In [1], Shamir proposed an elegant “polynomial” construction of a perfect threshold schemes (see threshold cryptography). An (n, k)-threshold scheme is a particular case of secret sharing scheme when any set of k or more participants can recover the secret exactly while any set of less than k particiants gains no additional, i.e. a posteriori, information about the secret. Such threshold schemes are called perfect and they were constructed in [2] and [1]. Shamir's construction is the following.
Assume that the set \(S_{ 0}\) of secrets is some finite field \({GF(q)}\) of q elements (q should be prime power) and that the number of participants of SSS \(n<q.\) The dealer chooses n different nonzero elements (points) \(x_1,\ldots,x_{n}\in GF(q)\), which are publicly known. To distribute a secret \(s_0\) the dealer generates randomly coefficients \(g_1,\ldots,g_{k-1}\in GF(q)\), forms the polynomial \(g(x)=s_0+ g_1x+ \cdots +g_{k-1}x^{k-1}\) of degree less than k and sends to the i-th...
References
Shamir, A. (1979). “How to share a secret.” Communications of the ACM, 22 (1), 612–613.
Blakley, R. (1979). “Safeguarding cryptographic keys.” Proceedings of AFIPS 1979 National Computer Conference, 48, 313–317.
McEliece, R.J. and D.V. Sarwate (1981). “On secret haring and Reed–Solomon codes.” Communications of the ACM, 24, 583–584.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Blakley, R., Kabatiansky, G. (2005). Shamir's Threshold Scheme. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_389
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_389
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering