分野別セミナー

At EUROCRYPT 2011, Obana proposed a $k$-out-of-$n$ secret sharing scheme capable of identifying up to $t$ cheaters with probability $1-\epsilon$ under the condition $t < k/3$. In that scheme, the share size $|V_i|$ satisfies $|V_i|=|S|/\epsilon$, which is almost optimal. However, Obana's scheme is known to be vulnerable to attacks by rushing adversary who can observe the messages sent by the honest participants prior to deciding her own messages. In this paper, we present a new scheme, which is secure against rushing adversary, with $|V_i|=|S|/\epsilon^{n-t+1}$, assuming $t < k/3$. We note that the share size of our proposal is substantially smaller compared to $|V_i|=|S|(t+1)^{3n}/{\epsilon}^{3n}$ in the scheme by Choudhury at PODC 2012 when the secret is a single field element. A modification of the later scheme is secure against rushing adversary under a weaker $t < k/2$ condition. Therefore, our scheme demonstrates an improvement in share size achieved for the price of strengthening the assumption on $t$.