Verifiable Secret Sharing Scheme Based on the Plane Parametric Curve

Verifiable secret sharing is a special kind of secret sharing. In this paper, A secure and efficient threshold secret sharing scheme is proposed by using the plane parametric curve on the basis of the principle of secret sharing. And the performance of this threshold scheme is analyzed. The results reveal that the threshold scheme has its own advantage of one-parameter representation for a master key, and it is a perfect ideal secret sharing scheme. It can easily detect cheaters by single operation in the participants so that the probability of valid cheating is less than 1/p (where p is a large prime).


Introduction
In the field of information security, as an important means of key management, the basic principle of secret sharing is to split the master key into many subkeys, and then distribute these subkeys to all members of the set { } 1 2 , , , n P P P P =  composed of a limited number of participants. After some members of the authorization set show their subkeys, they can reconstruct the original master key through a series of calculations. But other members of the unauthorized set cannot recover the master key. Therefore, in essence, secret sharing is an operation process for the distribution, preservation and recovery of secret keys. Using the secure sharing scheme in the secret system can not only reduce the burden of the key holder due to the loss and damage of the system key, but also reduce the success rate of the adversary's malicious attack on the key.
The earliest secret sharing is ( ) , r n -threshold secret sharing, which was pro-posed by Shamir [1] and Blakley [2] respectively in 1979. Their ( ) , r n -threshold secret sharing schemes are based on the ( ) , r n -threshold access structure on the authorization set composed of at least r members. The difference is the ( ) , r nthreshold scheme of Shamir is realized by constructing a polynomial function over a finite field, and distributing each numerical point coordinate on the function curve as a subkey to the members of each authorization set, and taking the constant term of the polynomial as the master key; The ( ) , r n -threshold scheme of Blakley is realized by constructing n common hyperplanes in multidimensional space, the coordinates of each hyperplane are regarded as a subkey and distributed to the members of each authorization set, and the coordinates of the common intersection of these hyperplanes are regarded as the master key. The results show that the Shamir scheme with the algebraic method is a complete and ideal scheme, while the Blakley scheme with geometric method is a complete and nonideal scheme. Therefore, the information rate of the Blakley scheme is lower than that of the Shamir scheme, but it has the advantage that any subkey vector that can determine the master key point is linearly independent of each other, so it is difficult to guess. In addition to the number method proposed by Shamir and the shape method proposed by Blakley, the methods of constructing ( ) , r n -threshold secret sharing scheme are followed by the method of Asmuth-Bloom [3] based on Chinese remainder theorem, the method of Karnin-Green-Hellman [4] based on matrix multiplication, and the design ideas of the abovementioned threshold schemes are improved according to different application requirements, and a variety of variants of threshold schemes are proposed [5] [6] [7] [8].
The efficiency of a secret sharing scheme depends on its information rate. It is often said that the information rate of the secret sharing scheme is the ratio of the information amount of the master key to the information amount of the subkeys owned by the participating members. When the amount of information of the master key is a fixed value, from the standpoint of the dealer in charge of the master key, the less the amount of information given to the participating members, the better the security of the secret sharing scheme can be maintained.
From the perspective of participants, it is easier to keep the subkey with less information than that with more information. Therefore, a good secret sharing scheme can reduce the amount of subkey information as much as possible. It can be seen that a high information rate is the pursuit of cryptographers. The higher the information rate of the secret sharing scheme, the smaller the degree of data diffusion is. Therefore, people hope to build a secret sharing scheme with the highest information rate. When the information rate reaches the value 1, the corresponding secret sharing scheme will become an ideal secret sharing scheme.
As a technical means, the secret sharing scheme based on a certain mathematical thinking method mentioned above can only solve the most basic problems in key management, but in the actual application environment, it cannot judge whether there is cheating behavior, and it is difficult to prevent some members B. Li of the secret sharing scheme from cheating by using a fake subkey to participate in the construction of the master key. Whether it is the cheating of a single member or the collusion of multiple members, it will cause other honest members to get the wrong master key, which will bring great threat and damage to the secret sharing scheme. Therefore, in order to solve the problem of cheating, people need to study how to set up the anti-cheating function of the secret sharing scheme.
As early as 1981, McEliece and Sarwate [9] designed a threshold secret sharing scheme to prevent cheating by using error-correcting code theory. This scheme enables 2 r e + members with at most e cheaters to correctly construct the master key. If some parameter conditions are given, then the cheating prevention secret sharing scheme can detect the cheating behavior with high probability [10] [11] [12] [13]. If the cheater has supercomputing power, but the probability of success is not more than a small fixed percentage, so we can say that the secret sharing scheme is unconditionally secure in preventing deception [14]. At present, for the existing secret sharing schemes which can detect deception, when a member reconstructs and recovers the master key, it is generally necessary to use some mathematical verification formula to test the subkeys provided by all members one by one. In this way, we can find out which members are cheaters, but when all members are honest, the cost of the verification process is not reduced, which leads to unnecessary waste of resources. This paper proposes a verifiable secret sharing scheme based on the plane parameter curve. It only needs to put the subkeys provided by each member together and check once to determine whether there are cheaters in these members. If it exists, it will terminate the reconstruction immediately, otherwise, it will continue, which greatly improves the efficiency of the secret sharing scheme.

