Bivariate polynomial-based secret sharing schemes with secure secret reconstruction

Abstract

A (t,n)-threshold scheme with secure secret reconstruction, or a (t,n)-SSR scheme for short, is a (t,n)-threshold scheme against the outside adversary who has no valid share, but can impersonate a participant to take part in the secret reconstruction phase. We point out that previous bivariate polynomial-based (t,n)-SSR schemes, such as those of Harn et al. (Information Sciences 2020), are insecure, which is because the outside adversary may obtain the secret by solving a system of [Formula presented] linear equations. We revise Harn et al. scheme and get a secure (t,n)-SSR scheme based on a symmetric bivariate polynomial for the first time, where t⩽n⩽2t-1. To increase the range of n for a given t, we construct a secure (t,n)-SSR scheme based on an asymmetric bivariate polynomial for the first time, where n⩾t. We find that the share sizes of our schemes are the same or almost the same as other existing insecure (t,n)-SSR schemes based on bivariate polynomials. Moreover, our asymmetric bivariate polynomial-based (t,n)-SSR scheme is more easy to be constructed compared to the Chinese Remainder Theorem-based (t,n)-SSR scheme with the stringent condition on moduli, and their share sizes are almost the same.