org.cryptimeleon.craco.secretsharing.shamir

Class ShamirSecretSharing

java.lang.Object

org.cryptimeleon.craco.secretsharing.shamir.ShamirSecretSharing

All Implemented Interfaces:

LinearSecretSharing<Policy>

public class ShamirSecretSharing
extends java.lang.Object
implements LinearSecretSharing<Policy>

Shamir's secret sharing scheme is a linear secret sharing scheme based on polynomial interpolation.

Assume s is the secret to be shared. Based on the threshold t of the given ThresholdPolicy a PolynomialRing.Polynomial P(x) of degree t-1 is computed, such that \(P(0)=s\).

The shares \((i, s_i = P(i))\) correspond to data points on the polynomial therefore any set \(S\) of shares with \(|S| \geq t\) can be used to uniquely determine the original polynomial using interpolation and therefore reconstruct the secret.

The secret is only shared among the direct children of the given ThresholdPolicy. To share a secret among all ThresholdPolicy in a hierarchy of Policys use ThresholdTreeSecretSharing.

Constructor Summary

Constructors

Constructor and Description
ShamirSecretSharing(ThresholdPolicy policy, org.cryptimeleon.math.structures.rings.zn.Zp field) Create a new ShamirSecretSharing instance

Method Summary

Modifier and Type	Method and Description
boolean	checkShareConsistency(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret, java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> shares) Outputs true if the given (full) set of shares is consistent with the given secret, meaning that all qualified subsets of the shares will recreate the given secret.
java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement>	completeShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret, java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> partialShares) Takes a partial set of shares and completes it to a full set of shares for the given secret.
boolean	equals(java.lang.Object o)
org.cryptimeleon.math.structures.rings.zn.Zp	getSharedRing() Returns the ring over which the secret is being shared.
java.util.Map<java.lang.Integer,Policy>	getShareReceiverMap() Returns the map that assigns each index i of a share \(s_i\) to its share receiver.
java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement>	getShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret) Randomly generates shares \(s_i\) for the given secret.
java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement>	getSolvingVector(java.util.Set<? extends Policy> setOfShareReceivers) Instructs how to reconstruct a shared secret using the shares of a given set of share receivers setOfShareReceivers.
int	hashCode()
boolean	isQualified(java.util.Set<? extends Policy> setOfShareReceivers) Checks whether or not the given set of share receivers will be able to recreate the secret by pooling their shares \(\{s_i \; | \; \text{getShareReceiver}(i) \in \text{setOfShareReceivers}\}\).

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.cryptimeleon.craco.secretsharing.LinearSecretSharing

getShareReceiver, getSharesOfReceiver, getSharesOfReceivers, isQualified, reconstruct

Constructor Detail

ShamirSecretSharing

public ShamirSecretSharing(ThresholdPolicy policy,
                           org.cryptimeleon.math.structures.rings.zn.Zp field)

Create a new ShamirSecretSharing instance

Parameters:

policy - ThresholdPolicy among which children a secret shall be shared

field - Zp over which the secret shall be shared

Method Detail

getShares

public java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> getShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret)
                                                                                                  throws WrongAccessStructureException

Description copied from interface: LinearSecretSharing

Randomly generates shares \(s_i\) for the given secret. Use getShareReceiver(i) to determine which share belongs to which share receiver.

Specified by:

getShares in interface LinearSecretSharing<Policy>

Returns:

a vector of shares \(s_i\) (as a map mapping index i to share \(s_i\)).

Throws:

WrongAccessStructureException

getSolvingVector

public java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> getSolvingVector(java.util.Set<? extends Policy> setOfShareReceivers)
                                                                                                         throws NoSatisfyingSet,
                                                                                                                WrongAccessStructureException

Description copied from interface: LinearSecretSharing

Instructs how to reconstruct a shared secret using the shares of a given set of share receivers setOfShareReceivers. More specifically, computes a vector of coefficients \(a_i\) such that \(\sum a_i \cdot s_i = \text{secret}\) for the \(s_i\) output by getShares(secret). Only shares \(s_i\) with getShareReceiver(i) contained in setOfShareReceivers appear in this sum (one can imagine that all other \(a_i\) are 0).

Specified by:

getSolvingVector in interface LinearSecretSharing<Policy>

Parameters:

setOfShareReceivers - the set of share receivers to calculate the solving vector for

Returns:

a vector of coefficients \(a_i\) (as a map index i to coefficient \(a_i\)). Contains only i where getShareReceiver(i) is contained in setOfShareReceivers.

Throws:

NoSatisfyingSet - if the given set of share receivers cannot reconstruct the secret, i.e. isQualified(setOfShareReceivers) == false

WrongAccessStructureException

getShareReceiverMap

public java.util.Map<java.lang.Integer,Policy> getShareReceiverMap()

Description copied from interface: LinearSecretSharing

Returns the map that assigns each index i of a share \(s_i\) to its share receiver.

Specified by:

getShareReceiverMap in interface LinearSecretSharing<Policy>

isQualified

public boolean isQualified(java.util.Set<? extends Policy> setOfShareReceivers)
                    throws WrongAccessStructureException

Description copied from interface: LinearSecretSharing

Checks whether or not the given set of share receivers will be able to recreate the secret by pooling their shares \(\{s_i \; | \; \text{getShareReceiver}(i) \in \text{setOfShareReceivers}\}\).

Specified by:

isQualified in interface LinearSecretSharing<Policy>

Parameters:

setOfShareReceivers - the set of share receivers to check

Returns:

true if the shares of the given share receivers suffice to recreate a shared secret

Throws:

WrongAccessStructureException

getSharedRing

public org.cryptimeleon.math.structures.rings.zn.Zp getSharedRing()

Description copied from interface: LinearSecretSharing

Returns the ring over which the secret is being shared.

Specified by:

getSharedRing in interface LinearSecretSharing<Policy>

completeShares

public java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> completeShares(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret,
                                                                                                              java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> partialShares)

Description copied from interface: LinearSecretSharing

Takes a partial set of shares and completes it to a full set of shares for the given secret. In case of isQualified(S) == true this method will simply recreate the full set of shares.

The contract is that the two S in the following are distributed identically:

• \(S = \text{getShares}(s)\)
• \(S = \text{completeShares}(s, \{s_i' \; | \; i \in \text{getSharesOfReceivers(X)}\})\) with \(\{s_i'\} = \text{getShares}(s')\) and a subset \(X\) of share receivers.

(that property is called semi-smoothness)

Specified by:

completeShares in interface LinearSecretSharing<Policy>

Parameters:

secret - the desired secret for the completed shares

partialShares - the set of partial shares \(\{s_i \; | \; i \in \text{getSharesOfReceivers}(X)\}\)

Returns:

a complete set of shares distributed like getShares(secret) (if the given partial shares are distributed as in getShares())

checkShareConsistency

public boolean checkShareConsistency(org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement secret,
                                     java.util.Map<java.lang.Integer,org.cryptimeleon.math.structures.rings.zn.Zp.ZpElement> shares)

Description copied from interface: LinearSecretSharing

Outputs true if the given (full) set of shares is consistent with the given secret, meaning that all qualified subsets of the shares will recreate the given secret.

Specified by:

checkShareConsistency in interface LinearSecretSharing<Policy>

equals

public boolean equals(java.lang.Object o)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object