Shamir secret sharing and information theoretic security
Jonathan Katz
jkatz at cs.umd.edu
Mon Feb 23 15:47:33 EST 2009
On Feb 23, 2009, at 1:05 PM, sbg at acw.com wrote:
>
> Is it possible that the amount of information that the knowledge of a
> sub-threshold number of Shamir fragments leaks in finite precision setting
> depends on the finite precision implementation?
>
> For example, if you know 2 of a 3 of 5 splitting and you also know that
> the finite precision setting in which the fragments will be used is IEEE
> 32-bit floating point or GNU bignum can you narrow down the search for the
> key relative to knowing no fragments and nothing about the finite
> precision implementation?
I'm not sure what is the motivation for all this. Shamir's scheme is
supposed to be done over a finite field (or else, as was previously
pointed out, there are issues with sampling a uniform element of the
field). Since we have fields of size 2^k for all k, any bit-string can be
encoded nicely in a finite field of appropriate size. (And very long
strings can be broken into shorter chunks, each chunk being shared on its
own.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list