**A Practical (Non-interactive) Publicly Verifiable Secret Sharing Scheme**

*Mahabir Prasad Jhanwar*

**Abstract: **A publicly verifiable secret sharing (PVSS) scheme, proposed by Stadler in \cite{DBLP:conf/eurocrypt/Stadler96}, is a VSS scheme in which anyone, not only the shareholders, can verify that the secret shares are correctly distributed. PVSS can play essential roles in the systems using VSS. Achieving simultaneously the following two features for PVSS is a challenging job:
\begin{itemize}
\item Efficient non-interactive public verification.
\item Proving security for the public verifiability in the standard model.
\end{itemize}
In this paper we propose a $(t, n)$-threshold PVSS scheme which satisfies both of these properties. Efficiency of the non-interactive public verification step of the proposed scheme is optimal (in terms of computations of bilinear maps (pairing)) while comparing with the earlier solution by \cite{DBLP:conf/sacrypt/HeidarvandV08}. In public verification step of \cite{DBLP:conf/sacrypt/HeidarvandV08}, one needs to compute $2n$ many pairings, where $n$ is the number of shareholders, whereas in our scheme the number of pairing computations is $4$ only. This count is irrespective of the number of shareholders. We also provide a formal proof for the semantic security (IND) of our scheme based on the hardness of a problem that we call the $(n,t)$-multi-sequence of exponents Diffie-Hellman problem (MSE-DDH). This problem falls under the general Diffie-Hellman exponent problem framework \cite{DBLP:conf/eurocrypt/BonehBG05}.

**Category / Keywords: **Secret sharing, non-interactive PVSS, general Diffie-Hellman exponent problem

**Date: **received 23 Sep 2010, last revised 5 Oct 2010

**Contact author: **mahavir jhawar at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20101005:081128 (All versions of this report)

**Short URL: **ia.cr/2010/495

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]