Verifiable encryption is a primitive that can be used to build extremely efficient fair exchange protocols where the items exchanged represent digital signatures. Such protocols may be used to digitally sign contracts on the Internet. This paper presents an efficient protocol for verifiable encryption of digital signatures that improves the security and efficiency of the verifiable encryption s...

We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that no t of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed i...

The proposed approach works for any underlying secret sharing scheme. It is based on the concept of verification sets of participants, related to authorized set of participants. The participants interact (no third party involved) in order to check validity of their shares before they are pooled for secret recovery. Verification efficiency does not depend on the number of faulty participants.

In this paper, we investigate how to achieve verifiable secret sharing (VSS) schemes by using the Chinese Remainder Theorem (CRT). We first show that two schemes proposed earlier are not secure from an attack where the dealer is able to distribute inconsistent shares to the users. Then we propose a new VSS scheme based on the CRT and prove its security. Using the proposed VSS scheme, we develop...

Inthispaper,wepropose twosecureverifiablemulti-secret sharingschemes thatarebasedonnon-homogeneous linearrecursionsandelliptic curvesoverZN .Suchschemeshavesimpleconstructionandverificationphases.Moreover thesehavevarious techniques for the reconstruction phase. The security of the proposed schemes is based on the security of the ECRSA cryptosystem and the intractability of the ECDLP. 2007 Else...

We present a stronger notion of veriiable secret sharing and exhibit a protocol implementing it. We show that our new notion is preferable to the old ones whenever veriiable secret sharing is used as a tool within larger protocols, rather than being a goal in itself.

Verifiable secret sharing (VSS) schemes [1–3] rely on the assumption that parties can not reliably fabricate false secret shares which pass the verification process. Here, we show that, for certain VSS implementations that use verification commitments bounded to a finite field, this assumption is incorrect. Let there be n shares of a secret and a threshold of t secret shares required to get the...

In many pairing-based cryptosystems, the secret keys are elements of bilinear groups. For safeguarding such secret keys or decrypting or signing in a threshold manner, Verifiable Secret Sharing (VSS) in bilinear groups is required. In this paper, we show a method of verifiably sharing a random secret in a bilinear group. Our method is simple and practical. It can be regarded as a generalisation...

Assume n participants P 1,P 2, . . . , Pn share the knowledge of a multivariable function F and that they want to publicly compute z =F (x1,x2, . . . , xn ), where xi is a secret input provided by Pi . The difficulty is to simultaneously provide the secrecy of each xi and to guarantee the correctness of the common result z . Such a task has been accomplished in [GMW] under the assumption that t...

We continue our discussion of Verifiable Secret Sharing, giving two instantiations of the general schema from the last lecture. First, using Commit(x) = g: Feldman VSS, which leaks nothing but g and is perfect binding. Second, using Perdersen’s commitment Commit(x; r) = gh: Pedersen VSS. Next, we turn to the problem of adaptive security. We describe an adaptively secure Feldman VSS using trapdo...