Abstract
We propose a generalized secret sharing scheme based on NMDS codes. The proposed scheme is efficient and the computational complexity for setup and reconstruction phase is only \(O(n^3)\), where n is the number of participants. The scheme admits an access structure based on two mutually exclusive sets of participant combinations of sizes t and \(t-1\) respectively. The parameter t for the access structure is independent of the field size. The proposed scheme is ideal and perfect and has desirable security features of cheating detection and cheater identification. We also provide a cryptanalysis of the \((t+1, n)\) threshold secret sharing scheme based on NMDS codes proposed inĀ [12]. We show that their scheme is insecure and that there always exists a set of m participants, where \(m <t+1\), which can reconstruct the secret.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27ā35. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_3
George Robert Blakley: Safeguarding cryptographic keys. In: AFIPS, pp. 313ā317 (1979)
Dodunekov, S., Landgev, I.: On Near-MDS codes. J. Geom. 54(1), 30ā43 (1995)
Dodunekov, S.M., Landjev, I.N.: Near-MDS codes over some small fields. Discrete Math. 213(1ā3), 55ā65 (2000)
Harn, L., Lin, C.: Detection and identification of cheaters in \((t, n)\) secret sharing scheme. Des. Codes Crypt. 52(1), 15ā24 (2009)
Huffman, W.C., Pless, V.: Fundamentals of Error-Correcting Codes. Cambridge University Press, New York (2010)
Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. Electron. Commun. Jpn. (Part III: Fundam. Electron. Sci.) 72(9), 56ā64 (1989)
Karchmer, M., Wigderson, A.: On span programs. In: Structure in Complexity Theory Conference, pp. 102ā111. IEEE Computer Society (1993)
Li, C., Wang, Q.: Design of lightweight linear diffusion layers from Near-MDS matrices. IACR Trans. Symmetric Cryptol. 2017(1), 129ā155 (2017)
Pieprzyk, J., Zhang, X.-M.: Ideal threshold schemes from MDS codes. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 253ā263. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36552-4_18
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612ā613 (1979)
Zhou, Y., Wang, F., Xin, Y., Luo, S., Qing, S., Yang, Y.: A secret sharing scheme based on Near-MDS codes. In: NIDC, pp. 833ā836. IEEE (2009)
Acknowledgements
This work has been partially supported by DST-FIST Level-1 Program, Grant No. SR/FST/MSI-092/2013. The authors would like to thank Department of Mathematics, BITS Goa, R. C. Bose Centre for Cryptology and Security, ISI Kolkata, and Indian Institute of Technology, Jammu, for their support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A An Instantiation of the Proposed Scheme
A An Instantiation of the Proposed Scheme
Consider the following NMDS matrix \(G\) having elements over \(\mathbb {F}_5\), as mentioned inĀ [4].
If we denote the i-th row by \(\mathbf {r}_{i-1}\), and the chosen vector by \((\alpha _0, \alpha _1, \dots , \alpha _{k-1})\), then the codeword formed is of the form \(\alpha _0\mathbf {r}_0 + \alpha _1\mathbf {r}_1 + \dots + \alpha _{k-1}\mathbf {r}_{k-1}\). Therefore, the codeword c formed from the matrix \(G\) is
Hence, the first element of the codeword, that is, \(\alpha _0\) forms the secret while the rest of the elements become the shares for the participants.
1.1 A.1 Secret Reconstruction
Now any 5 participants from Group I or any 6 participants from Group II or more can find the secret.
-
1. 5 participants: \({P}_1, {P}_2, {P}_3, {P}_4\) and \({P}_6\). The pooled codeword \(\mathsf {pcw}\) is \((\alpha _1, \alpha _2, \alpha _3, \alpha _4, \alpha _0+4\alpha _1+\alpha _2+2\alpha _3+4\alpha _4)\) and the corresponding submatrix \(G^\prime \) is:
$$ G^\prime = \left[ \begin{array}{@{}*{6}{@{~}c@{~}}@{}} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1\\ 1 &{} 0 &{} 0 &{} 0 &{} 4 &{} 0\\ 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0\\ 0 &{} 0 &{} 1 &{} 0 &{} 2 &{} 0\\ 0 &{} 0 &{} 0 &{} 1 &{} 4 &{} 0\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 \end{array} \right] \,.$$After elementary row operations,
$$ (G^\prime )^\prime = \left[ \begin{array}{@{}*{6}{@{~}c@{~}}@{}} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 1\\ 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 4\\ 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 3\\ 0 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1\\ 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 \end{array} \right] \implies \mathbf {g}_{0G}^\prime = \left[ \begin{array}{@{}*{1}{@{~}c@{~}}@{}} 1\\ 4\\ 3\\ 1\\ 1\\ 0\end{array} \right] \,.$$Then
$$\begin{aligned} \mathsf {pcw}\cdot \mathbf {g}_{0G}&= \alpha _1 + 4\alpha _2 + 3\alpha _3 + \alpha _4 + (\alpha _0+4\alpha _1+\alpha _2+2\alpha _3+4\alpha _4)\\&= \alpha _0 + 5\alpha _1 + 5\alpha _2 + 5\alpha _3 + 5\alpha _4\\&= \alpha _0 \mod 5\,. \end{aligned}$$Hence the secret \(s_0 = \alpha _0\) is recovered correctly.
