Join Log in
Score:0
Hunger Learn avatar Crypto

An equivalent definition for shamir secret sharing?

ua flag
Hunger Learn

Taking into account this paper I will write here a definition that the authors provide.

$\textbf{Definition:}$ (linear secret sharing scheme). A $(t,n)$ secret sharing scheme is a linear secret sharing scheme when the $n$ shares, $v_1,v_2,...,v_n$ can be presented as in Equation $\ref{5}$

$$(v_1,v_2,...,v_n)=(k_1,k_2,...,k_t)H,\label{5}\tag{5}$$

where $H$ is a public $t × n$ matrix whose any $t × t$ submatrix is not singular. The vector $(k_1,k_2,...,k_n)$ is randomly chosen by the dealer.

According to Definition, we can see that Shamir’s $(t, n)$ secret sharing scheme is a linear scheme. Let

$$f(x)=a_0+a_1x+\cdots+a_{t-1}x^{t-1}, \label{6}\tag{6}$$

The shares $v_i = f(i)$, $i = 1, 2, ..., n$ can be presented as in Equation $\ref{7}$

$$(v_1,v_2,...,v_n)=(a_0,a_1,...,a_{t-1})H,\label{7}\tag{7}$$

How is $\ref{7}$ equivalent to $\ref{6}$? in some definitions it quotes $y_i= f(x_i)$ or $y_i= f(x_i)\bmod{p}$ how do they differ with $\ref{7}$?

67
0 + 0
Hunger Learn avatar
ua flag
Hunger Learn
the secret sharing scheme of Shamir is linear after all? why?
0
Reply
Hunger Learn avatar
ua flag
Hunger Learn
@kelalaka in $(5)$ you can replace index $n$ of $k_n$ with $t$...I don't want to interupt your edit...because you are always helpful
0
Reply
kelalaka avatar
in flag
kelalaka
No probs, see my edits and learn :)
1
Reply
Score:1
kodlu avatar Crypto
sa flag
kodlu

Well, one can assign shares as $v_i=f(x_i)$ or $v_i=f(i)$ as long as the $x_i$ are distinct it will work. The authors chose to use $v_i=f(i)$.

The observation that Shamir secret sharing is linear follows directly by using the definition of matrix multiplication. There is a typo in the paper though, the matrix entry quoted should be $h_{i,j}=j^{i-1}$ and they missed a minus sign in the paper.

enter image description here

0 + 0
Hunger Learn avatar
ua flag
Hunger Learn
well the weird is with all these definitions that in some case they write $f(x)=...mod{p}$ in other cases $f(x)=...$ without modulo and in some cases $y_i\equiv_p f(x_i)$...to be quite frank, i can not understand the difference...do you?
0
Reply
Hunger Learn avatar
ua flag
Hunger Learn
in other words the definition says give me the points $(s,a_1,a_2,...a_{t-1})$ recall that $a_0=s$ and i can find a mapping $H(s,a_1,a_2,...a_{t-1})=(v_1,v_2...,v_n)$ such that the pairs $(i,v_i)$ $\forall i \in n$ are points of the polynomial function $H=f(x)=s+\sum_{i=1}^{t-1}a_ix^i$?
0
Reply
ar flag
Ilmari Karonen
@HungerLearn: The math in Shamir's secret sharing is done in a [finite field](https://crypto.stackexchange.com/q/2700). The integers modulo a prime $p$ form such a finite field, but there are also other types of finite fields. (In particular, any set with $p^n$ elements, where $p$ is a prime and $n$ is a positive integer, can be given multiplication and addition operators that make it a finite field.) The confusion of notation you mention probably reflects that: some authors are assuming a prime-order field and using notation from modular arithmetic, while others just assume a generic field.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.