Author: Gregory Maxwell 2018-01-18 14:34:24
Published on: 2018-01-18T14:34:24+00:00
In an email correspondence, a proposal for dividing a secret into bytes and using SSS for every byte separately was discussed. However, this scheme is weaker as it only requires the nth bytes from k shares to reconstruct the nth byte. This makes it insecure against partial share leakage. For example, in a 2-of-3 share, if someone had the first half of shares 1 and 2, and the second half of shares 2 and 3, with the current proposal, the secret would be directly revealed despite not having any single complete share. To address this concern, it was recommended that individual shares should be passed through a large block unkeyed cryptographic permutation after sharing and before encoding for transmission. This transformation would prevent attacks resulting from leaks of partial share information.
Updated on: 2023-05-20T04:38:28.068574+00:00