Computational Aspects of Ideal (i, n)-Threshold Scheme of Chen, Laing, and Martin

摘要

In CANS 2016, Chen, Laing, and Martin proposed an ideal (t,n)-threshold secret sharing scheme (the CLM scheme) based on random linear code. However, in this paper we show that this scheme is essentially same as the one proposed by Karnin, Greene, and Hellman in 1983 (the KGH scheme) from privacy perspective. Further, the authors did not analyzed memory or XOR operations required to either store or calculate an inverse matrix needed for recovering the secret. In this paper, we analyze computational aspects of the CLM scheme and discuss various methods through which the inverse matrix required during the secret recovery can be obtained. Our analysis shows that for n ≤ 30 all the required inverse matrices can be stored in memory whereas for 30 ≤ n < 9000 calculating the inverse as and when required is more appropriate. However, the CLM scheme becomes impractical for n > 9000. Another method which we discuss to recover the secret in KGH scheme is to obtain only the first column of the inverse matrix using Lagrange's interpolation however, as we show, this method can not be used with the CLM scheme. Some potential application of the secret sharing schemes are also discussed. From our analysis we conclude that the CLM scheme is neither novel nor as practical as has been suggested by Chen et al. whereas the KGH scheme is better suited for practical applications with large n.