Journal of Systems Science and Complexity

, Volume 24, Issue 1, pp 186–194 | Cite as

A pairing-based publicly verifiable secret sharing scheme



A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the special property that anyone is able to verify the shares whether they are correctly distributed by a dealer. PVSS plays an important role in many applications such as electronic voting, payment systems with revocable anonymity, and key escrow. Up to now, all PVSS schemes are based on the traditional public-key systems. Recently, the pairing-based cryptography has received much attention from cryptographic researchers. Many pairing-based schemes and protocols have been proposed. However, no PVSS scheme using bilinear pairings is proposed. This paper presents the first pairing-based PVSS scheme. In the random oracle model and under the bilinear Diffie-Hellman assumption, the authors prove that the proposed scheme is a secure PVSS scheme.

Key words

Bilinear pairing cryptography random oracle model secret sharing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    A. Shamir, How to share a secret, Communications of the ACM, 1979, 22(11): 612–613.MATHCrossRefMathSciNetGoogle Scholar
  2. [2]
    G. R. Blakey, Safeguarding cryptographic keys, AFIPS National Computer Conference, 1979: 313–317.Google Scholar
  3. [3]
    P. Feldman, A practical scheme for non-interactive verifiable secret sharing, 28th Annual Symposium on Foundations of Computer Science, 1987: 427–437.Google Scholar
  4. [4]
    M. Stadler, Public verifiable secret sharing, EUROCRYPT, LNCS, 1996, 1070: 190–199.Google Scholar
  5. [5]
    J. Cohen and M. Fischer, A robust and verifiable cryptographically secure election scheme, 26th Annual Symposium on Foundations of Computer Science, 1985: 372–382.Google Scholar
  6. [6]
    J. Benaloh and M. Yung, Distributing the power of a government to enhance the privacy of voters, 5th annual ACM symposium on Principles of Distributed Computing, 1986: 52–62.Google Scholar
  7. [7]
    J. Benaloh, Verifiable secret-ballot elections, PhD Thesis, Yale University, 1987.Google Scholar
  8. [8]
    S. Micali, Fair cryptosystems, Technical Report TR-579.b, MIT, 1993.Google Scholar
  9. [9]
    E. Brickell, P. Gemmell, and D. Kravitz, Trustee-based tracing extensions to anonymous cash and the making of anonymous change, 6th Annual ACM-SIAM Symposium on Discrete Algorithms, San Francisco, 1995: 457–466.Google Scholar
  10. [10]
    M. Stadler, J. M. Piveteau, and J. Camenisch, Fair blind signatures, EUROCRYPT, LNCS, 1995, 921: 209–219.Google Scholar
  11. [11]
    M. Jakobsson and M. Yung, Revkcable and versatile electronic money, 3rd ACM Conference on Computer and Communications Security, New Delhi, 1996: 76–87.Google Scholar
  12. [12]
    J. Camenisch, J. M. Piveteau, and M. Stadler, An efficient fair payment system, 3rd ACM Conference on Computer and Communications Security, New Delhi, 1996: 88–94.Google Scholar
  13. [13]
    B. Schoenmakers, A simple publicly verifiable secret sharing scheme and its application to electronic voting, CRYPTO, LNCS, 1999, 1666: 148–164.MathSciNetGoogle Scholar
  14. [14]
    H. Y. Chien, J. K. Jan, and Y. M. Tseng, A practical (t, n) multi-secret sharing scheme, IEICE Trans. on Fundamentals of Electronics, Communications of Computer Sciences, 2000, E83-A(12): 2762–2765.Google Scholar
  15. [15]
    H. Y. Chien, J. K. Jan, and Y. M. Tseng, An unified approach to secret sharing schemes with low distribution cost, Journal of the Chinese Institute of Engineers, 2002, 25(6): 723–733.Google Scholar
  16. [16]
    T. P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, CRYPTO, LNCS, 1991, 576: 129–140.Google Scholar
  17. [17]
    E. Fujisaki and T. Okamoto, A practical and provably secure scheme for publicly verifiable secret sharing and its applications, EUROCRYPT, LNCS, 1998, 1403: 72–84.MathSciNetGoogle Scholar
  18. [18]
    J. Yu, F. Kong, and R. Hao, Publicly verifiable secret sharing with enrollment ability, 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, Qingdao, 2007: 194–199.Google Scholar
  19. [19]
