A method for sharing secret information, generating a digital signature, and performing certification in a communication system that has a plurality of information processing apparatuses and a communication system that employs such a method

摘要

An aspect of the present invention is to perform verifiable secret sharing by a practical amount of calculation and a practical amount of communication. In addition, by using this process, a shared digital signature is generated, or a shared authentication server is provided.;In a communication system where a plurality of information processing apparatuses are connected across secret communication channels and a broadcast communication channel, an information processing apparatus d generates a secret matrix from secret information s, l1, . . ., lk, extracts the first information segments for individual apparatuses i, and secretly transmits it to each apparatus i. The information processing apparatus d performs hash function on the secret matrix and broadcasts the output value. Each information processing apparatus i generates and broadcasts a random number, while the information processing apparatus d generates and broadcasts the second information segment from a partial array in consonance with the random number value. Each information processing apparatus i generates the third information segment in consonance with the first information segment and the random number, and verifies that the secret information has been correctly shared by comparing the third information segment with the second. By employing this secret information sharing method, apparatuses that belong to a group of signers cooperatively generate a signature, and a plurality of apparatuses that constitute authentication servers cooperatively provide authentication.