Non-interactive Publicly Verifiable Secret Sharing And Its Application

Secret sharing scheme and its many variations form an important primitive in cryptography. It can apply to the storage and reconstruction of the important and sensitive information. When design some protocols, such as key management protocol, threshold or distribute signature protocol, it is used as a basic instrument. But even in non-interactive verifiable secret sharing scheme, participants can only verify the validity of their own shares, and don't know whether the shares of other participants are valid. An applied protocol used for verifiable protocol should not only for the participants but also for anybody, which can verify the validity of the shares distributed and can verify each other. In publicly verifiable secret sharing (PVSS), it is an explicit goal that not just the participants can verify their own shares, but that anybody can verify that the participants received correct own shares. Hence, it is made more and more extensive research. So, the research and application of the publicly verifiable secret sharing in cryptology and security communication have both significant theoretic and practical values.This paper utilizes the intractable problems of discrete logarithm in elliptic curve. We construct a non-interactive publicly verifiable protocol, and design the non-interactive publicly verifiable secret sharing scheme (PVSS), then propose a non-interactive multi-party PVSS and a distribute PVSS protocol. In our new schemes, we will require that the participants and dealers not only release their shares but also that they provide a proof of correctness for each share released. Therefore, anybody can verify the shares of the participants and dealers. For our new schemes, it is natural to accept that the secret is computationally hidden. So, communication over the private channels is not necessary. It can be transmitted over public channels. These schemes can protect against the cheating action. And the problems of renew and reuse are properly treated.We discuss that our schemes may be applicable in practical network. We present several applications of our PVSS schemes in modern network communication. We show how the PVSS variants for these schemes can be obtained easily. The overview is as follows:In chapter II we describe some basic concepts. In section I, we introduce the concepts of secret sharing scheme and verifiable secret sharing systems, and some well-known arithmetic. In section II, some concepts of elliptic curves and an encryption will be presented.In chapter III, we based on the intractable problem of discrete logarithm in elliptic curve, propose a PVSS secret sharing scheme. Then propose non-interactive general PVSS schemes, multi-party PVSS schemes and complete distribute PVSS schemes. All participants can release their shares and everybody is able to verify that the shares have been correctly distributed. These schemes can protect against the cheating action. And the problems of renew and reuse are properly treated.In chapter IV signature schemes are suggested base on chapter III. We propose a PVSS robust (/,n)-threshold DSS signature scheme without a trusted party and a PVSS fully distributed proxy signature scheme. For our new schemes, all participants can verify the validity of their own and the others' shares. In fact anybody can verify the validity of each share. Communication over the private channels is not necessary. It can be transmitted over public channels.In chapter V base on chapter III, we construct a new type of universally verifiable electronic voting scheme based on PVSS. With this scheme, anybody can verify whether vote handed in by voters are valid although we can not know the content of the valid vote. Anybody can also verify the correctness of the tallying, that only if legal votes will be accepted.In chapter VI, we design a fair off-line digital payment system (anonymity-revocable payment systems). This system solves the power-centralized problem of trustees. After initially releasing their public key, trustees will be passive, and does not involve in operation of the payment protocol. They would revoke the customer's anonymity if only they were asked.