the unqualified subset contains participants and out of is in (let the random terms be ). Suppose that the general term of the linear homogeneous recurrence relation with degree is secure for the unqualified participants. From the above, we know that public value does not leak any information except the characteristic equation. If the polynomial with degree is not secure for the unqualified participants, that is to say, the points can determine a polynomial with degree . From (5), we also infer that the values can determine the general term of a linear homogeneous recurrence relation with degree . This is contradictory to our assumption. () Suppose that the polynomial with degree is secure for the unqualified participants. If the general term of the linear homogeneous recurrence relation with degree is not secure for the unqualified participants, then random terms () can determine the general term of the linear homogeneous recurrence relation. According to (24), we pick up different terms and then can get different points of the polynomial . Since the degree of the random polynomial is , we can say that points can determine a random polynomial with the degree . This is contradictory to our assumption.Therefore, when the participants in the unqualified subset want to obtain the shared secrets, our scheme is safe. Each share is sent through a secure channel, so we do not discuss about the shares’ leakage.

5. Discussion

In our scheme, each participant just holds one share to recover the secrets in the whole recovery process. In this section, firstly, we prove that our scheme is perfect and ideal, and we also show that it is efficient to distribute multiple secrets. Secondly, we compare the popular schemes with our scheme.

5.1. Performance

We first show that the proposed scheme is perfect. So, we should prove that, for all and , . Equivalently, we require that, for any shared secrets and ,where , and is distributed by the linear homogeneous recurrence (LHR) relation (). We use to denote the linear homogeneous recurrence relation. The other is distributed through the linear homogeneous recurrence (LHR) relation (). Since the number of the participants in the subset is , there exists the situation that the number of the participants contained in some compartment is less than the threshold . We assume that the participants in the subset can recover all the polynomials except . Suppose that two linear homogeneous recursive (LHR) sequences and satisfy the following conditions, that is,

The degrees of the polynomials and are . Since we can determine all the polynomials except and , if we can recover two polynomials and , then and can be determined. Thus, we can determine the shared secrets and . Sincewe can getwhereand is a participant’s .

From the characteristic of the Vandermonde matrix, we can deduce . There is no unique solution to (28). The probabilities of determining the vector and the vector are equal. Since, in the proposed scheme, when polynomials are determined, then the shared secrets can be determined. So, the probabilities of determining and are equal, i.e.,so . Therefore, the proposed scheme is perfect.

In our scheme, each participant’s is published on the public bulletin board, and each participant’s share is selected over . Each participant just should hold one share, and the shared secrets are selected over . So, each share is as long as each secret. Therefore, the proposed scheme is ideal.

For safety reasons or a certain requirement, we should change the shared secrets. The process of changing the shared secrets is given as follows.(1) chooses new shared secrets(2) computes , where (3) updates on the public bulletin board, where

From the above process, we know that the computational cost is low to change the shared secrets.

5.2. Efficiency

When the global threshold is large, it usually takes a lot of computation to obtain the pairs of points of the polynomial. Because the order of the polynomial may also be , it costs a lot of time to evaluate a polynomial with a large degree. In our scheme, we divide the global threshold into small thresholds , where . Each threshold corresponds to a polynomial with the degree . Since the global order is divided into small low thresholds in the proposed scheme, it is efficient to get the evaluations on these low order polynomials. When the threshold is , the computational complexity is usually higher than . Before the hierarchical secret sharing scheme [25] was proposed, the computational complexity of the multipartite secret sharing schemes is exponential time. Yuan and Yang [25] reduced the computational complexity of the hierarchical secret sharing scheme from exponential time to polynomial time ( in [25] is different to it in our scheme, and in our scheme is usually smaller than in [25]), but the computational complexity of our scheme can reduce to . So, the computational efficiency of the compartmented secret sharing scheme is better than the computational efficiency of the hierarchical secret sharing scheme, when the two types of the secret sharing schemes are based on LHR relations. In the recently popular compartmented secret sharing scheme [21], the nonsingular matrices are also needed to be obtained, and this computational complexity is exponential time. Comparing to the popular scheme [21], the computational complexity of our scheme is polynomial time (). So, our scheme is more efficient than the existing popular compartmented secret sharing schemes. But our scheme needs more public values than the existing popular compartmented secret sharing scheme [21].

