org.cryptimeleon.craco.secretsharing

Interface LinearSecretSharing<ShareReceiverType>

Type Parameters:

ShareReceiverType - the type of the entities that the secret shares are distributed to

All Known Implementing Classes:

AccessStructure, MonotoneSpanProgram, ShamirSecretSharing, ThresholdTreeSecretSharing

public interface LinearSecretSharing<ShareReceiverType>

A (linear) secret sharing scheme allows sharing a secret, which results in a set of shares. Each share belongs to some share receiver (one share receiver may get multiple shares). The scheme defines which sets of share receivers are able to pool their shares in order to recreate the secret.

The API works as follows:

• The participants of the scheme are called share receivers (which may be actual parties in a protocol or ABE attributes, or any other entities that you may want to distribute a secret over).
• The scheme is instantiated with a sharing policy that determines which subsets of share receivers can recreate a shared secret (such subsets are called "qualified").
• getShares(secret) computes a randomized set of "shares" \(\{(i, s_i)\}\), where \(i = 1,...,n\).
• getShareReceiver(i) determines which share receiver the share \(s_i\) belongs to (one share receiver may get multiple shares).
• getSolvingVector(S) for a subset S of share receivers, where isQualified(S) == true, determines how to recreate a secret using the shares of S. More specifically, it computes coefficients \(a_i\) such that \(\sum a_i \cdot s_i = \text{secret}\) (such that for each i in that sum, getShareReceiver(i) is contained in S). (Hence the name LINEAR secret sharing).

The security guarantee is that for any set \(S\) of share receivers that is NOT qualified, the corresponding set of shares \(\{s_i \; | \; \text{getShareReceiver}(i) \in S\}\) does NOT suffice to recreate the secret. (Some implementations will ensure that these shares are completely independent of the secret).

Method Summary

Modifier and Type	Method and Description
boolean	checkShareConsistency(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret, java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> shares) Outputs true if the given (full) set of shares is consistent with the given secret, meaning that all qualified subsets of the shares will recreate the given secret.
java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement>	completeShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret, java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> partialShares) Takes a partial set of shares and completes it to a full set of shares for the given secret.
org.cryptimeleon.math.structures.rings.zn.Zp	getSharedRing() Returns the ring over which the secret is being shared.
default ShareReceiverType	getShareReceiver(java.lang.Integer i) Given the index i of a share \(s_i\), determines which share receiver that share belongs to.
java.util.Map<java.lang.Integer,ShareReceiverType>	getShareReceiverMap() Returns the map that assigns each index i of a share \(s_i\) to its share receiver.
java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement>	getShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret) Randomly generates shares \(s_i\) for the given secret.
default java.util.Set<java.lang.Integer>	getSharesOfReceiver(ShareReceiverType shareReceiver) Returns the set of share indices i that belong to the given share receiver.
default java.util.Set<java.lang.Integer>	getSharesOfReceivers(java.util.Collection<? extends ShareReceiverType> shareReceivers) Returns the set of share indices i that belong to any of the given share receivers.
java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement>	getSolvingVector(java.util.Set<? extends ShareReceiverType> setOfShareReceivers) Instructs how to reconstruct a shared secret using the shares of a given set of share receivers setOfShareReceivers.
default boolean	isQualified(java.util.Collection<java.lang.Integer> setOfShareReceiversIds) Checks whether or not the set of share receivers given by their identifying ids will be able to recreate the secret by pooling their shares \(\{s_i \; | \; i \in \text{setOfShareReceiversIds}\}\).
boolean	isQualified(java.util.Set<? extends ShareReceiverType> setOfShareReceivers) Checks whether or not the given set of share receivers will be able to recreate the secret by pooling their shares \(\{s_i \; | \; \text{getShareReceiver}(i) \in \text{setOfShareReceivers}\}\).
default org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement	reconstruct(java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> shares) Reconstructs the secret using the given shares.

Method Detail

getShares

java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> getShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret)
                                                                                           throws WrongAccessStructureException

Randomly generates shares \(s_i\) for the given secret. Use getShareReceiver(i) to determine which share belongs to which share receiver.

Returns:

a vector of shares \(s_i\) (as a map mapping index i to share \(s_i\)).

Throws:

WrongAccessStructureException

getSolvingVector

java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> getSolvingVector(java.util.Set<? extends ShareReceiverType> setOfShareReceivers)
                                                                                                  throws NoSatisfyingSet,
                                                                                                         WrongAccessStructureException

Instructs how to reconstruct a shared secret using the shares of a given set of share receivers setOfShareReceivers. More specifically, computes a vector of coefficients \(a_i\) such that \(\sum a_i \cdot s_i = \text{secret}\) for the \(s_i\) output by getShares(secret). Only shares \(s_i\) with getShareReceiver(i) contained in setOfShareReceivers appear in this sum (one can imagine that all other \(a_i\) are 0).

