公开(公告)号：DE60207691T2

公开(公告)日：2006-07-06

申请号：DE60207691

申请日：2002-02-15

Applicant: IBM

Inventor： CACHIN CHRISTIAN ,  KURSAWE KLAUS ,  LYSYANSKAYA ANNA ,  STROBL RETO

IPC: G06F13/00 ,  H04L9/08 ,  H04L9/10

Abstract: In accordance with the present invention, there is provided a method for sharing a secret value x among n participating network devices via an asynchronous network. The n participating network devices comprises t faulty devices and k sub-devices capable of reconstructing the secret value x, wherein t i and subshare values s ij of the secret value x by applying a linear secret sharing scheme and deriving verification values g s ij usable for verification of validity of the share values s i and the subshare values s ij ; sending to each participating network device a share message comprising the corresponding subshare values s Ai ,s iA , s Bi ,s iB , s Ci ,s iC ; broadcasting a verification message comprising the verification values g s ij ; receiving by at least l participating network devices the verification message comprising the verification values g s ij , wherein n-t>=l>=2t+1, and performing the following steps 1) to 4) for each recipient network device, 1) if a share message comprising subshare values s ij is received, determining the validity of the subshare values s ij in dependence on the verification values g s ij and 2) broadcasting in the event of positive determination an agree message comprising an agree-value Y; 3) receiving l agree messages comprising the agree-values Y A , Y B , Y c ; 4) in the event of l received agree messages, obtaining the share value s i either from the share message sent by the distributor D or from subshare values s ij received from participating network devices and determining the validity of the subshare values s ij in dependence on the verification values g s ij . In a second aspect of the present invention a method without broadcast is disclosed.

公开(公告)号：DE60207691D1

公开(公告)日：2006-01-05

申请号：DE60207691

申请日：2002-02-15

Applicant: IBM

Inventor： CACHIN CHRISTIAN ,  KURSAWE KLAUS ,  LYSYANSKAYA ANNA ,  STROBL RETO

IPC: G06F13/00 ,  H04L9/08 ,  H04L9/10

Abstract: In accordance with the present invention, there is provided a method for sharing a secret value x among n participating network devices via an asynchronous network. The n participating network devices comprises t faulty devices and k sub-devices capable of reconstructing the secret value x, wherein t i and subshare values s ij of the secret value x by applying a linear secret sharing scheme and deriving verification values g s ij usable for verification of validity of the share values s i and the subshare values s ij ; sending to each participating network device a share message comprising the corresponding subshare values s Ai ,s iA , s Bi ,s iB , s Ci ,s iC ; broadcasting a verification message comprising the verification values g s ij ; receiving by at least l participating network devices the verification message comprising the verification values g s ij , wherein n-t>=l>=2t+1, and performing the following steps 1) to 4) for each recipient network device, 1) if a share message comprising subshare values s ij is received, determining the validity of the subshare values s ij in dependence on the verification values g s ij and 2) broadcasting in the event of positive determination an agree message comprising an agree-value Y; 3) receiving l agree messages comprising the agree-values Y A , Y B , Y c ; 4) in the event of l received agree messages, obtaining the share value s i either from the share message sent by the distributor D or from subshare values s ij received from participating network devices and determining the validity of the subshare values s ij in dependence on the verification values g s ij . In a second aspect of the present invention a method without broadcast is disclosed.