Grouped Secret Sharing Schemes Based on Lagrange Interpolation Polynomials and Chinese Remainder Theorem

Miao, Fuyou; Yu, Yue; Meng, Keju; Xiong, Yan; Chang, Chin-Chen

doi:https://doi.org/10.1155/2021/6678345

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Discussion Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2021 | Article ID 6678345 | https://doi.org/10.1155/2021/6678345

Grouped Secret Sharing Schemes Based on Lagrange Interpolation Polynomials and Chinese Remainder Theorem

Fuyou Miao,¹Yue Yu,¹Keju Meng,¹Yan Xiong,¹and Chin-Chen Chang^2,3

Academic Editor: Angel M. Del Rey

Received16 Nov 2020

Revised07 Mar 2021

Accepted23 Mar 2021

Published05 Apr 2021

Abstract

In a threshold secret sharing (SS) scheme, whether or not a shareholder set is an authorized set totally depends on the number of shareholders in the set. When the access structure is not threshold, (t,n) threshold SS is not suitable. This paper proposes a new kind of SS named grouped secret sharing (GSS), which is specific multipartite SS. Moreover, in order to implement GSS, we utilize both Lagrange interpolation polynomials and Chinese remainder theorem to design two GSS schemes, respectively. Detailed analysis shows that both GSS schemes are correct and perfect, which means any authorized set can recover the secret while an unauthorized set cannot get any information about the secret.

1. Introduction

The notion of secret sharing (SS) was first introduced by Shamir [1] and Blakley [2], respectively, in 1979. In an SS scheme, a dealer divides a secret into some pieces . Each piece is called a share of the secret. Then, the dealer can design an access structure , where is a minimal authorized set, i.e., any superset of can recover the secret. According to the access structure, the dealer sends each shares to the corresponding shareholder in private. After share generation, if a shareholder set is a superset of an authorized set, i.e., , can reconstruct the secret as long as the shareholders in release shares to the others in . If there does not exist any such that , the secret cannot be recovered by .

SS schemes are classified into many types, such as threshold SS [3, 4], weighted threshold SS [5, 6], hierarchical threshold SS [7, 8], multilevel threshold SS [9, 10], multipartite SS [11, 12], and so on. The most classical SS is threshold SS. There are shareholders in a threshold SS scheme. A dealer divides a secret into shares and sends each share to a shareholder securely. Then, any or more than shareholders can collaborate to obtain the secret by pooling their shares together while any up to shareholders cannot. The value of is called the threshold of the SS scheme.

Obviously, in a threshold SS scheme, whether or not a shareholder set is able to recover the secret is totally dependent on the number of shareholders in the set. Hence, SS cannot work in many cases. For example, suppose a big company BC consists of five constituent companies which share the final decision rights of BC equally. Each constituent company has several shareholders who can represent the constituent company to confer with representatives of the other constituent companies on the final decision of BC. Although different shareholders in a constituent company own different shares, they have the same rights. In such a scene, if a shareholder set is able to make a decision of BC, at least five shareholders are included in the set. However, it is far from that any five shareholders can do that. Only if a shareholder set includes the representatives from all the five constituent companies, the set can make a decision of BC. Therefore, the given access structure is not just threshold.

Farras et al. [11] first proposed the notion of multipartite SS which can solve the above problem. In a multipartite SS scheme, shareholders are divided into several disjoint partitions and each partition has a part access structure. If a shareholder set satisfies all the part access structures, it can recover the secret. But as long as the shareholder set does not satisfy any one part access structure of a partition, the secret cannot be obtained. Later, Tassa and Dyn [12] and Hsu and Harn [13] utilized bivariate interpolation and Chinese remainder theorem (CRT) to implement multipartite SS schemes. Obviously, if each threshold of part access structure equals one, the above problem can be solved. However, in the multipartite SS schemes, if the threshold is equal to one in a partition, all the shareholders in the partition get the same share. In terms of security, different shareholders are supposed to keep different shares even when they are in the same partition. For this purpose, we propose a new SS named grouped secret sharing (GSS) in this paper.

