TY - JOUR

T1 - Hierarchical threshold secret sharing

AU - Tassa, Tamir

N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.

PY - 2007/4

Y1 - 2007/4

N2 - We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k 0 0 members from the highest level as well as at least k 1 > k 0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past none of the existing solutions addresses the simple setting where say a bank transfer should be signed by three employees at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that unlike most secret sharing schemes that are suitable for hierarchical structures is ideal. As in Shamir's scheme the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently our scheme uses Birkhoff interpolation i.e. the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In addition we devise an ideal and efficient secret sharing scheme for the closely related hierarchical threshold access structures that were studied by Simmons and Brickell.

AB - We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k 0 0 members from the highest level as well as at least k 1 > k 0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past none of the existing solutions addresses the simple setting where say a bank transfer should be signed by three employees at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that unlike most secret sharing schemes that are suitable for hierarchical structures is ideal. As in Shamir's scheme the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently our scheme uses Birkhoff interpolation i.e. the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In addition we devise an ideal and efficient secret sharing scheme for the closely related hierarchical threshold access structures that were studied by Simmons and Brickell.

KW - Birkhoff interpolation

KW - Hierarchical/multilevel access structures

KW - Ideal schemes

KW - Secret sharing schemes

KW - Threshold schemes

UR - http://www.scopus.com/inward/record.url?scp=33947522725&partnerID=8YFLogxK

U2 - 10.1007/s00145-006-0334-8

DO - 10.1007/s00145-006-0334-8

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:33947522725

SN - 0933-2790

VL - 20

SP - 237

EP - 264

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 2

ER -