Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Publicly Verifiable Secret Sharing and Its Use in Threshold Cryptography

November 4, 2020


Berry Schoenmakers - Eindhoven University of Technology


Shamir’s threshold scheme provides a simple and elegant solution for threshold secret sharing. Publicly verifiable secret sharing (PVSS) aims at enhancing Shamir’s scheme to let anyone verify that all participants’ shares are consistent with a unique secret. The basic solution is to accompany the public-key encrypted shares for the respective participants with a noninteractive zero-knowledge proof establishing the consistency of the shares. Every qualified set of participants is thus guaranteed to find the same secret when pooling their decrypted shares. Nonqualified sets of participants will gain no information about the secret from their decrypted shares due to the information-theoretic security of Shamir’s threshold scheme. PVSS finds many applications in threshold cryptography. A major advantage of PVSS over the use of public-key threshold cryptosystems is the dynamic choice of participants each time one wishes to distribute shares of a secret, bypassing the need for any complicated protocols for distributed key generation commonly found in threshold cryptosystems.

In this talk we review the basic ideas behind PVSS and look into a range of applications in threshold cryptography. Many applications relate to secure multiparty computation (MPC) one way or another. For instance, PVSS can be used to secret-share input data among the parties running a (verifiable) MPC protocol. But PVSS can also be used to build an MPC protocol to let a number of parties jointly generate values for a randomness beacon (e.g., as in SCRAPE). In a different direction, modern scenarios pertaining to clouds and blockchains often rely on secure, replicated storage of secret values involving loosely related entities, which can be accommodated using PVSS.

Presented at

NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020.

Event Details



Related Topics

Security and Privacy: cryptography

Created May 04, 2021, Updated June 07, 2021