Informally, suppose that there are totally shareholders in a SS scheme. They are divided into disjoint groups. Each shareholder keeps a distinct share and belongs to a group. If a shareholder set shares at least one shareholder with every group, the shareholder set is allowed to recover the secret. Otherwise, the secret cannot be reconstructed. Then, the SS scheme is a GSS scheme.

In order to implement GSS, this paper uses Lagrange interpolation polynomials (LIPs) and Chinese remainder theorem (CRT) to design two GSS schemes, respectively. Thereinto, LIP as a method of linear combination plays an important role in numerical analysis. Shamir first used it to design a threshold SS scheme [1] in 1979. Later, LIP became the most common tool to design SS schemes because it is very simple and efficient. There are many schemes [14, 15] based on LIP. CRT is used to solve systems of linear congruence equations. Mignotte first proposed a threshold SS scheme [16] based on CRT in 1982, but the scheme is ramp instead of perfect because even an unauthorized shareholder set can obtain part of information about the secret. Asmuth and Bloom modified Mignotte’s scheme to give a perfect threshold SS scheme [17]. There are also many other kinds of SS schemes [18, 19] based on CRT.

Based on the above, the contributions of the paper are listed as follows:(1)The paper proposes a kind of SS named grouped secret sharing (GSS).(2)Both LIP and CRT are utilized to construct two GSS schemes.(3)Although shareholders in a same group keep different shares, each one of them can represent the group to participate in secret reconstruction.

The outline of the paper is as follows. In the next section, we provide the notion of CRT, Shamir SS scheme, Asmuth–Bloom SS scheme, and the formal definition of GSS as the preliminaries. A GSS scheme based on LIP and correlative correctness and security analyses are shown in Section 3. Analogously, a GSS scheme based on CRT and correlative analyses are given in Section 4. For a better illustration, we give two numerical examples in Section 5. Some discussions about perfectness and information rate are shown in Section 6. We conclude the work in Section 7.

2. Preliminaries

In this section, we introduce some preliminaries including CRT, Shamir SS scheme, Asmuth–Bloom SS scheme, and the formal definition of GSS.

2.1. Chinese Remainder Theorem (CRT) [20]

Given the following system of linear congruence equations:if all moduli are pairwise co-prime, i.e., for , CRT illustrates that the system must have solutions for any integer of . Define , , and for . Then, the system has an unique solution in :

2.2. Shamir’s Threshold SS Scheme

In Shamir’s threshold SS scheme, there are shareholders and a dealer who is trusted by all shareholders. The scheme consists of two algorithms.

2.2.1. Share Generation

The dealer randomly selects a polynomial of degree : , where all coefficients are in . The secret is constant term of , i.e., . picks different positive integers to compute shares for , where is public information associated with shareholder . Then, the dealer securely sends the share to the corresponding shareholder .

2.2.2. Secret Reconstruction

Assume that shareholders work together to recover the secret. Each shareholder releases its share to the others. After a shareholder receives the other shares, it can use LIP to recover the secret:

2.3. Asmuth–Bloom Threshold SS Scheme

There is a dealer and shareholders in Asmuth–Bloom threshold SS scheme which also consists of two algorithms.

2.3.1. Share Generation

At first, the dealer picks a prime number and a sequence of pairwise co-prime positive integers with , , and for . Then, picks a random integer and a secret in , such that . Next, computes shares for , where is public information associated with shareholder . Finally, the dealer securely sends the share to the corresponding shareholder .

2.3.2. Secret Reconstruction

Assume that shareholders want to recover the secret. Each of them releases its share to the others. After a shareholder receives the other shares, he gets a system of linear congruence equations:

Using the standard CRT, the value of can be computed aswhere and . Then, the secret can be obtained as .

