I have to implement a method seen in an article, and I'm stuck with some mathematical development. The article is on iEEE Xplore, so I'll try to be as specific as I can.
It's about pairing-based cryptography, and the global idea is to
- Create a MasterKey
- Build $n$ shares of this MasterKey
- Reconstruct the MasterKey based on at least $t$ shared received ($t<n$)
Of course these 3 steps are done on differents systems (clients/trusted parties/server), but the goal is to discuss the mathematical concepts.
To achieve this, the author of the paper uses modular arithmetic. Here are the operations done at each step :
Create MasterKey
for $0\leq i<t$ choose $r_i\in _R\mathbb{Z}_q$
set MasterKey $MK = r_0$
Build the shares
- Compute $n$ shares $s_i =R(i) \in \mathbb{Z}_q$, with
$$R(x) = r_0 + r_1 x + r_2 x^2 + \dots + r_{t-1} x^{t-1}~(\bmod~ q)\qquad (1)$$
Re-build the Masterkey
- Compute $ MK = \sum_{i=1}^t \lambda_{0, j}~s_i = s$ with $$ \lambda_{x, j}= \prod_{\substack{i\neq i\\j=1}}^t \frac{x-i}{j-i}~(\bmod~ q) \qquad (2)$$
The problem is at this step. I've tried to develop the reconstruction of the masterKey (with a small $t$ and $n$), but I haven't found anything.
TL;DR
Given $(1)$ and $(2)$; how can we prove that $$\sum_{i=1}^t \lambda_{0, j}~s_i = s = r_0 \qquad (3) $$
Could someone help me develop the construction operations ? I tried using this in $(2)$ but I didn't go realy far...
