For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase, they can disturb the protocol and only they can reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, using message authentication, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we explicitly propose the concepts of “individual identification” and “agreed identification”. For both settings, we provide protocols for cheater-identifiable secret sharing. In our protocols, the security parameter can be set independently of the share size and the underlying finite field size.
展开▼