2.4. Grouped Secret Sharing (GSS)

In the following, we give a formal definition of GSS.

Definition 1. (grouped secret sharing). For an SS scheme, let be a set of shareholders and assume that is composed of disjoint groups, i.e., , where is a set of shareholders such that and for all , and . Every shareholder keeps a unique share. If the access structure of the scheme is shown aswhere is a shareholder set.
In other words, if can reconstruct the secret, it must share at least one shareholder with each of the disjoint groups. If so, the SS scheme is a GSS scheme. Figure 1 shows the model of GSS.

2.5. Introduction to Lattice

Because some security analyses need to use lattice, we give some definitions about lattice.

Definition 2. (lattice). Given linearly independent vectors , the lattice generated by the vectors isVectors are the basis of .

Definition 3. (the closest vector problem). Given a vector that is not in a lattice , find a vector that is closest to .
In the lattice with high dimensions, it is difficult to solve CVP in polynomial time. However, CVP is solvable in a reduced basis with low dimensions. LLL algorithm was proposed by Lenstra, Lenstra, and Lovász, and thus it is called LLL algorithm. LLL algorithm uses Schmidt orthogonalization repeatedly to obtain a reduced basis. The detailed algorithm is shown in paper [21].

3. GSS Based on LIP

In this section, we first show how to implement a GSS based on Shamir’s threshold SS scheme. The correctness and security analyses are given in the next two subsections, respectively.

3.1. Implementing a GSS Based on Shamir SS Scheme

According to the above definition of GSS, any shareholder can represent the group to participate in secret reconstruction but different shareholders should keep different shares even when they are in a same group. Hence, this paper focuses on how to generate different shares in a group while all shares can be used to recover the same secret.

Our GSS scheme based on LIP consists of three algorithms: (1) main share generation for a group; (2) subshare generation for a shareholder; and (3) secret reconstruction.

3.1.1. Main Share Generation for a Group

Let be a set of shareholders. All the shareholders are divided into disjoint groups . A shareholder only belongs to one group, i.e., if . Each group has shareholders such that .

A dealer chooses two prime numbers and with . Then, randomly picks a polynomial of degree : , where but the other coefficients are limited in , i.e., for . The secret is equal to the constant term of , i.e., .

As for a group , the dealer selects a positive integer from as public information associated with , where and if . Then, computes a main share for group as .

3.1.2. Subshare Generation for a Shareholder

After Algorithm 1, each group is allocated a main share. If there just exists one shareholder in a group, the dealer can use 0 as the random integer to generate a subshare for the only shareholder. Otherwise, for each shareholder (superscript denotes that the shareholder is in group and subscript is an integer from the interval and denotes that the shareholder is the -th shareholder in ), the dealer computes a subshare aswhere is a random integer picked by and . sends as private share to the corresponding shareholder securely.

3.1.3. Secret Reconstruction

Note that any SS scheme has the monotone property. In other words, if a shareholder set can recover the secret, any superset of can also realize secret reconstruction.

If a shareholder set is allowed to recover the secret , at least one shareholder is included in for , where is a random integer in . Then, without loss of generality, can be divided into two subsets and , where and . In terms of definition of GSS, the subset is able to recover the secret.

Each shareholder in releases its subshare to the other shareholders in . After that, all the shareholders in get shares . Then, the secret can be obtained by computing

3.2. Correctness Analysis

In order to demonstrate that the proposed GSS scheme based on LIP can work correctly, we give two steps to prove the equation (Table 1). Step 1:. Step 2:.

On account of Step 1 and Step 2, it is proven that the secret can be obtained by computing .

3.3. Security Analysis

In this section, we give two theorems to prove the security of the proposed GSS based on LIP. Because secret is uniformly distributed in , the probability of obtaining from no share is . In general, is a large number such that it is impossible to guess the secret directly without any information. Therefore, if the probability of an event occurring is equal to or less than , the event can be considered as impossibility.

