Document Type

Journal Article


In a (t,n) secret sharing scheme, a dealer splits a secret into n shares and sends a share to each of n participants. If necessary, any t members can provide their secret shares together and recover the secret by using a publicly specified algorithm. Multisecret sharing schemes allow a dealer to share multiple secrets among a group of participants securely and efficiently. In recent, Shi proposed an efficient multisecret sharing authenticating scheme. In his scheme, not only the shares held by the participants are reusable, but also the shares distributed by the dealer and the shadow shares provided by the participants are verifiable. This paper analyzes the security of Shi’s scheme. It first points out a design error in his scheme, and then demonstrates an attack to show that both of his share-authenticating and shadow-key-authenticating methods are insecure. Specifically, using the attacks, a dishonest dealer can distribute false shares to participants, and malicious participants can easily forge false shadow shares such that the authenticating equality is satisfied. The result is that honest participants will be cheated and misled to believe that the recovered secret is correct. In addition, improvements are provided to avoid the identified design error and attacks.