I am interested to know if there is a solution to the following scenario: Assuming we have $n$ party members, is there a scheme that at the end of it, every party member $i$, holds a shamir's threshold share, $S_i$, of the secret $a$ where $k$ of $n$ can reconstruct $a$ using the shamir's threshold reconstruction and none of them individually knows the secret itself.
Asked
Active
Viewed 95 times
2
-
Yes this is indeed a duplicate IMHO, and the accepted answer there (eventually) states a simple complete solution (superior to the one I suggested). – Meir Maor Jan 28 '18 at 19:30
1 Answers
2
You probably want a stronger requirement, that no individual knows more than his share. Off the top of my head I don't know how to do that.
But the question you asked, only requiring no one to know the full secret is easier. K participants each pick a random number to be their share, using secure multi-party-computation they compute n-k shares which they distribute. If n>=2k you compute in groups changing the set of people computing.
This can probably be modified slightly to meet the stronger requirement without using secure multi party computation as a black box.
Meir Maor
- 11,835
- 1
- 23
- 54