Theorem 1. In the GSS based on LIP, a subshareis valid just in the group, while it is invalid in any other groupwhere.

Proof. In the light of correctness analysis, we have proved that the subshare is valid in . Hence, we give the proof of the latter part of Theorem 1 in the following. In more detail, we should prove that the probability of being valid in is no more than .
If is valid in , it means . In the equation, has a uniform distribution in since it is computed as and all the coefficients of are unknown. And can be any integer over . From the equation, we getDefine with only one independent variable . Then, given a fixed value of , holds if and only if for . Because if there exist and such that , there must be an integer such that , i.e., . In this way, we can get , i.e., because and . Furthermore, is a 1-to-1 function, i.e., also has values corresponding to values of . In the same way, has values corresponding to values of because is a fixed value. However, has a uniform distribution in . Hence, the probability that equation (11) holds is , which is less than due to . This means it is impossible to make equation (11) true. In other words, the subshare is invalid in any other group , where .

Theorem 2. In the GSS based on LIP, for a shareholder set, if there exists a groupsuch that, the setcannot recover the secret.

Proof. Without loss generality, suppose that . In other words, includes shareholders in all the groups except . Besides, suppose that at least two shareholders exist in a group.
Now, let us prove that if can recover the secret , it must know the exact value of the main share .
In group , we havewhere . In the equation, , and are known, while , and are unknown. Although there exist three unknown numbers in two equations, they can still be recovered because , while . In other words, are very short compared with , Therefore, we can construct a lattice and utilize lattice basis reduction algorithm to recover . From equation (12), we can deduceThen, construct a lattice as follows:Define a target vector , where is a prime greater than to guarantee the distance of any lattice vector far away from is greater than .
Note that ; then, the distance of far away from lattice isWe claim that vector is the closest lattice point far away from . Finally, we invoke LLL algorithm to recover and by solving the closest vector problem (CVP). Once we recover and , can be obtained easily. After that, we get main shares for to construct coordinates on the original polynomial such as .
Now, suppose that we can recover the secret ; it means that we obtain another coordinate . Then, can be reconstructed from and coordinates because the degree of is .
If we obtain , the main share can be computed as easily. However, we do not have any information about , since no shareholder in group is concluded in . As a deduction, it means that cannot recover the secret if there exists a group such that .

4. GSS Based on CRT

In this section, we first implement a GSS based on Asmuth–Bloom threshold SS scheme. The related correctness and security analyses are given in the following.

4.1. Implementing a GSS Based on Asmuth–Bloom SS Scheme

Our GSS scheme based on CRT consists of three algorithms: (1) main share generation for a group; (2) subshare generation for a shareholder; and (3) secret reconstruction.

4.1.1. Main Share Generation for a Group

Let be a set of shareholders. All the shareholders are divided into disjoint groups . A shareholder only belongs to one group, i.e., if . Each group has shareholders such that .

At first, the dealer picks a prime number and a sequence of pairwise co-prime positive integers with , and for , where is a public modulus associated with the group . Then, picks a random integer and secret in , such that . Finally, for each group , the dealer computes a main share as .

4.1.2. Subshare Generation for a Shareholder

After Algorithm 1, each group is allocated a main share. Let and . If there just exists one shareholder in a group, the dealer can use 0 as the random integer to generate a subshare for the only shareholder. Otherwise, for each shareholder in group , the dealer computes a subshare aswhere is a random integer picked by and . securely sends as a private share to the corresponding shareholder .

4.1.3. Secret Reconstruction

If a shareholder can recover the secret, without loss of generality, it is divided into two subsets and , where and . can recover the secret due to the definition of GSS.

Each shareholder in releases its subshare to the other shareholders in . After that, all the shareholders in get shares . Then, the secret can be obtained by computing

4.2. Correctness Analysis

In order to demonstrate that the proposed GSS scheme based on CRT can work correctly, we give two steps to prove (Table 2).