Parameters:

setOfShareReceivers - the set of share receivers to calculate the solving vector for

Returns:

a vector of coefficients \(a_i\) (as a map index i to coefficient \(a_i\)). Contains only i where getShareReceiver(i) is contained in setOfShareReceivers.

Throws:

NoSatisfyingSet - if the given set of share receivers cannot reconstruct the secret, i.e. isQualified(setOfShareReceivers) == false

WrongAccessStructureException

reconstruct

default org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement reconstruct(java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> shares)
                                                                    throws NoSatisfyingSet,
                                                                           WrongAccessStructureException

Reconstructs the secret using the given shares.

Parameters:

shares - a partial set of shares (i.e. a map containing a (qualified) subset of the entries of getShares()).

Returns:

the reconstructed secret

Throws:

NoSatisfyingSet - if the set of share receivers implied by the shares is not qualified

WrongAccessStructureException

getShareReceiver

default ShareReceiverType getShareReceiver(java.lang.Integer i)

Given the index i of a share \(s_i\), determines which share receiver that share belongs to.

Parameters:

i - the index of a share

Returns:

the shareReceiver that share \(s_i\) belongs to

getShareReceiverMap

java.util.Map<java.lang.Integer,ShareReceiverType> getShareReceiverMap()

Returns the map that assigns each index i of a share \(s_i\) to its share receiver.

getSharesOfReceiver

default java.util.Set<java.lang.Integer> getSharesOfReceiver(ShareReceiverType shareReceiver)

Returns the set of share indices i that belong to the given share receiver. Essentially computes the inverse of getShareReceiver(Integer).

getSharesOfReceivers

default java.util.Set<java.lang.Integer> getSharesOfReceivers(java.util.Collection<? extends ShareReceiverType> shareReceivers)

Returns the set of share indices i that belong to any of the given share receivers.

Essentially getSharesOfReceiver(Object), but applied to multiple share receivers and with the results combined into a single set via union.

isQualified

boolean isQualified(java.util.Set<? extends ShareReceiverType> setOfShareReceivers)
             throws WrongAccessStructureException

Checks whether or not the given set of share receivers will be able to recreate the secret by pooling their shares \(\{s_i \; | \; \text{getShareReceiver}(i) \in \text{setOfShareReceivers}\}\).

Parameters:

setOfShareReceivers - the set of share receivers to check

Returns:

true if the shares of the given share receivers suffice to recreate a shared secret

Throws:

WrongAccessStructureException

isQualified

default boolean isQualified(java.util.Collection<java.lang.Integer> setOfShareReceiversIds)
                     throws WrongAccessStructureException

Checks whether or not the set of share receivers given by their identifying ids will be able to recreate the secret by pooling their shares \(\{s_i \; | \; i \in \text{setOfShareReceiversIds}\}\).

Parameters:

setOfShareReceiversIds - the set of share receiver ids to check

Returns:

true if the shares of the given share receivers suffice to recreate a shared secret

Throws:

WrongAccessStructureException

getSharedRing

org.cryptimeleon.math.structures.rings.zn.Zp getSharedRing()

Returns the ring over which the secret is being shared.

completeShares

java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> completeShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret,
                                                                                                       java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> partialShares)
                                                                                                throws java.lang.IllegalArgumentException

Takes a partial set of shares and completes it to a full set of shares for the given secret. In case of isQualified(S) == true this method will simply recreate the full set of shares.

The contract is that the two S in the following are distributed identically:

• \(S = \text{getShares}(s)\)
• \(S = \text{completeShares}(s, \{s_i' \; | \; i \in \text{getSharesOfReceivers(X)}\})\) with \(\{s_i'\} = \text{getShares}(s')\) and a subset \(X\) of share receivers.

(that property is called semi-smoothness)

Parameters:

secret - the desired secret for the completed shares

partialShares - the set of partial shares \(\{s_i \; | \; i \in \text{getSharesOfReceivers}(X)\}\)

Returns:

a complete set of shares distributed like getShares(secret) (if the given partial shares are distributed as in getShares())

Throws:

java.lang.IllegalArgumentException - if partialShares cannot be completed to secret

java.lang.UnsupportedOperationException - if the scheme does not support completion of shares

checkShareConsistency

boolean checkShareConsistency(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret,
                              java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> shares)

Outputs true if the given (full) set of shares is consistent with the given secret, meaning that all qualified subsets of the shares will recreate the given secret.