Consider a protocol $\pi$ which uses a linear secret sharing scheme like that of Shamir secret sharing. Further assume that the protocol $\pi$ has been proven to be secure (correctness and privacy) under the semi-honest adversarial model. If we replace the secret sharing scheme with a verifiable secret sharing scheme, will the protocol $\pi$ then be secure even under the malicious adversarial model? That is, can we say that the robustness of $\pi$ is implicit? If yes, please provide a reference. If no, please help me understand as to in which cases will the above not be true.
Asked
Active
Viewed 138 times
1
-
2Not necessarily (though it certainly can be). No. This is a "just do it" construction, like these two. – Apr 24 '16 at 13:17
-
@RickyDemer Why didn't you post this as an answer? – Daisetsu Apr 25 '16 at 06:41