Step 1:. Step 2:.

On account of Step 1 and Step 2, it is proven that the secret can be obtained by computing .

4.3. Security Analysis

In this section, we give two theorems to prove the security of the proposed GSS based on CRT. Because the secret is uniformly distributed in , the probability of obtaining from no information is . Therefore, if the probability of an event occurring is equal to or less than , the event can be considered as impossibility.

Theorem 3. In the GSS based on CRT, a subshareis valid just in the group, while it is invalid in any other groupwhere.

Proof. According to the correctness analysis, we have proved that the subshare is valid in . Hence, we give the proof of the latter part of Theorem 3 in the following. In more detail, we should prove that the probability of being valid in is no more than .
If is valid in , it meanswhere , , and are fixed values; has uniform distributions in ; and can be any integer over . Because has alternative values, there are at most alternative values of to make equation (19) true. And due to , the probability that equation (19) holds is less than . Then, on account of and , we can get . Therefore, equation (19) cannot be satisfied. In other words, the subshare is invalid in any other group , where .

Theorem 4. In the GSS based on CRT, for a shareholder set, if there exists a groupsuch that, the setcannot recover the secret.

Proof. Without loss generality, suppose that . In other words, includes shareholders in all the groups except . Besides, suppose that at least two shareholders exist in a group.
Let us prove the following proposition firstly.

Proposition 1. If can recover the secret , can also be recovered from main shares for .

From the correctness analysis, we know all subshares in the same group are totally equivalent, i.e., is equivalent to when they are used to participate in secret reconstruction, where , and . Therefore, we can use main shares and random integers which are all selected from to generate another set such that for . Then, if can recover the secret, it means can also be reconstructed from .

Now, the correctness of Proposition 1 has been proved. Its converse-negative proposition can be stated as follows. If cannot be recovered from main shares for , also cannot recover the secret . Obviously, the converse-negative proposition is also true.

Then, we will use the deduction to prove Theorem 4. In group , we havebecause , , and . Then, we getwhere and . In the equation, , and are known, while , and are unknown. In a similar way, although there exist three unknown numbers in two equations, they can still be recovered because , while . In other words, are very short compared with , Therefore, we still construct a lattice and utilize lattice basis reduction algorithm to recover . From equation (21), we can deduce

Then, we still construct the lattice as follows:

Define a target vector , where is a prime greater than to guarantee the distance of any lattice vector far away from is greater than .

Note that ; then, the distance of far away from lattice is

We claim that vector is the closest lattice point far away from . Finally, we still invoke LLL algorithm to recover and by solving the closest vector problem (CVP). Once we recover and , can be obtained easily.

After that, we get main shares for . Given the main shares, we can just obtain by CRT from the following system of equations:where , , and , i.e., from some integer . However, from Figure 2, there are at least possible values of such that . In other words, the probability of recovering from main shares is less than . According to the converse-negative nature of Proposition 1, the set cannot recover the secret if there exists a group such that .

5. Numerical Examples

In this section, we give two numerical examples to illustrate the two GSS schemes, respectively. In both examples, suppose that there are groups with 2 shareholders, with 3 shareholders, and with 2 shareholders.

Example 1. Firstly, the dealer selects two prime numbers and such that . Then, generates a degree-2 polynomial , where secret is equal to 5.
For group , selects an integer as the public information associated with and computes as its main share. For group , selects an integer as the public information associated with and computes as its main share. For group , selects an integer as the public information associated with and computes as its main share.
For the two shareholders and in , the dealer uses two random integers and to compute subshares and . For three shareholders , , and in , selects three random integers , , and to compute subshares , , and . For the two shareholders and in , picks two random integers and to compute subshares and . After that, the dealer sends each subshare to the corresponding shareholder securely.
Secret reconstruction 1: If , and work together to recover the secret, each of them releases its share to the others. Then, the secret is evaluated as .
Secret reconstruction 2: If , and collaborate to recover the secret, each of them releases its share to the others. Then, the secret is evaluated as .

