Hierarchical threshold secret sharing

Research output: Contribution to journalArticlepeer-review


We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k 0 0 members from the highest level as well as at least k 1 > k 0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past none of the existing solutions addresses the simple setting where say a bank transfer should be signed by three employees at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that unlike most secret sharing schemes that are suitable for hierarchical structures is ideal. As in Shamir's scheme the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently our scheme uses Birkhoff interpolation i.e. the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In addition we devise an ideal and efficient secret sharing scheme for the closely related hierarchical threshold access structures that were studied by Simmons and Brickell.

Original languageEnglish
Pages (from-to)237-264
Number of pages28
JournalJournal of Cryptology
Issue number2
StatePublished - Apr 2007


  • Birkhoff interpolation
  • Hierarchical/multilevel access structures
  • Ideal schemes
  • Secret sharing schemes
  • Threshold schemes


Dive into the research topics of 'Hierarchical threshold secret sharing'. Together they form a unique fingerprint.

Cite this