Abstract
We present a method for converting shares of a secret into shares of the same secret in a different secret-sharing scheme using only local computation and no communication between players. In particular, shares in a replicated scheme based on a CNF representation of the access structure can be converted into shares from any linear scheme for the same structure. We show how this can be combined with any pseudorandom function to create, from initially distributed randomness, any number of Shamir secret-sharings of (pseudo)random values without communication. We apply this technique to obtain efficient non-interactive protocols for secure computation of low-degree polynomials, which in turn give rise to other applications in secure computation and threshold cryptography. For instance, we can make the Cramer-Shoup threshold cryptosystem by Canetti and Goldwasser fully non-interactive, or construct non-interactive threshold signature schemes secure without random oracles. The latter solutions are practical only for a relatively small number of players. However, in our main applications the number of players is typically small, and furthermore it can be argued that no solution that makes a black-box use of a pseudorandom function can be more efficient.
| Original language | English |
|---|---|
| Pages (from-to) | 342-362 |
| Number of pages | 21 |
| Journal | Lecture Notes in Computer Science |
| Volume | 3378 |
| DOIs | |
| State | Published - 2005 |
| Event | Second Theory of Cryptography Conference, TCC 2005 - Cambridge, MA, United States Duration: 10 Feb 2005 → 12 Feb 2005 |
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science