Design of the Secret Sharing Scheme
Let F p be a finite field of p elements and p be a large prime number, let: The parametric curve Γ on affine plane A 2 (F p ) is introduced: : , where f(t) and g(t) are polynomials on F p .
The parametric curve Γ satisfies the following additional conditions: 2) For any 1 2 , , . , , , n P P P P =  be the set of n participating members.
Firstly, the dealer D secretly chooses the master key p k F ∈ , decomposes k into r different numbers 1 2 , , , r k k k  on p F * , that is, , and then constructs the homogeneous formula: The system of equations is a linear system of equations consisting of r equations with r variables ( ) has a set of nonnegative integer solutions ( ) Proof. Mathematical induction is used for r.
When r = 2 we choose ( ) ( )( ) where ( ) 1 2 gcd , 1 a a = , all solutions of Equation (3) can be expressed as: ′ ′ are a group of special solutions of Equation (3), and u is any integer.
Obviously, u can be taken so that a a a a a a φ > = − − , the following is true: a u a N b a u a a a a a a a a that is: Therefore, for the above u, there is: So when Let's suppose that the lemma holds for r − 1 elements. It is proved that the lemma holds for r elements. That is, when ( ) ( ) ( ) has a set of nonnegative integer solution 1 2 0, 0, , 0 Dealer D selects a primitive root g of module p calculates:

Performance Analysis of the Secret Sharing Scheme
Theorem 2. The ( ) , r n -threshold scheme is a complete and ideal secret sharing scheme.
Proof. If any r members 1 2 , , , r i i i P P P  take out their respective subkeys together, then we can build linear Equations (1). Obviously, there are r variables in this system of equations.
According to the corresponding relationship of each subkey, it is necessary for r members to join together to construct a linear system of equations containing r equations, so as to obtain the unique solution containing the master key and this solution also satisfies the equation generated by the subkeys held by other members. Therefore, at least members must be together to recover the shared master key k and less than r members cannot find the unique solution of the linear equations, so no information of the master key k can be obtained. In conclusion, the ( ) , r n -threshold scheme is a complete secret sharing scheme. Let S = F p , master key k S ∈ , since each participant has only one subkey of secret value, and all values are in S, we can calculate the information rate [15]:  Proof. Suppose r members We plan to study the next research topic. We will study the construction of a higher standard secret sharing scheme based on the parametric elliptic curve equation [16] [17] to further strengthen the security and effectiveness of secret sharing.

Conflicts of Interest
The author declares no conflicts of interest regarding the publication of this paper.