论文部分内容阅读
In a traditional (t,n)-threshold secret sharing scheme,t or more honest participants can reconstruct the secret K.In the reconstruction process,the individual shares and the secret key K are revealed,hence K is shared once only.In this paper,we firstly give the definition of leakproof secret sharing scheme which is composed of a distribution protocol and a proof protocol,then propose two leakproof secret sharing protocols,a computationally secure protocol and an information-theoretically secure protocol.In our protocols,t or more participants can jointly prove that they hold the secret K by using a multi-prover zero-knowledge argument of knowledge.As a result,the secret K will be shared for as many times as desired.Furthermore,each participant can detect the dealer in the distribution protocol from cheating,and any verifier can prevent non-qualified set of participants in proof protocol from cheating.As an example of the practical impact of our work we use our techniques to construct group identification schemes with zero-knowledge.
In a traditional (t, n) -threshold secret sharing scheme, t or more honest participants can reconstruct the secret K. In the reconstruction process, the individual shares and the secret key K are revealed, hence K is shared once only. This paper, we first give the definition of leakproof secret sharing scheme which is composed of a distribution protocol and a proof protocol, then propose two leakproof secret sharing protocols, a computationally secure protocol and an information-theoretically secure protocol.In our protocols, t or more participants can jointly prove that they hold the secret K by using a multi-prover zero-knowledge argument of knowledge. As a result, the secret K will be shared for as many times as desired. Stillrther, each participant can detect the dealer in the distribution protocol from cheating, and any verifier can prevent non-qualified set of participants in proof protocol from cheating. As an example of the practical impact of our work we use our techniques to construct g roup identification schemes with zero-knowledge.