    A. Menezes, T. Okamoto, and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Trans. Info. Theory, 1993, 39: 1639–1646.MATHCrossRefMathSciNetGoogle Scholar
  20. [20]
    P. S. L. M. Barreto, H. Y. Kim, B. Lynn, and M. Scott, Efficient algorithms for pairing-based cryptosystems, CRYPTO, LNCS, 2002, 2442: 354–369.MathSciNetGoogle Scholar
  21. [21]
    A. Joux, A one round protocol for tripartite Diffie-Hellman, ANTS, LNCS, 2000, 1838: 385–394.MathSciNetGoogle Scholar
  22. [22]
    D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, CRYPTO, LNCS, 2001, 2139: 213–229.MathSciNetGoogle Scholar
  23. [23]
    D. Boneh and M. Franklin, Identity-based encryption from theWeil pairing, SIAM J. of Computing, 2003, 32(3): 586–615.MATHCrossRefMathSciNetGoogle Scholar
  24. [24]
    D. Boneh, B. Lynn, and H. Shacham, Short signature from the Weil pairing, ASIACRYPT, LNCS, 2001, 2248: 514–532.MathSciNetGoogle Scholar
  25. [25]
    S. D. Galbraith, Supersingular curves in cryptography, ASIACRYPT, LNCS, 2001, 2248: 495–513.MathSciNetGoogle Scholar
  26. [26]
    K. Rubin and A. Silverberg, Supersingular abelian varieties in cryptology, CRYPTO, LNCS, 2002, 2442: 336–353.MathSciNetGoogle Scholar
  27. [27]
    K. Paterson, ID-based signatures from pairings on elliptic curves, Electronics Letters, 2002, 38(18): 1025–1026.CrossRefGoogle Scholar
  28. [28]
    J. C. Cha and J. H. Cheon, An identity-based signature from gap Diffie-Hellman groups, PKC, LNCS, 2003, 2567: 18–30.MathSciNetGoogle Scholar
  29. [29]
    Y. M. Tseng, T. Y. Wu, and J. D. Wu, Forgery attacks on an ID-based partially blind signature scheme, International Journal of Computer Science, 2008, 35(3): 301–304.Google Scholar
  30. [30]
    H. J. Yoon, J. H. Cheon, and Y. Kim, Batch verifications with ID-based signatures, ICISC, LNCS, 2004, 3506: 233–248.MathSciNetGoogle Scholar
  31. [31]
    S. Cui, P. Duan, and C. W. Chan, An efficient identity-based signature scheme with batch verifications, 1st International Conference on Scalable Information Systems, ACM International Conference Proceeding Series, 2006, 152: 22.Google Scholar
  32. [32]
    P. S. L. M. Barreto, B. Libert, N. McCullagh, and J. J. Quisquater, Efficient and provably-secure identity-based signatures and signcryption from bilinear maps, ASIACRYPT, LNCS, 2005, 3788: 515–532.MathSciNetGoogle Scholar
  33. [33]
    L. Chen, Z. Cheng, and N. Smart, Identity-based key agreement protocols from pairings, International Journal of Information Security, 2007, 6(4): 213–241.CrossRefGoogle Scholar
  34. [34]
    K. Y. Choi, J. Y. Hwang, and D. H. Lee, Efficient ID-based group key agreement with bilinear maps, PKC, LNCS, 2004, 2947: 130–144.MathSciNetGoogle Scholar
  35. [35]
    N. P. Smart, An identity based authenticated key agreement protocol based on the Weil pairing, Electronics Letters, 2002, 38(13): 630–632.MATHCrossRefGoogle Scholar
  36. [36]
    K. Shim, Efficient ID-based authenticated key agreement protocol based on the Weil pairing, Electronics Letters, 2003, 39(8): 653–654.CrossRefGoogle Scholar
  37. [37]
    Y. J. Choie, E. Jeong, and E. Lee, Efficient identity-based authenticated key agreement protocol from pairings, Applied Mathematics and Computation, 2005, 162(1): 179–188.MATHCrossRefMathSciNetGoogle Scholar
  38. [38]
    Y. M. Tseng, T. Y. Wu, and J. D. Wu, A pairing-based user authentication scheme for wireless clients with smart cards, Informatica, 2008, 19(2): 285–302.Google Scholar
  39. [39]
    L. Chen and J. Malone-Lee, Improved identity-based signcryption, PKC, LNCS, 2005, 3386: 362–379.MathSciNetGoogle Scholar
  40. [40]
    M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, 1st ACM Conference on Computer and Communications Security, Chicago, 1993: 62–73.Google Scholar
  41. [41]
    R. Canetti, O. Goldreich, and S. Halevi, The random oracle methodology, revisited, JACM, 2004, 51(4): 557–594.MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Institute of Systems Science, Academy of Mathematics and Systems Science, CAS and Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.Department of MathematicsNational Changhua University of EducationChang-HuaTaiwan

Personalised recommendations