Collusion-Resistant Threshold Decryption

S. Eskeland and V. Oleshchuk (Norway)


Cryptographic protocols


Most (t, n) threshold-oriented cryptosystems incorpo rate the polynomial-based (t, n) threshold secret sharing scheme of Shamir. This makes them vulnerable to the col lusion problem which imposes two security problems: 1) A set of t colluding participants can compute the shared secret (i.e., a secret polynomial coefficient). Any person holding the shared secret can subsequently carry out group-oriented threshold-oriented computations individually, thereby by passing the threshold requirement. 2) A set of t participants can moreover deduce all the secret polynomial coefficients which enables establishment of new user shares. In this paper, we propose a method applied to the threshold decryption scheme of Desmedt and Frankel that prohibits colluding participants to deduce any of the secret coefficients of the underlying threshold Shamir secret shar ing scheme.

Important Links:

Go Back