[144276] in cryptography@c2.net mail archive
Re: Shamir secret sharing and information theoretic security
daemon@ATHENA.MIT.EDU (Jonathan Katz)
Mon Feb 23 16:23:57 2009
Date: Mon, 23 Feb 2009 15:47:33 -0500 (EST)
From: Jonathan Katz <jkatz@cs.umd.edu>
To: Jerry Leichter <leichter@lrw.com>
cc: sbg@acw.com, "R.A. Hettinga" <rah@shipwright.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <0CFC504B-2F09-4AAA-BA80-6BDFA62F880E@lrw.com>
On Feb 23, 2009, at 1:05 PM, sbg@acw.com wrote:
>
> Is it possible that the amount of information that the knowledge of a
> sub-threshold number of Shamir fragments leaks in finite precision setting
> depends on the finite precision implementation?
>
> For example, if you know 2 of a 3 of 5 splitting and you also know that
> the finite precision setting in which the fragments will be used is IEEE
> 32-bit floating point or GNU bignum can you narrow down the search for the
> key relative to knowing no fragments and nothing about the finite
> precision implementation?
I'm not sure what is the motivation for all this. Shamir's scheme is
supposed to be done over a finite field (or else, as was previously
pointed out, there are issues with sampling a uniform element of the
field). Since we have fields of size 2^k for all k, any bit-string can be
encoded nicely in a finite field of appropriate size. (And very long
strings can be broken into shorter chunks, each chunk being shared on its
own.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
