Security analysis of a dynamic threshold secret sharing scheme using linear subspace method

Abstract

A dealer-free and non-interactive dynamic threshold secret sharing scheme has been proposed by Harn and Hsu in Information Processing Letters in 2015. In this scheme, a (t,n) secret sharing scheme in secret sharing phase can turn into a (m,n) scheme in secret reconstruction phase, where m is the number of participating shareholders. It has been claimed that the secrecy of shares and the secrecy of the secret are unconditionally preserved if m∈(t,1+t(t+1)/2].This paper provides a security analysis of this scheme by introducing two attacks. In the first attack, we show that this scheme does not have the dynamic threshold property. In more details, any t+1 released values are sufficient to reconstruct the secret, while the updated threshold has any larger value. In the second attack, we show that any t+1 released values are sufficient to forge the released value of a non-participating shareholder. The technique enjoyed for these attacks is the linear subspace cryptanalysis. It basically measures the information leaked by the known parameters of the scheme by computing the dimension of the linear subspace spanned by these parameters. This method has shown to be capable of cryptanalysis of some secret sharing based schemes, whose security relies on keeping the coefficients of the underlying polynomial(s) secret.