摘要： 针对层次密钥管理问题，提出一个高效的可验证层次秘密共享方案。对参与者集合进行划分，每一部分作为一个隔间。隔间内部的参与者共享次主密钥，整个参与者集合(所有隔间的并集)共享主秘密。每个参与者都只须持有一个较短的秘密份额即可重构长度较大的主秘密。采用双变量单向函数实现可验证性，以防止不诚实参与者的欺诈行为，动态地添加参与者、调整门限值、更新秘密和共享。分析结果表明，该方案用于密钥的层次管理，具有较高的信息率和安全性。

关键词: Shamir 门限秘密共享体制, 双变量单向函数, 可验证性, 多用性, 隔间, 密钥层次管理

Abstract: For hierarchical key management, this paper presents an efficient verifiable secret sharing scheme. It divides the set of participants into multi-partite, each part is called a compartment, where the participants in one compartment can share the secondary secret, and the master secret can be distributed among the whole set of participants. Each participant only holds one short share, which can be used to reconstruct a large master secret. It realizes its verifiable property by using two-variable one-way function, preventing dishonest participants from cheating. It can increase and delete the the participants, change the value of threshold and shares value dynamically. Thus the scheme can be applied to key hierarchy management. Analysis result shows that the scheme has good performance and security.

Key words: Shamir threshold secret sharing scheme, two-variable one-way function, verifiable property, multi-use property, compartment;, key hierarchy management

中图分类号: 

• TP309.7