Method for 2 Shamir Secret Shares to 2 Multiplicative Shares

摘要

The present invention relates to a system in which two terminals holding two pieces of private key secret information perform a multi-party security computing method, and two terminals each holding a piece of Shamir secret information in a 2 of N format. In the method of converting a multiplication and restoreable 2 party secret information fragment, the step of converting two secret information fragments of the 2 of N Shamir secret information fragments into two addition recoverable secret information fragments, the two addition and restoration possible By providing a method including the step of converting the secret information fragment into two multiplication and recoverable secret information fragments, the computational cost and time by reducing the amount of computation by reducing the complex computational procedure required for 2 of N computation using the Shamir secret information fragment. It is possible to obtain an effect that can reduce the value. In addition, if a method of converting a 2 of N Shamir secret information fragment into a multiplication and recoverable secret information fragment in a secure multi-party computing (SMPC) computing system according to the present invention is used, the Samir secret information Compared to multilateral security computing using fragments that all terminals participating in the computing require the same level of computing power, it is possible to use a bilateral SMPC protocol that places a large computational load on one side and allocates a small computational load to the other. As a result, there is an effect of obtaining a faster calculation result in spite of the small computing power of the mobile terminal in the SMPC type calculation system composed of two terminals including a mobile terminal having a relatively low computing power. In addition, in the operation system of the Secure Multi-party Computation (SMPC) method according to the present invention, two terminals that have been performing digital signature calculations with pieces of multiplication-recoverable secret information have their own multiplication-recoverable secret information. In order to update the fragment, the secret information fragment that can be multiplied and restored from the secret information fragments of the two terminals is not newly created, but the secret information fragment that can be multiplied and restored by the two terminals during the process of generating the secret information fragment. Multiplication can be restored quickly using a homomorphic encryption key, a decryption key, etc. If a piece of secret information is newly created and replaced, the security of a multi-party security computing system can be greatly improved.