On secret sharing systems

A "secret sharing system" permits a secret to be shared among n trustees in such a way that any k of them can recover the secret, but any k-1 have complete uncertainty about it. A linear coding scheme for secret sharing is exhibited which subsumes the polynomial interpolation method proposed by Shamir and can also be viewed as a deterministic version of Blakley's probabilistic method. Bounds on the maximum value of n for a given k and secret size are derived for any system, linear or nonlinear. The proposed scheme achieves the lower bound which, for practical purposes, differs insignificantly from the upper bound. The scheme may be extended to protect several secrets. Methods to protect against deliberate tampering by any of the trustees are also presented.

[1]  Martin E. Hellman,et al.  A note on Wyner's wiretap channel (Corresp.) , 1977, IEEE Trans. Inf. Theory.

[2]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[3]  Decision Systems.,et al.  A recoverable protocol for loop-free distributed routing , 1978 .

[4]  Richard C. Singleton,et al.  Maximum distance q -nary codes , 1964, IEEE Trans. Inf. Theory.

[5]  Robert J. McEliece,et al.  The Theory of Information and Coding , 1979 .

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Adrian Segall,et al.  Distributed network protocols , 1983, IEEE Trans. Inf. Theory.

[8]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[9]  Adi Shamir,et al.  How to share a secret , 1979, CACM.