Score:0

# Security of verifiable shamir secret share

Let us consider the following verification protocol based on Feldman. Assume, $$c_0,\cdots,c_k$$ represent the coefficients of the polynomial $$p()$$ in $$\mathbb{Z}_q$$. For verifying share $$(i,p(i))$$ and public parameters group $$G$$ of prime order $$p, q|p-1$$ and generator $$g$$, the share generator provides $$(g,d_0,\cdots,d_k)$$ where $$d_j=g^{c_j}, j \in\{0,1,\cdots,k\}$$. The receiver of the share $$s$$,checks whether $$g^s = \prod_j d_j^{i^j}$$. Is this scheme secure (based on the hardness of discrete logarithm)?

Haven't looked closely at this scheme, but keep in mind that whenever you introduce verifiability, you're moving from information-theoretically secure to computationally secure. Granted, whatever you're doing with the secret might mean you're already relying on being computationally secure.