Traceable Verifiable Secret Sharing and Applications

• A secret sharing scheme allows a dealer to distribute a secret among multiple parties, requiring a threshold number to reconstruct it while preventing smaller groups from accessing it.
• Traceable Secret Sharing (TSS) was introduced in CRYPTO'21 by Goyal, Song, and Srinivasan to identify parties involved in secret reconstruction, discouraging malicious behavior like selling shares.
• Recently, Boneh, Partap, and Rotem (CRYPTO'24) proposed two more efficient TSS schemes, but these assume valid shares and honest shareholders.
• We introduce Traceable Verifiable Secret Sharing (TVSS), ensuring both traceability and verifiability against malicious dealers or shareholders.
• Our general strategy transforms a Shamir-based, computationally secure Verifiable Secret Sharing (VSS) scheme into an efficient TVSS scheme.
• Using this strategy, we construct two practical TVSS schemes based on well-known VSS schemes by Feldman (SFCS'87) and Pedersen (CRYPTO'91) in an honest-majority setting.
• The proposed TVSS schemes retain public shareholder indexes, improving accountability in threshold protocols like Distributed Key Generation (DKG).
• Compared to original VSS schemes, the new TVSS schemes increase individual share size by only a single field element, making them just two to three times the size of the main secret.
• Inspired by the study on Accountable Threshold Cryptosystems (ATCs) by Boneh, Partap, and Rotem (CRYPTO'24), we introduce an efficient ATC based on the ElGamal cryptosystem.
• This new ATC enables a tracer to uniquely identify parties in the decryption process while adding minimal overhead to actively secure or robust threshold protocols.

Link to the paper