On the Security of the Threshold Scheme Based on the Chinese Remainder Theorem
Threshold schemes enable a group of users to share a secret by providing each user with a share. The scheme has a threshold t+1 if any subset with cardinality t + 1 of the shares enables the secret to be recovered.
In 1983, C. Asmuth and J. Bloom proposed such a scheme based on the Chinese remainder theorem. They derived a complex relation between the parameters of the scheme in order to satisfy some notion of security. However, at that time, the concept of security in cryptography had not yet been formalized.
In this paper, we revisit the security of this threshold scheme in the modern context of security. In particular, we prove that the scheme is asymptotically optimal both from an information theoretic and complexity theoretic viewpoint when the parameters satisfy a simplified relationship. We mainly present three theorems, the two first theorems strengthen the result of Asmuth and Bloom and place it in a precise context, while the latest theorem is an improvement of a result obtained by Goldreich et al.
KeywordsAverage Mutual Information Uniform Probability Threshold Scheme Chinese Remainder Theorem Ideal Scheme
- B79.Blakley, G.R.: Safeguarding cryptographic keys. AFIPS Conf. Proc., 1979, 48, pp. 313–317.Google Scholar
- G68.Gallager, R.G.: Information Theory and Reliable Communication. Willey, 1968.Google Scholar
- GB01.Goldwasser S., Bellare M.: Lectures Notes on Cryptography. 1996–2001. http://www-cse.ucsd.edu/users/mihir/papers/gb.html.
- M82.Mignotte, M.: How to share a secret. Advances in Cryptology — Eurocrypt’82, LNCS, 1983, 149, Springer-Verlag, pp. 371–375.Google Scholar
- R88.Ribenboim, P.: The Book of Prime Number Records. Springer-Verlag, 1988.Google Scholar