6. Conclusion

In this paper, based on the linear homogeneous recurrence relations, we propose a compartmented multisecret sharing scheme. We prove that the proposed scheme is perfect and ideal. The security of our scheme is based on Shamir’s threshold scheme. Each polynomial corresponds to a different subset of the participants, and the degree of the polynomial is equal to the threshold of the compartment minus one, i.e., we divide the -th degree polynomial into different polynomials, and the sum of the degrees of different polynomials is equal to . It is more efficient to distribute or recover the shared secrets by using some polynomials with low degrees than to distribute/recover the shared secrets by using a polynomial with a large degree, i.e., the computational complexity is reduced from time exponential time to . Moreover, our scheme is efficient when we share the multisecret. Especially, when we want to change the shared secrets, we can find that the proposed scheme is more efficient than the existing popular multisecret sharing schemes that were not based on the linear homogeneous recurrence relations. In the proposed scheme, each participant only needs to hold one share in the whole process. The limitation of our scheme is that our scheme needs more public values.

Data Availability

No data were used to support the findings of the study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant no. 61897069.

References

A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.
View at: Publisher Site | Google Scholar
G. R. Blakley, “Safeguarding cryptographic keys,” in Proceedings of the National Computer Conference, vol. 48, pp. 313–317, AFIPS Press, Montvale, NJ, USA, June 1979.
View at: Publisher Site | Google Scholar
D. Xie, L. Li, H. Peng, and Y. Yang, “A secure and efficient scalable secret image sharing scheme with flexible shadow sizes,” PloS One, vol. 12, no. 1, Article ID e0168674, 2017.
View at: Publisher Site | Google Scholar
M. Xiao, J. Wu, S. Zhang, and J. Yu, “Secret-sharing-based secure user recruitment protocol for mobile crowdsensing,” in Proceedings of the IEEE INFOCOM, pp. 1–9, Atlanta, GA, USA, May 2017.
View at: Publisher Site | Google Scholar
M. Ito, A. Saito, and T. Nishizeki, “Secret sharing scheme realizing general access structure,” Electronics and Communications in Japan, vol. 72, no. 9, pp. 56–64, 1989.
View at: Publisher Site | Google Scholar
G. J. Simmons, “How to (really) share a secret,” in Proceedings of the Conference on the Theory and Application of Cryptography, pp. 390–448, Springer, Santa Barbara, CA, USA, August 1988.
View at: Google Scholar
E. F. Brickell, “Some ideal secret sharing schemes,” Journal of Combinatorial Mathematics and Combinatorial Computing, vol. 434, pp. 468–475, 1989.
View at: Google Scholar
C. Blundo, A. De Santis, D. R. Stinson, and U. Vaccaro, “Graph decompositions and secret sharing schemes,” Journal of Cryptology, vol. 8, no. 1, pp. 39–64, 1995.
View at: Publisher Site | Google Scholar
A. Beimel, T. Tassa, and E. Weinreb, “Characterizing ideal weighted threshold secret sharing,” Theory of Cryptography, Springer, Berlin, Germany, 2005.
View at: Publisher Site | Google Scholar
C. Padro and G. Saez, “Secret sharing schemes with bipartite access structure,” IEEE Transactions on Information Theory, vol. 46, no. 7, pp. 2596–2604, 2000.
View at: Publisher Site | Google Scholar
S. L. Ng, “A representation of a family of secret sharing matroids,” Designs, Codes and Cryptography, vol. 30, no. 1, pp. 5–19, 2003.
View at: Publisher Site | Google Scholar
S.-L. Ng and M. Walker, “On the composition of matroids and ideal secret sharing schemes,” Designs, Codes and Cryptography, vol. 24, no. 1, pp. 49–67, 2001.
