Rational Fair Secret Sharing Scheme

With the development of communication technologies, the advanced technologies like cloud computing and IoT (Internet of Things) are emerging, which bring convenience and become part of our daily life. Unfortunately, when enjoying the convenient life, the users' privacy may disclose because they need to provide some individual sensitive data. To protect the users' privacy effectively, the cryptography participating in multi-user has attracted more attention, especially secret sharing. Secret sharing is one of the most common and classical distributed cryptographic schemes, which allows the certain number of users can obtain the secret together, but any subset of users of size less than the prescribed number cannot obtain the secret even they collude with others. In traditional secret sharing, the users are regarded as either honest or malicious. Honest users follow the prescribed scheme faithfully, whereas malicious users behave in arbitrary manners. However, in real applications, the users are selfish and always try to maximize their profits, which coincides with the selfish characteristic of rational users in game theory. Under this circumstance, rational secret sharing is proposed by introducing selfish users into traditional secret sharing, which assumes that the users prefer to obtain the secret above all else, otherwise prefer the fewest number of other users to obtain the secret. The purpose is to realize the fair secret reconstruction in real applications. Unfortunately, when directly adopting the existing rational secret sharing schemes, some unfair solutions arise, which lead that some of the users reconstruct the secret but not send the shares, whereas the others cannot obtain the secret after sending the shares. More seriously, some of the users can cheat the other users into viewing a fake secret as the real. The crucial reason is that, the users' selfish behaviors are not considered completely in the existing fairness definition of rational secret sharing, and the existing schemes are devised under the guidance of this fairness definition. To address this problem, this paper formalizes rational fairness of secret sharing by combining it with the minimum access structure, and demonstrates that the proposed definition allows the users to reconstruct the real secret only when both of them send the shares honestly. Furthermore, to show that the proposed fairness definition is meaningful, an incentive obfuscation mechanism is devised and an advanced rational secret sharing scheme is presented. In the proposal, a great quantity of fake shares are generated for rational users to make them not able to identify the real one, and the users are punished by not receiving any shares in the future when they do not send the shares honestly. In this way, none of users deviates from the scheme prescribed, thereby realizing the fair secret reconstruction. Through the comparisons of the existing schemes in applicable scenarios, reconstruction rounds, requirements on trust users, computation of rational users' payments, and other complicated cryptographic tools, the advantages of our scheme are analyzed to illustrate the usability. Additionally, the extensive experiments illustrate that the computation overhead and communication cost of the presented scheme are limited, indicating that our scheme can realize the fair secret reconstruction efficiently. © 2020, Science Press. All right reserved.