Linear VSS and Distributed Commitments Based on Secret Sharing and Pairwise Checks

摘要

We present a general treatment of all non-cryptographic (i.e., information-theoretically secure) linear verifiable-secret-sharing (VSS) and distributed-commitment (DC) schemes, based on an underlying secret sharing scheme, pairwise checks between players, complaints, and accusations of the dealer. VSS and DC are main building blocks for unconditional secure multi-party computation protocols. This general approach covers all known linear VSS and DC schemes. The main theorem states that the security of a scheme is equivalent to a pure linear-algebra condition on the linear mappings (e.g. described as matrices and vectors) describing the scheme. The security of all known schemes follows as corollaries whose proofs are pure linear-algebra arguments, in contrast to some hybrid arguments used in the literature. Our approach is demonstrated for the CDM DC scheme, which we generalize to be secure against mixed adversary settings (some curious and some dishonest players), and for the classical BGW VSS scheme, for which we show that some of the checks between players are superfluous, i.e., the scheme is not optimal. More generally, our approach, establishing the minimal conditions for security (and hence the common denominator of the known schemes), can lead to the design of more efficient VSS and DC schemes for general adversary structures.