View at: Publisher Site | Google Scholar
J. M. Collins, “A note on ideal tripartite access structures,” Tech. Rep., p. 193, IACR Cryptology ePrint Archive, Lyon, France, 2002, Report 2002/193, vol.2002.
View at: Google Scholar
J. Herranz and G. Saez, “New results on multipartite access structures,” IEE Proceedings - Information Security, vol. 153, no. 4, pp. 153–160, 2006.
View at: Publisher Site | Google Scholar
T. Tassa, “Hierarchical threshold secret sharing,” in Theory of Cryptography Conference, pp. 473–490, Springer, Cambridge, MA, USA, February 2004.
View at: Publisher Site | Google Scholar
O. Farras, J. Martl-Farr, and C. Padro, “Ideal multipartite secret sharing schemes,” Journal of Cryptology, vol. 25, no. 3, 2012.
View at: Publisher Site | Google Scholar
A. N. Tentu, K. Bhavani, A. Bsit, and V. C. Venkaiah, “Sequential (t,n) multi secret sharing scheme for level-ordered access structure,” International Journal of Information Technology, vol. 11, pp. 1–11, 2018.
View at: Publisher Site | Google Scholar
Y. Yu and M. Wang, “A probabilistic secret sharing scheme for a compartmented access structure,” in International Conference on Information and Communications Security, pp. 136–142, Springer-Verlag, Beijing, China, November 2011.
View at: Publisher Site | Google Scholar
O. Farràs, C. Padró, C. Xing, and A. Yang, “Natural generalizations of threshold secret sharing,” IEEE Transactions on Information Theory, vol. 60, no. 3, pp. 1652–1664, 2014.
View at: Publisher Site | Google Scholar
T. Tassa and N. Dyn, “Multipartite secret sharing by bivariate interpolation,” Journal of Cryptology, vol. 22, no. 2, pp. 227–258, 2009.
View at: Publisher Site | Google Scholar
Q. Chen, C. Tang, and Z. Lin, “Efficient explicit constructions of compartmented secret sharing schemes,” Designs, Codes and Cryptography, pp. 1–28, 2019.
View at: Publisher Site | Google Scholar
Q. Chen, C. Tang, and Z. Lin, “Efficient explicit constructions of multipartite secret sharing schemes,” in Proceedings of the ASIACRYPT, vol. 11922, pp. 505–536, Kobe, Japan, December 2019.
View at: Google Scholar
M. Hadiandehkordi and S. Mashhadi, “New efficient and practical verifiable multi-secret sharing schemes,” Information Sciences, vol. 178, no. 9, pp. 2262–2274, 2008.
View at: Publisher Site | Google Scholar
S. Mashhadi and M. Hadian Dehkordi, “Two verifiable multi secret sharing schemes based on nonhomogeneous linear recursion and lfsr public-key cryptosystem,” Information Sciences, vol. 294, pp. 31–40, 2015.
View at: Publisher Site | Google Scholar
J. Yuan, J. Yang, G. Xu, X. Jia, F. Fu, and C. Wang, “A new efficient hierarchical multi-secret sharing scheme based on linear homogeneous recurrence relations,” Tech. Rep., Cryptology ePrint Archive, Lyon, France, 2020, Report 2020/1612.
View at: Google Scholar
B. A. Richard, Introductory Combinatorics, China Machine Press, Beijing, China, 5th edition, 2009.
J. Yuan and L. Li, “A fully dynamic secret sharing scheme,” Information Sciences, vol. 496, 2019.
View at: Publisher Site | Google Scholar
G. Xu, J. Yuan, G. Xu, and X. Jia, “A new multi-stage secret sharing scheme for hierarchical access structure with existential quantifier,” Information Technology and Control, vol. 50, no. 2, pp. 236–246, 2021.
View at: Publisher Site | Google Scholar
M. Ito, A. Saito, and T. Nishizeki, “Secret sharing scheme realizing general access structure,” in Proceedings of the IEEE Globcom, vol. 87, pp. 99–103, Tokyo, Japan, 1987.
View at: Google Scholar

Copyright

Copyright © 2021 Guoai Xu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

478

Downloads

502

Citations