Outsourced cheating detection for secret sharing

Abstract

In a secret sharing scheme, a dealer, D, distributes shares of a secret, S among a set of n participants, such that only authorised subsets of these participants can reconstruct S, by pooling their shares. Unauthorised subsets should gain no information. An extensively researched area within this field is how to cope with participants who arbitrarily modify their shares (i.e. cheaters). A secret sharing scheme with cheating detection capabilities (SSCD) allows participants to detect cheating upon reconstruction time. The most common way of achieving this is to utilise an algebraic manipulation detection (AMD) code alongside a secret sharing scheme. The dealer essentially encodes S in an AMD code and distributes this code to participants. Participants then reconstruct the code and use this to detect cheating. The problem with this approach is that even if cheating is detected, the cheaters still get the secret. To overcome this problem, we propose a new protocol: outsourced SSCD (OSSCD). Our proposed protocol utilises the same techniques as SSCD; however, before the secret is reconstructed, we have participants distribute their shares among a set of special validation servers. These validation servers then perform a public computation to determine if cheating has occurred. They do this without reconstructing S. The result of this is that if cheating has occurred, the servers can halt the protocol, ensuring no one learns the secret. We present two efficient constructions of our proposed OSSCD protocol: one capable of detecting cheating with high probability and the other capable of tolerating many secrets simultaneously.