Cryptanalysis on a (k, n)-Threshold Multiplicative Secret Sharing Scheme

摘要

Shamir's secret-sharing scheme is an important building block of modern cryptography. However, since multiplication between two variables is not linear, how to confidentially and efficiently multiply two shared secrets remains an open problem. Recently, Taihei et al. presented a feasible (k, n)-threshold secret-sharing protocol which is capable of achieving such product result even if only $k$ servers are available. Nevertheless, we argue their scheme is vulnerable that the threshold property can not withstand collaborative attacks. Thus accordingly, in this paper, we designed a practical cracking method against their scheme. In terms of intensive analysis, it can be see that our scheme is able to efficiently reveal the shared secret with high probability albeit less than $k$ servers are compromised.