Gruppen secret sharing or how to share several secrets if you must?

Each member of an n-person team has a secret, say a password. The k out of n gruppen secret sharing requires that any group of k members should be able to recover the secrets of the other n − k members, while any group of k − 1 or less members should have no information on the secret of other team member even if other secrets leak out. We prove that when all secrets are chosen independently and have size s, then each team member must have a share of size at least (n − k)s, and we present a scheme which achieves this bound when s is large enough. This result shows a significant saving over n independent applications of Shamir’s k out of n − 1 threshold schemes which assigns shares of size (n − 1)s to each team member independently of k.We also show how to set up such a scheme without any trusted dealer, and how the secrets can be recovered, possibly multiple times, without leaking information. We also discuss how our scheme fits to the much-investigated multiple secret sharing methods.

[1]  Barbara Masucci,et al.  Randomness in Multi-Secret Sharing Schemes , 1999, J. Univers. Comput. Sci..

[2]  Carles Padró,et al.  Linear threshold multisecret sharing schemes , 2012, Inf. Process. Lett..

[3]  Giovanni Di Crescenzo,et al.  Multi-Secret Sharing Schemes , 1994, CRYPTO.

[4]  Rong Zhao,et al.  A practical verifiable multi-secret sharing scheme , 2007, Comput. Stand. Interfaces.

[5]  Y. Yeh,et al.  Dynamic Multi-Secret Sharing Scheme , 2008 .

[6]  Alfredo De Santis,et al.  On the Size of Shares for Secret Sharing Schemes , 1991, CRYPTO.

[7]  Avishek Adhikari,et al.  An efficient multi-use multi-secret sharing scheme based on hash function , 2010, Appl. Math. Lett..

[8]  Keith M. Martin,et al.  Multisecret Threshold Schemes , 1994, CRYPTO.

[9]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[10]  László Csirmaz Secret sharing schemes on graphs , 2005, IACR Cryptol. ePrint Arch..