-
2. 6 participants: \({P}_1, {P}_2, {P}_3, {P}_4, {P}_5\) and \({P}_7\). The pooled codeword \(\mathsf {pcw}\) is \((\alpha _1, \alpha _2, \alpha _3, \alpha _4, \alpha _5, \alpha _0+2\alpha _1+3\alpha _2+4\alpha _3+\alpha _4+\alpha _5)\) and the corresponding submatrix \(G^\prime \) is:
$$ G^\prime = \left[ \begin{array}{@{}*{7}{@{~}c@{~}}@{}} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1\\ 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 2 &{} 0\\ 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 3 &{} 0\\ 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 4 &{} 0\\ 0 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0\\ 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1 &{} 0 \end{array} \right] \,.$$After elementary row operations:
$$ (G^\prime )^\prime = \left[ \begin{array}{@{}*{7}{@{~}c@{~}}@{}} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 3\\ 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 2\\ 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 1\\ 0 &{} 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 4\\ 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 0 &{} 4\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1 \end{array} \right] \implies \mathbf {g}_{0G}^\prime = \left[ \begin{array}{@{}*{1}{@{~}c@{~}}@{}} 3\\ 2\\ 1\\ 4\\ 4\\ 1\end{array} \right] \,.$$Then
$$\begin{aligned} \mathsf {pcw}\cdot \mathbf {g}_{0G}&= 3\alpha _1 + 2\alpha _2 + \alpha _3 + 4\alpha _4 + 4\alpha _5 + \alpha _0 + (2\alpha _1+3\alpha _2+4\alpha _3+\alpha _4+\alpha _5)\\&= \alpha _0 + 5\alpha _1 + 5\alpha _2 + 5\alpha _3 + 5\alpha _4 + 5\alpha _5\\&= \alpha _0 \mod 5\,. \end{aligned}$$Hence the secret \(s_0 = \alpha _0\) is recovered correctly.
-
3. 7 or more participants: \({P}_4, {P}_5, {P}_6, {P}_7, {P}_8, {P}_9, {P}_{10}\) and \({P}_{11}\). The pooled codeword is
$$\begin{aligned} \mathsf {pcw}= (&\alpha _4, \alpha _5,\\ {}&\alpha _0+4\alpha _1+\alpha _2+2\alpha _3+4\alpha _4,\\ {}&\alpha _0+2\alpha _1+3\alpha _2+4\alpha _3+\alpha _4+\alpha _5,\\ {}&\alpha _0+\alpha _2+4\alpha _3+2\alpha _4+4\alpha _5,\\ {}&\alpha _0+3\alpha _1+3\alpha _3+\alpha _4+2\alpha _5,\\ {}&\alpha _0+\alpha _1+2\alpha _2+3\alpha _3+3\alpha _4+4\alpha _5,\\ {}&\alpha _0+2\alpha _1+2\alpha _2+2\alpha _3+2\alpha _4+2\alpha _5) \end{aligned}$$and the corresponding submatrix \(G^\prime \) is:
$$ \left[ \begin{array}{@{}*{9}{@{~}c@{~}}@{}} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1\\ 0 &{} 0 &{} 4 &{} 2 &{} 0 &{} 3 &{} 1 &{} 2 &{} 0\\ 0 &{} 0 &{} 1 &{} 3 &{} 1 &{} 0 &{} 2 &{} 2 &{} 0\\ 0 &{} 0 &{} 2 &{} 4 &{} 4 &{} 3 &{} 3 &{} 2 &{} 0\\ 1 &{} 0 &{} 4 &{} 1 &{} 2 &{} 1 &{} 3 &{} 2 &{} 0\\ 0 &{} 1 &{} 0 &{} 1 &{} 4 &{} 2 &{} 4 &{} 2 &{} 0 \end{array} \right] \,.$$After elementary row operations:
$$ (G^\prime )^\prime = \left[ \begin{array}{@{}*{9}{@{~}c@{~}}@{}} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 3 &{} 1 &{} 1\\ 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 0 &{} 2 &{} 0 &{} 1\\ 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 1 &{} 3 &{} 0\\ 0 &{} 0 &{} 0 &{} 1 &{} 0 &{} 0 &{} 0 &{} 1 &{} 4\\ 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 3\\ 0 &{} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 4 &{} 1 &{} 4 \end{array} \right] \implies \mathbf {g}_{0G}^\prime = \left[ \begin{array}{@{}*{1}{@{~}c@{~}}@{}} 1\\ 1\\ 0\\ 4\\ 3\\ 4\end{array} \right] \,.$$Then
$$\begin{aligned} \mathsf {pcw}\cdot \mathbf {g}_{0G}&= (\alpha _4) + (\alpha _5) + (4\alpha _0+3\alpha _1+2\alpha _2 +\alpha _3+4\alpha _4+4\alpha _5)\\&\quad + (3\alpha _0+3\alpha _2 +2\alpha _3+\alpha _4+2\alpha _5) + (4\alpha _0+2\alpha _1 +2\alpha _3+4\alpha _4+3\alpha _5) \\&= 11\alpha _0 + 5\alpha _1 + 5\alpha _2 + 5\alpha _3 + 10\alpha _4 + 10\alpha _5\\&= \alpha _0 \mod 5\,. \end{aligned}$$Hence the secret \(s_0 = \alpha _0\) is recovered correctly.
Hence in every case, the secret \(s_0\) is recovered correctly.
Rights and permissions
Copyright information
Ā© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Mehta, S., Saraswat, V., Sen, S. (2019). Secret Sharing Using Near-MDS Codes. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-16458-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16457-7
Online ISBN: 978-3-030-16458-4
eBook Packages: Computer ScienceComputer Science (R0)