Universal Construction of Cheater-Identifiable Secret Sharing Against Rushing Cheaters Based on Message Authentication

Abstract: For conventional secret sharing, if cheaters can submit possibly forged shares after observing shares of the honest users in the reconstruction phase then they cannot only disturb the protocol but also only they may reconstruct the true secret. To overcome the problem, secret sharing scheme with properties of cheater-identification have been proposed. Existing protocols for cheater-identifiable secret sharing assumed non-rushing cheaters or honest majority. In this paper, we remove both conditions simultaneously, and give its universal construction from any secret sharing scheme. To resolve this end, we propose the concepts of "individual identification" and "agreed identification".