[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: Shamir secret sharing and information theoretic security
From:       Jonathan Katz <jkatz () cs ! umd ! edu>
Date:       2009-02-23 20:47:33
Message-ID: Pine.GSO.4.64.0902231545090.28268 () ringding ! cs ! umd ! edu
[Download RAW message or body]

On Feb 23, 2009, at 1:05 PM, sbg@acw.com wrote:
>
> Is it possible that the amount of information that the knowledge of a
> sub-threshold number of Shamir fragments leaks in finite precision setting
> depends on the finite precision implementation?
> 
> For example, if you know 2 of a 3 of 5 splitting and you also know that
> the finite precision setting in which the fragments will be used is IEEE
> 32-bit floating point or GNU bignum can you narrow down the search for the
> key relative to knowing no fragments and nothing about the finite
> precision implementation?

I'm not sure what is the motivation for all this. Shamir's scheme is 
supposed to be done over a finite field (or else, as was previously 
pointed out, there are issues with sampling a uniform element of the 
field). Since we have fields of size 2^k for all k, any bit-string can be 
encoded nicely in a finite field of appropriate size. (And very long 
strings can be broken into shorter chunks, each chunk being shared on its 
own.)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
[prev in list] [next in list] [prev in thread] [next in thread]