METHOD OF VERIFIABLY SHARING A SECRET IN POTENTIALLY ASYNCHRONOUS NETWORKS

摘要

In accordance with the present invention, there is provided a method for sharing a secret value x among n participating network devices via an asynchronous network. The n participating network devices comprises t faulty devices and k sub-devices capable of reconstructing the secret value x, wherein ti and subshare values s_ij of the secret value x by applying a linear secret sharing scheme and deriving verification values g^sij usable for verification of validity of the share values s_i and the subshare values s_ij; sending to each participating network device a share message comprising the corresponding subshare values s_Ai,s_iA, s_Bi,s_iB, s_Ci,s_iC; broadcasting a verification message comprising the verification values g^sij; receiving by at least l participating network devices the verification message comprising the verification values g^sij, wherein n-t>=l>=2t+1, and performing the following steps 1) to 4) for each recipient network device, 1) if a share message comprising subshare values s_ij is received, determining the validity of the subshare values s_ij in dependence on the verification values g^sij and 2) broadcasting in the event of positive determination an agree message comprising an agree-value Y; 3) receiving l agree messages comprising the agree-values Y_A, Y_B, Y_c; 4) in the event of l received agree messages, obtaining the share value s_i either from the share message sent by the distributor D or from subshare values s_ij received from participating network devices and determining the validity of the subshare values s_ij in dependence on the verification values g^sij. In a second aspect of the present invention a method without broadcast is disclosed.