Certain cryptographic keys, such as missile launch codes, numbered bank accounts and the secret decoding exponent in an RSA public key cryptosystem, are so important that they present a dilemma. If too many copies are distributed, one may be leaked. If too few, they might all be lost or accidentally destroyed. Secret sharing schemes invented by Shamir (1979) and Blakley (1979) address this problem, and allow arbitrarily high levels of confidentiality and reliability to be achieved. A secret sharing scheme ‘divides’ the secret into ‘shares’—one for every user—in such a way that the secret can be easily reconstructible by any authorised subset of users, but an unauthorised subset of users can extract absolutely no information about it. In this chapter we define secret sharing schemes rigorously and introduce the concepts of a perfect and an ideal schemes. We revisit Shamir’s secret sharing scheme and generalise it to linear secret sharing schemes which we prove to be ideal. We give examples of non-linear and non-ideal schemes.
- 1.Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)Google Scholar
- 2.Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, vol. 48, pp. 313–317 (1979)Google Scholar
- 3.Brickell, E.F., Davenport, D.M.: On the classification of ideal secret sharing schemes. J. Cryptol. 4, 123–134 (1991)Google Scholar
- 4.Stinson, D.R.: An explication of secret sharing schemes. Des. Codes Cryptogr. 2, 357–390 (1992)Google Scholar