高岩, 黄成杭, 梁佐泉,等.基于SM2与SM4签密的可验证秘密共享方案[J].河南理工大学学报（自然科学版）,2022,41(5):146-152.

GAO Y, HUANG C H, LIANG Z Q, et al.Verifiable secret sharing scheme based on SM2 and SM4 signcryption[J].Journal of Henan Polytechnic University(Natural Science) ,2022,41(5):146-152.

基于SM2与SM4签密的可验证秘密共享方案

高岩1, 黄成杭1, 梁佐泉2, 冯四风2

1.河南理工大学 计算机科学与技术学院，河南 焦作  454000；2.普华诚信信息技术有限公司，上海  201499

摘要:经典的Shamir秘密共享方案，部分参与者提供无效的子秘密导致秘密重构失败，为此，设计一种基于SM2与SM4签密的可验证秘密共享方案。分发者将秘密拆分为n个子秘密，然后使用SM2与SM4签密方案对子秘密进行签密，生成的n个签密数据依次分发给n个参与者；当需要恢复原始秘密时，任意t个参与者参与秘密重构可以恢复原始秘密，重构前先对参与者的签密数据进行解签密，验证失败则拒绝重构；解密得到的t个子秘密可以重构恢复原始秘密。方案可以根据实际需要动态设置门限值t和参与者n的取值。仿真实验验证了方案的正确性、安全性和不可伪造性。

关键词:Shamir秘密共享;SM2与SM4签密;可验证性;秘密重构

doi:10.16186/j.cnki.1673-9787.2021090040

基金项目:国家重点研发计划项目（2017YFB08002103）

收稿日期:2021/09/11

修回日期:2021/10/28

出版日期:2022/09/25

Verifiable secret sharing scheme based on SM2 and SM4 signcryption

GAO Yan1, HUANG Chenghang1, LIANG Zuoquan2, FENG Sifeng2

1.College of Computer Science and Technology，Henan Polytechnic University，Jiaozuo  454000，Henan，China；2.Puhua Trust Information Technology Limited Company，Shanghai  201499，China

Abstract:In classic Shamir-（t，n）secret sharing scheme，some participants provided invalid sub-secrets，which led to the failure of secret reconstruction and security risks.Therefore，a verifiable secret sharing scheme based on SM2 and SM4 signcryption was designed in this paper.The distributor divided the secret into n sub-secrets，then SM2 and SM4 signcryption schemes were used to signcrypt the sub-secrets.The generated n signcryption data were distributed to n participants successively.When the original secret was needed to be restored，any t participants participated in secret reconstruction could recover the original secret，but before reconstruction，the signcryption data of participants should be decrypted and verified，if the validation failed，the scheme would reject the reconstruction.The decrypted t sub-secrets could be reconstructed to recover the original secret.The scheme could dynamically set the threshold value t and the value of participant n according to the actual needs.The correctness，security and unforgeability of the scheme were proved by simulation experiments.

Key words:Shamir secret sharing;SM2 and SM4 signcryption;verifiability;secret reconstruction

 018_2021090040_高岩_H.pdf