Secret Sharing with Cheaters Using Multi-Receiver Authentication

Abstract

We introduce two cheater identifiable secret sharing (CISS) schemes with efficient reconstruction, tolerating t<k/2 cheaters and one robust secret sharing scheme (RSS). Our constructions, which provide public cheater identification, feature a novel application of multi-receiver authentication codes to ensure integrity of shares. The first CISS scheme, which tolerates rushing cheaters, has the share size |S|(n-t)^n+t+2/ε^n+t+2 in the general case, that can be ultimately reduced to |S|(k-t)^k+t+2/ε^k+t+2 assuming that all the t cheaters are among the k reconstructing players. The second CISS scheme, which tolerates non-rushing cheaters, has the share size |S|(n-t)^2t+2/ε^2t+2. These two constructions have the smallest share size among the existing CISS schemes of the same category, when the secret is a single field element. Finally, we use the tool of multi-receiver authentication to construct a robust secret sharing scheme, which updates the start-of-art against rushing adversary by reducing the share overhead by slightly more than one half. In addition, we point out that an improvement in the share size to |S|/ε^{n-⌊(k-1)/3⌋+1} can be achieved for a CISS tolerating t<k/3 rushing cheaters presented by Xu et al. at IWSEC 2013.