Paper 2025/318

Traceable Verifiable Secret Sharing and Applications

Karim Baghery, COSIC, KU Leuven
Ehsan Ebrahimi, University of Luxembourg, Luxembourg
Omid Mirzamohammadi, COSIC, KU Leuven
Mahdi Sedaghat, COSIC, KU Leuven, Soundness Labs
Abstract

A secret sharing scheme allows a trusted dealer to divide a secret among multiple parties so that a sufficient number of them can recover the secret, while a smaller group cannot. In CRYPTO'21, Goyal, Song, and Srinivasan introduced Traceable Secret Sharing (TSS), which enhances traditional secret sharing by enabling the identification of parties involved in secret reconstruction, deterring malicious behavior like selling shares. Recently, Boneh, Partap, and Rotem (CRYPTO'24) presented two more efficient TSS schemes. However, these existing TSS schemes assume that all distributed shares are valid and shareholders act honestly during the secret reconstruction phase. In this paper, we introduce Traceable Verifiable Secret Sharing (TVSS), a concept designed to ensure both traceability and verifiability in the face of malicious actions by either the dealer or shareholders. We propose a general strategy for transforming a Shamir-based, computationally secure Verifiable Secret Sharing (VSS) scheme into an efficient TVSS scheme. Building on this strategy, we construct two practical TVSS schemes in the honest-majority setting, based on well-known VSS schemes proposed by Feldman (SFCS'87) and Pedersen (CRYPTO'91). Our proposed TVSS schemes retain public shareholder indexes, enhancing flexibility in designing accountable threshold protocols (e.g., Distributed Key Generation protocols) using TVSS. Compared to the original VSS schemes, the individual share size in the new TVSS schemes increases by only a single field element and is just two or three times the size of the main secret. Motivated by a recent study on Accountable Threshold Cryptosystems (ATCs) by Boneh, Partap, and Rotem (CRYPTO'24), and by leveraging our proposed Feldman-based TVSS scheme, we also introduce an efficient ATC based on ElGamal cryptosystem. This new ATC enables a tracer to uniquely identify the parties involved in the decryption process while introducing minimal overhead to existing actively secure (and/or robust) threshold protocols built on the ElGamal cryptosystem.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Verifiable Secret SharingTraceable Secret SharingTraceable Verifiable Secret SharingShamir Secret Sharing
Contact author(s)
baghery karim @ gmail com
eebrahimi pqc @ gmail com
omid mirzamohammadi @ esat kuleuven be
ssedagha @ esat kuleuven be
History
2025-02-21: approved
2025-02-21: received
See all versions
Short URL
https://ia.cr/2025/318
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/318,
      author = {Karim Baghery and Ehsan Ebrahimi and Omid Mirzamohammadi and Mahdi Sedaghat},
      title = {Traceable Verifiable Secret Sharing and Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/318},
      year = {2025},
      url = {https://eprint.iacr.org/2025/318}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.