Full threshold change range of threshold changeable secret sharing

Abstract

A threshold changeable secret sharing (TCSS) scheme is designed for changing the initial threshold pair of the privacy threshold and reconstruction threshold to a given threshold pair after the dealer distributes shares to participants, while a universal threshold changeable secret sharing (uTCSS) scheme is threshold changeable to multiple new threshold pairs. We focus on the threshold changeability in a dealer-free scenario with an outside adversary and the absence of secure channels among participants. There are some known threshold change regimes that are realized by (optimal) TCSS schemes or (optimal) uTCSS schemes. In this work, by combining the frequently used two methods in previous constructions: folding shares of a given secret sharing scheme and packing shares of multiple secret sharing schemes, we construct an optimal TCSS scheme and an optimal uTCSS scheme with a new threshold change regime, respectively. This helps us determine the full threshold change range that can be realized by optimal TCSS schemes and optimal uTCSS schemes, respectively. Moreover, we construct some near optimal TCSS schemes to show that the full threshold change range of TCSS schemes (without requiring optimality) is completely covered by the threshold change regimes of our near optimal TCSS schemes together with the full threshold change range of optimal TCSS schemes.

Appendix: Threshold change regimes of near optimal TCSS schemes

We need to prove that there is a \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme with a threshold change regime

$$\begin{aligned} t<r\le n, t^{\prime }<r^{\prime }\le n ~\textrm{and}~ 1\le \frac{r^{\prime }}{r}< \frac{t^{\prime }}{t}. \end{aligned}$$

Observe that this threshold change regime is the union of the following four regimes.

• Case 1: \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, t^{\prime }<r, t<r\le n, ~\textrm{and}~ t^{\prime }<r^{\prime }\le n\), i.e., \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}\) and \(t<t^{\prime }<r<r^{\prime }\le n\).

• Case 2: \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, 2<r\le t^{\prime }, t<r\le n, ~\textrm{and}~ t^{\prime }<r^{\prime }\le n\), i.e., \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, t<r\le t^{\prime }<r^{\prime }\le n\) and \(r>2\).

• Case 3: \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, r=2, t<r\le n, ~\textrm{and}~ t^{\prime }<r^{\prime }\le n\).

• Case 4: \(1=\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, t<r\le n, ~\textrm{and}~ t^{\prime }<r^{\prime }\le n.\)

The proof is constructive. We construct a \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme with a threshold change regime \(t<t^{\prime }<r<r^{\prime }\le n\), which contains Case 1. This TCSS scheme will be taken as a building block to construct TCSS schemes with the threshold change regimes of Case 2, Case 3 and Case 4.

Case 1: \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}\) and \(t<t^{\prime }<r<r^{\prime }\le n\)

The Construction 2 is inspired by Huang et al. [14]. Their main difference lies in the number of random key coefficients.

Similar to the proof of Huang et al. [14], we know that Construction 2 gives a \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme for \(t<t^{\prime }<r<r^{\prime }\le n\). Besides, it requires \(r>2\), since \(1\le t<t^{\prime }<r<r^{\prime }\).

Case 2: \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, t<r\le t^{\prime }<r^{\prime }\le n\) and \(r>2\)

Proposition 2

Let \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, t<r\le t^{\prime }<r^{\prime }\le n\) and \(r>2\). Let \(v=t^{\prime }, u=r-1\) and \(e=\min \{(r-1)(r^{\prime }-t^{\prime }),t^{\prime }\}-1\), then \((r-1)v<(r-1)v+e<rv\) and \(tv\le t^{\prime }u<(r-1)v+e<r^{\prime }u\).

Proof

Since \(e=\min \{(r-1)(r^{\prime }-t^{\prime }),t^{\prime }\}-1\) and \(v=t^{\prime }\ge r>2\), then

$$\begin{aligned} 1\le e\le t^{\prime }-1=v-1~\textrm{and}~1\le e\le (r-1)(r^{\prime }-t^{\prime })-1, \end{aligned}$$

which implies that \((r-1)v<(r-1)v+e<rv\).

On the other hand, since \(t<r\le t^{\prime }<r^{\prime }\) and \(1\le e\le (r-1)(r^{\prime }-t^{\prime })-1\), then we have

$$\begin{aligned} tt^{\prime }\le (r-1)t^{\prime }<(r-1)t^{\prime }+e\le (r-1)t^{\prime }+(r-1)(r^{\prime }-t^{\prime })-1=(r-1)r^{\prime }-1<(r-1)r^{\prime }. \end{aligned}$$

Therefore, we have \(tv\le t^{\prime }u<(r-1)v+e<r^{\prime }u\). \(\square \)

From Proposition 2 and Construction 2, there is a \((tv, (r-1)v+e, nv)\rightarrow (t^{\prime }u,r^{\prime }u,nv)\) ramp scheme, and hence there is a \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme with the threshold change regime in Case 2 (see Fig. 2).

Fig. 2

A \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme of Case 2, where \(v=t^{\prime }, u=r-1\) and \(e=\min \{(r-1)(r^{\prime }-t^{\prime }),t^{\prime }\}-1\)

Case 3: \(1<\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, r=2, t<r\le n, ~\textrm{and}~ t^{\prime }<r^{\prime }\le n\)

In this case, we have \(t=1\) and \(2\le t^{\prime }<r^{\prime }\). Now, we let \(v=2t^{\prime }\) and \(u=2\). It is easy to check that

$$\begin{aligned} v<v+1<2v ~\textrm{and}~ v=t^{\prime }u<v+1<r^{\prime }u. \end{aligned}$$

From the construction of Huang et al. [14], there is a \((v, v+1, nv)\rightarrow (t^{\prime }u,r^{\prime }u,nv)\) ramp scheme, and hence there is a \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme with the threshold change regime in Case 3 (see Fig. 3).

Fig. 3

A \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme of Case 3, where \(v=2t^{\prime }\) and \(u=2\)

Case 4: \(1=\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}, t<r\le n, ~\textrm{and}~ t^{\prime }<r^{\prime }\le n\)

Since \(t^{\prime }<r^{\prime }\), then \(1=\dfrac{r^{\prime }}{r}<\dfrac{t^{\prime }}{t}\) is equivalent to \(t<t^{\prime }<r=r^{\prime }\). Let \(u=v=2\), then

$$\begin{aligned} tv<t^{\prime }u<(r-1)v+1<r^{\prime }u\le nv, \end{aligned}$$

which means that there is a \((tv, (r-1)v+1, nv)\rightarrow (t^{\prime }u,r^{\prime }u,nv)\) ramp scheme from Construction 2. Therefore, there is a \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme with the threshold change regime in Case 4 (see Fig. 4).

Fig. 4

A \((t,r,n)\rightarrow (t^{\prime },r^{\prime },n)\) ramp scheme of Case 4, where \(u=v=2\)