Example 2. Firstly, the dealer picks a prime number and 3 pairwise co-prime moduli , and such that and , where is public modulus associated with group for . Then, selects a secret and a random integer such that .
For group , the dealer computes a main share . Main shares for and are computed as and .
For the two shareholders and in , the dealer uses two random integers and to compute subshares and , where and . For the three shareholders , and in , selects three random integers , and to compute subshares , and . For the two shareholders and in , picks two random integers and to compute subshares and . After that, the dealer sends each subshare to the corresponding shareholder securely.
Secret reconstruction 1: if , , and work together to recover the secret, each of them releases its share to the others. Then, the secret is evaluated as .
Secret reconstruction 2: if , , and collaborate to recover the secret, each of them releases its share to the others. Then, the secret is evaluated as .

6. Discussion

In this section, we show both the two GSS schemes are perfect SS schemes. Then, we give some discussions about the information rate for the two GSS schemes.

6.1. Perfect SS

Definition 4. Perfect SS: in an SS scheme, let , , , and be the secret, secret space, a shareholder set, and share set of . The SS is perfect with respect to probability distribution of on the secret space if(1).(2) if is an authorized set.(3) if is not an authorized set.In the GSS scheme based on LIP, secret space is , and hence . From the correctness analysis in Section 3, any authorized set can recover the secret by executing the algorithm in secret reconstruction, so the second condition holds. From Theorem 2, the probability of obtaining the secret from the shares kept by an unauthorized shareholder set is also , i.e., . Therefore, the GSS scheme based on LIP is a perfect SS scheme.
In the same way, we can get that the GSS scheme based on CRT is also a perfect SS scheme.

6.2. Information Rate

Definition 5. Information rate: in an SS scheme, let be the secret and be the share set. Then, the information rate of the scheme is defined asAccording to [22], the information rate of a prefect SS scheme is no more than 1. Besides, the higher is, the more effectively the SS scheme works. In the GSS scheme based on LIP, secret is in while every share is in . Therefore, the information rate is equal to , which is between and because . Although is less than 1, it is still acceptable. However, in the GSS based on CRT, secret is in while every share is in , where is a product of module and each modulus is greater than . Therefore, the information rate is very low. We just show the scheme to prove that CRT also can be used to design GSS scheme. In practice, the first GSS scheme based on LIP is more advisable.

7. Conclusions

In this paper, we propose a kind of secret sharing which is named group secret sharing (GSS). By modifying Shamir and Asmuth–Bloom threshold SS schemes, we implement two GSS schemes based on LIP and CRT, respectively. The correctness analysis shows that the two GSS schemes can work correctly and the security analysis proves that the two schemes are secure. For a better illustration, two numerical examples are also given. Both the two GSS schemes are perfect, but the GSS based on LIP is more effective because its information rate is higher than the other one.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This study was supported by the National Key Research and Development Program of China (2018YFB2100300 and 2018YFB0803400) and the National Natural Science Foundation of China (61520106007).

