PVSS stands for publicly verifiable secret sharing. In PVSS, a dealer shares a secret among multiple share holders. He encrypts the shares using the shareholders` encryption algorithms and publicly proves that the encrypted shares are valid. Most of the existing PVSS schemes do not employ an ElGamal encryption to encrypt the shares. Instead, they usually employ other encryption algorithms like a RSA encryption and Paillier encryption. Those encryption algorithms do not support the shareholders` encryption algorithms to employ the same decryption modulus. As a result, PVSS based on those encryption algorithms must employ additional range proofs to guarantee the validity of the shares obtained by the shareholders. Although the shareholders can employ ElGamal encryptions with the same decryption modulus in PVSS such that the range proof can be avoided, there are only two PVSS schemes based on ElGamal encryption. Moreover, the two schemes have their drawbacks. One of them employs a costly repeating-proof mechanism, which needs to repeat the dealer`s proof at least scores of times to achieve satisfactory soundness. The other requires that the dealer must know the discrete logarithm of the secret to share and thus weakens the generality and it cannot be employed in many applications. A new PVSS scheme based on an ElGamal encryption is proposed in this paper. It employs the same decryption modulus for all the shareholders` ElGamal encryption algorithms, so it does not need any range proof. Moreover, it is a general PVSS technique without any special limitation. Finally, an encryption-improving technique is proposed to achieve very high efficiency in the new PVSS scheme. It only needs a number of exponentiations in large cyclic groups that are linear in the number of the shareholders, while all the existing PVSS schemes need at least a number of exponentiations in large cyclic groups that are linear in the square of the number of the shareholders.
[1]
Markus Stadler,et al.
Publicly Verifiable Secret Sharing
,
1996,
EUROCRYPT.
[2]
Dan Boneh,et al.
Fast Variants of RSA
,
2007
.
[3]
Kun Peng,et al.
Efficient Publicly Verifiable Secret Sharing with Correctness, Soundness and ZK Privacy
,
2009,
WISA.
[4]
Adi Shamir,et al.
How to share a secret
,
1979,
CACM.
[5]
David Chaum,et al.
Wallet Databases with Observers
,
1992,
CRYPTO.
[6]
Paul Feldman,et al.
A practical scheme for non-interactive verifiable secret sharing
,
1987,
28th Annual Symposium on Foundations of Computer Science (sfcs 1987).
[7]
Tatsuaki Okamoto,et al.
A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications
,
1998,
EUROCRYPT.
[8]
Fabrice Boudot,et al.
Efficient Proofs that a Committed Number Lies in an Interval
,
2000,
EUROCRYPT.
[9]
Claus-Peter Schnorr,et al.
Efficient signature generation by smart cards
,
2004,
Journal of Cryptology.
[10]
Don Coppersmith,et al.
Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities
,
1997,
Journal of Cryptology.
[11]
Berry Schoenmakers,et al.
A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic
,
1999,
CRYPTO.
[12]
Jacques Traoré,et al.
Efficient Publicly Verifiable Secret Sharing Schemes with Fast or Delayed Recovery
,
1999,
ICICS.