I am interested to know if there is a solution to the following scenario: Assuming we have $n$ party members, is there a scheme that at the end of it, every party member $i$, holds a shamir's threshold share, $S_i$, of the secret $a$ where $k$ of $n$ can reconstruct $a$ using the shamir's threshold reconstruction and none of them individually knows the secret itself.
Asked
Active
Viewed 103 times
1 Answers
2
You probably want a stronger requirement, that no individual knows more than his share. Off the top of my head I don't know how to do that.
But the question you asked, only requiring no one to know the full secret is easier. K participants each pick a random number to be their share, using secure multi-party-computation they compute n-k shares which they distribute. If n>=2k you compute in groups changing the set of people computing.
This can probably be modified slightly to meet the stronger requirement without using secure multi party computation as a black box.
Meir Maor
- 12,053
- 1
- 24
- 55