References

A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.
View at: Publisher Site | Google Scholar
G. R. Blakley, “Safeguarding cryptographic keys,” National Computer Conference, vol. 48, pp. 313–317, 1979.
View at: Google Scholar
J. Kurihara, S. Kiyomoto, K. Fukushima, and T. Tanaka, “Threshold secret sharing scheme and its extension,” in Proceedings of the International Conference on Information Security, pp. 455–470, Springer, Busan, Korea, 2008.
View at: Google Scholar
C. C. Drăgan and F. L. Tiplea, “On the asymptotic idealness of the asmuth-bloom threshold secret sharing scheme,” Information Sciences, vol. 463, pp. 75–85, 2018.
View at: Google Scholar
A. Beimel, T. Tassa, and E. Weinreb, “Characterizing ideal weighted threshold secret sharing,” in Proceedings of the Theory of Cryptography Conference, pp. 600–619, Springer, Durham, NC, USA, 2005.
View at: Google Scholar
P. Morillo, C. Padró, G. Sáez, and J. L. Villar, “Weighted threshold secret sharing schemes,” Information Processing Letters, vol. 70, no. 5, pp. 211–216, 1999.
View at: Publisher Site | Google Scholar
O. Farras and C. Padró, “Ideal hierarchical secret sharing schemes,” IEEE Transactions on Information Theory, vol. 58, no. 5, pp. 3273–3286, 2012.
View at: Publisher Site | Google Scholar
P. S. Roy, S. Dutta, K. Morozov et al., “Hierarchical secret sharing schemes secure against rushing adversary: cheater identification and robustness,” in Proceedings of the International Conference on Information Security Practice and Experience, pp. 578–594, Springer, Melbourne, Australia, 2018.
View at: Google Scholar
L. Harn and M. Fuyou, “Multilevel threshold secret sharing based on the Chinese remainder theorem,” Information Processing Letters, vol. 114, no. 9, pp. 504–509, 2014.
View at: Publisher Site | Google Scholar
C. Lin, L. Harn, and D. Ye, “Ideal perfect multilevel threshold secret sharing scheme,” in Proceedings of the 2009. IAS’09. Fifth International Conference, pp. 118–121, IEEE, 2009.
View at: Google Scholar
O. Farras, J. Martí-Farré, and C. Padró, “Ideal multipartite secret sharing schemes,” in Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 448–465, Springer, Barcelona, Spain, 2007.
View at: Google Scholar
T. Tassa and N. Dyn, “Multipartite secret sharing by bivariate interpolation,” Journal of Cryptology, vol. 22, no. 2, pp. 227–258, 2009.
View at: Publisher Site | Google Scholar
C.-F. Hsu and L. Harn, “Multipartite secret sharing based on crt,” Wireless Personal Communications, vol. 78, no. 1, pp. 271–282, 2014.
View at: Publisher Site | Google Scholar
C.-P. Lai and C. Ding, “Several generalizations of shamir's secret sharing scheme,” International Journal of Foundations of Computer Science, vol. 15, no. 02, pp. 445–458, 2004.
View at: Publisher Site | Google Scholar
Y. Liu and Q. Zhao, “E-voting scheme using secret sharing and k-anonymity,” World Wide Web, vol. 22, no. 4, pp. 1657–1667, 2019.
View at: Publisher Site | Google Scholar
M. Mignotte, “How to share a secret,” in Proceedings of the Workshop on Cryptography, pp. 371–375, Springer, Burg Feuerstein, Germany, 1982.
View at: Google Scholar
C. Asmuth and J. Bloom, “A modular approach to key safeguarding,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 208–210, 1983.
View at: Publisher Site | Google Scholar
A. N. Tentu, V. C. Venkaiah, and V. K. Prasad, “Crt based multi-secret sharing schemes: revisited,” International Journal of Security and Networks, vol. 13, no. 1, pp. 1–9, 2018.
View at: Publisher Site | Google Scholar
Y. Ning, F. Miao, W. Huang, K. Meng, Y. Xiong, and X. Wang, “Constructing ideal secret sharing schemes based on Chinese remainder theorem,” in Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, pp. 310–331, Springer, Brisbane, Australia, 2018.
View at: Google Scholar
H. Cohen, A Course In Computational Algebraic Number Theory, Springer Science & Business Media, 2013.
A. K. Lenstra, H. W. Lenstra, and L. Lovász, “Factoring polynomials with rational coefficients,” Mathematische Annalen, vol. 261, no. 4, pp. 515–534, 1982.
View at: Publisher Site | Google Scholar
M. Van Dijk, “On the information rate of perfect secret sharing schemes,” Designs, Codes and Cryptography, vol. 6, no. 2, pp. 143–169, 1995.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Fuyou Miao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

413

Downloads

594

Citations