A Construction of Evolving $k$-threshold Secret Sharing Scheme over A Polynomial Ring
Qi Cheng, Hongru Cao, Sian-Jheng Lin, Nenghai Yu
TL;DR
This work introduces algebraic evolving $k$-threshold secret sharing schemes built on prefix codes and polynomial rings, enabling dynamic participant sets without fixing $n$ in advance. By generalizing Shamir's scheme to $F_p[x]$ and leveraging codeword lengths to bound share sizes, the authors derive tight, provable correctness and perfect security for both $k=2$ and $k\ge 3$, with explicit share-size formulas depending on the chosen prefix code (notably $\delta$-codes). The constructions establish a concrete link between prefix coding and evolving secret sharing for arbitrary $k$, improve prior share-size bounds, and provide unified decryption for evolving $2$-threshold schemes. The results offer practical, algebraic tools for secure, scalable threshold cryptography in settings with uncertain or growing participant pools.
Abstract
The threshold secret sharing scheme allows the dealer to distribute the share to every participant such that the secret is correctly recovered from a certain amount of shares. The traditional $(k, n)$-threshold secret sharing scheme requests that the number of participants $n$ is known in advance. In contrast, the evolving secret sharing scheme allows that $n$ can be uncertain and even ever-growing. In this paper, we consider the evolving secret sharing scenario. Using the prefix codes and the properties of the polynomial ring, we propose a brand-new construction of evolving $k$-threshold secret sharing scheme for an $\ell$-bit secret over a polynomial ring, with correctness and perfect security. The proposed schemes establish the connection between prefix codes and the evolving schemes for $k\geq2$, and are also first evolving $k$-threshold secret sharing schemes by generalizing Shamir's scheme onto a polynomial ring. Specifically, the proposal also provides an unified mathematical decryption for prior evolving $2$-threshold secret sharing schemes. Besides, the analysis of the proposed schemes show that the size of the $t$-th share is $(k-1)(\ell_t-1)+\ell$ bits, where $\ell_t$ denotes the length of a binary prefix code of encoding integer $t$. In particular, when $δ$ code is chosen as the prefix code, the share size achieves $(k-1)\lfloor\lg t\rfloor+2(k-1)\lfloor\lg ({\lfloor\lg t\rfloor+1}) \rfloor+\ell$, which improves the prior best result $(k-1)\lg t+6k^4\ell\lg{\lg t}\cdot\lg{\lg {\lg t}}+ 7k^4\ell\lg k$, where $\lg$ denotes the binary logarithm. When $k=2$, the proposed scheme also achieves the minimal share size for single-bit secret, which is the same as the best known scheme.