Advertisement

Publicly Verifiable Secret Sharing

  • Markus Stadler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1070)

Abstract

A secret sharing scheme allows to share a secret among sev- eral participants such that only certain groups of them can recover it. Verifiable secret sharing has been proposed to achieve security against cheating participants. Its first realization had the special property that everybody, not only the participants, can verify that the shares are cor- rectly distributed. We will call such schemes publicly verifiable secret sharing schemes, we discuss new applications to escrow cryptosystems and to payment systems with revocable anonymity, and we present two new realizations based on ElGamal’s cryptosystem.

Keywords

Signature Scheme Secret Sharing Access Structure Discrete Logarithm Secret Sharing Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for noncryptographic fault-tolerant distributed computation. In 20th Annual Symposium on the Theory of Computing (STOC), pages 1–10, 1988.Google Scholar
  2. 2.
    B. Blakley. Safeguarding cryptographic keys. In Proceedings of the National Computer Conference 1979, volume 48 of American Federation of Information Processing Societies Proceedings, pages 313–317, 1979.Google Scholar
  3. 3.
    S Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI, Amsterdam, 1993.Google Scholar
  4. 4.
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37(2):156–189, Oct. 1988.CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    E. Brickell, P. Gemmell, and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms, pages 457–466. ACM, 1995.Google Scholar
  6. 6.
    J. Camenisch, J.-M. Piveteau, and M. Stadler. An Efficient Fair Payment System. To appear in Proc. 3rd ACM Conference on Computer and Communications Security, 1996.Google Scholar
  7. 7.
    B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch. Verifiable secret sharing and achieving simultaneity in the presence of faults. In Proceedings of the 26th IEEE Symposium on the Foundations of Computer Science (FOCS), pages 383–395, 1985.Google Scholar
  8. 8.
    W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, November 1976.CrossRefMathSciNetGoogle Scholar
  9. 9.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.CrossRefMathSciNetGoogle Scholar
  10. 10.
    U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1:77–94, 1988.CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th IEEE Symposium on Foundations of Computer Science (FOCS), pages 427–437, 1987.Google Scholar
  12. 12.
    A. Fiat and A. Shamir. How to prove yourself: Practical solution to identification and signature problems. In Advances in Cryptology — CRYPTO’ 86, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer-Verlag, 1987.Google Scholar
  13. 13.
    S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. In Proc. 17th ACM Symposium on Theory of Computing (STOC), pages 291–304, 1985.Google Scholar
  14. 14.
    L. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In Advances in Cryptology — EUROCRYPT’ 88, volume 330 of Lecture Notes in Computer Science, pages 123–128. Springer-Verlag, 1988.CrossRefGoogle Scholar
  15. 15.
    M. Jakobsson and M. Yung. Revokable and Versatile Electronic Money. To appear in Proc. 3rd ACM Conference on Computer and Communications Security, 1996.Google Scholar
  16. 16.
    S. Micali. Fair cryptosystems. Technical Report TR-579.b, MIT, November 1993.Google Scholar
  17. 17.
    NIST. Clipper chip technology, 30 April 1993.Google Scholar
  18. 18.
    T. Pedersen. Distributed provers with applications to undeniable signatures. In Advances in Cryptology — EUROCRYPT’ 91, volume 547 of Lecture Notes in Computer Science, pages 221–242. Springer-Verlag, 1992.Google Scholar
  19. 19.
    C. Schnorr. Efficient identification and signature for smart cards. In Advances in Cryptology — CRYPTO’ 89, volume 435 of Lecture Notes in Computer Science, pages 239–252. Springer-Verlag, 1990.Google Scholar
  20. 20.
    A. Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    M. Stadler, J.-M. Piveteau, and J. Camenisch. Fair blind signatures. In Advances in Cryptology — EUROCRYPT’ 95, volume 921 of Lecture Notes in Computer Science, pages 209–219. Springer-Verlag, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Markus Stadler
    • 1
  1. 1.Institute for Theoretical Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations