Share

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Secret_Share
Class Share

java.lang.Object
  |
  +--Secret_Share.Share

All Implemented Interfaces:: java.io.Serializable

public class Share
extends java.lang.Object
implements java.io.Serializable

This class stores the individual shares of the secret. Primarily it stores the share number, which is also the x value used in the generating functions. The share value is equal to f(x). There is also a commitment value equal to G(x)

They are all individually verifiable via a public version. Each share stores a copy of the public version of all n of the shares. The shares can also be verified via Pedersen's "E Array".

Version .2 added a copy function. It is needed for share recovery.

As of version .3, the share class functions correctly for share recovery.

Version .4 added getSerialized().

Version:: .4
Author:: Brice Daniels
See Also:: Serialized Form

Constructor Summary

Share(int x, java.math.BigInteger s, java.math.BigInteger t, java.math.BigInteger p, java.math.BigInteger q, java.math.BigInteger g, java.math.BigInteger h, java.math.BigInteger[] y, int k)
          Creates a new instance of Share.

Method Summary

void add(Share addedShare, java.math.BigInteger[] commitmentValue)
          This method provides a way to add a subshare to a current share.

Share copy()
          Creates an exact copy of the share.

void corruptShare(int numBits)
          This is not actually a normal function for the share, it creates random values for the secret share and the commitment share.

java.math.BigInteger[] getAllPublicVersion()
          Return an array of length n with all of the public versions for all n share values.

java.math.BigInteger getG()
          Return the g value used by the current share.

java.math.BigInteger getH()
          Return the h value used by the current share.

int getK()
          The minimum number of shares required to recover the original secret.

int getN()
          Returns the number of shares according to this share.

java.math.BigInteger getP()
          The p value used by the current share.

java.math.BigInteger getPublicVersion()
          Returns the public version of this share.

java.math.BigInteger getQ()
          The q value used by the current share.

java.math.BigInteger getSecretCommitment()
          The secret commitment, equal to g(x).

java.math.BigInteger getSecretShare()
          The secret share, equal to f(x).

byte[] getSerialized()
          This method serializes the current object and returns that object in the form of a byte array.

int getShareNumber()
          Returns the share number of the current share.

boolean relativeBasis(Share comparedShare)
          Compares this share with another one.

boolean selfVerify()
          This function compares the current value contained by the share against the publicShareVersion contained by the current share.

boolean verify(java.math.BigInteger[] commitmentValue)
          Verifies the current share based on the commitment values that are passed as arguments to the split function.

boolean verifyShare(Share questionedShare)
          This function verifies a questionable share against the public version stored locally.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

public Share(int x,
             java.math.BigInteger s,
             java.math.BigInteger t,
             java.math.BigInteger p,
             java.math.BigInteger q,
             java.math.BigInteger g,
             java.math.BigInteger h,
             java.math.BigInteger[] y,
             int k)
      throws ShareException

Creates a new instance of Share.

The prime modulus p must have the property that p-1 is divisible by q. Usually p-1 = (2 or 4) * q. P is used for the verifibility scheme while q is used as the sharing modulus.

The group members g and h must be in the sub-group of p generated by q. This is verified by raising g (or h) to the qth power and verifying that it is congruent to 1 mod p. G and h are used in the verifiability scheme.

Parameters:

k - The minimum number of required shares to recover the secret.

x - The share number

s - This share's portion of the secret

t - The confirmation value for this secret share

p - The prime modulus p.

q - The prime modulus q

g - The group member g.

h - The group member h.

y - The public version of all of the secret shares

Throws:

ShareException - Indication of an error during share creation. Specific information may be available in the exception's message.

Method Detail

getShareNumber

public int getShareNumber()

Returns the share number of the current share. The share number is equal to the value used to generate the share in the original polynomial, eg share number 3 would mean that f(3) and g(3) were used to generate this share.

Returns:: The share's share number.

getSecretShare

public java.math.BigInteger getSecretShare()

The secret share, equal to f(x).

Returns:: The secret share as a BigInteger.

getSecretCommitment

public java.math.BigInteger getSecretCommitment()

The secret commitment, equal to g(x).

Returns:: The secret commitment value as a BigInteger.

getPublicVersion

public java.math.BigInteger getPublicVersion()

Returns the public version of this share.

Returns:: A BigInteger equal to g^s*h^t (mod p).

getAllPublicVersion

public java.math.BigInteger[] getAllPublicVersion()

Return an array of length n with all of the public versions for all n share values.

Returns:: A BigInteger array with all of the public versions.

getG

public java.math.BigInteger getG()

Return the g value used by the current share. This function does not return a reference to the value contained by share, just a copy of it.

Returns:: The g value.

getH

public java.math.BigInteger getH()

Return the h value used by the current share. This function does not return a reference to the value contained by share, just a copy of it.

Returns:: The h value.

getP

public java.math.BigInteger getP()

The p value used by the current share. This function does not return a reference to the value contained by share, just a copy of it.

Returns:: The p value.

getQ

public java.math.BigInteger getQ()

The q value used by the current share. This function does not return a reference to the value contained by share, just a copy of it.

Returns:: The q value.

getK

public int getK()

The minimum number of shares required to recover the original secret. This is the same value that was entered when the secret was originally shared.

Returns:: The value k.

getN

public int getN()

Returns the number of shares according to this share. It is based on the publicShareVersion.length.

Returns:: The number of shares.

getSerialized

public byte[] getSerialized()
                     throws java.io.IOException

This method serializes the current object and returns that object in the form of a byte array. This is often very useful for encryption.

Returns:: A byte array containing the serialized version of this object.
Throws:: java.io.IOException - Indicates that an I/O error occured while trying to serialize this class.

add

public void add(Share addedShare,
                java.math.BigInteger[] commitmentValue)
         throws ShareAddException,
                ShareUtilException,
                ShareException

This method provides a way to add a subshare to a current share. The two shares must have the same basis (global values of p, q, g and h) and share number. The addition adds the value of the addedShare.getSecretShare() to the current secret share and addedShare.getSecretCommitment() to the secret commitment share.

Since adding two shares would cause the current share to be invalid against the public versions held by this share and all of the other shares from the splitting. Therefore, the commitment values that were generated along with the sub share are added into the public version held by this share for all shares. It is therefore necessary to make sure that all shares add the same set of sub-shares so that they all end up with the same public versions in the end.

Parameters:: commitmentValue - A BigInteger array of length k that was created by the split function used to create the subshare.; addedShare - The specific share to add to this share
Throws:: ShareException - Indicates invalid commitment value length in the addedShare; ShareUtilException - Indicates an error occurred with the share utilities called by this method.; ShareAddException - Indicates an error with the arguments to the add function.

relativeBasis

public boolean relativeBasis(Share comparedShare)

Compares this share with another one. This is necessary to make sure that two shares came from the same splitting or one of them was part of share recovery or share renewal.

The two shares have a relative basis if they have the same p, q, g and h values.

Parameters:: comparedShare - The share you are comparing.
Returns:: True if and only if the current share and compareShare have the same public values.

selfVerify

public boolean selfVerify()
                   throws ShareUtilException

This function compares the current value contained by the share against the publicShareVersion contained by the current share.

Returns:: true if the values stored in this share are equivalent to the public version contained within this share.
Throws:: ShareUtilException - Indicates an error in calculating the public version.

verify

public boolean verify(java.math.BigInteger[] commitmentValue)
               throws ShareUtilException,
                      ShareException

Verifies the current share based on the commitment values that are passed as arguments to the split function. The key use of this function is to verify that the "dealer" of the shares sent shares generated by the functions f and g.

The commitment values should be the E array used by Pedersen in his VSS protocol. Essentially, value i in the array should be: g^a[i]*h^b[i] mod p where a[*] and b[*] are the coefficients of f(x) and g(x).

Parameters:: commitmentValue - Pedersen's E array
Returns:: True if the share is consistent with the submitted E array.
Throws:: ShareUtilException - Indicates an error in verifying the share.; ShareException - Indicates that the commitmentValue array is the wrong length

verifyShare

public boolean verifyShare(Share questionedShare)
                    throws ShareException,
                           ShareUtilException

This function verifies a questionable share against the public version stored locally. This function is primarily used by ShareUtil.recover.

Parameters:: questionedShare - The share you are trying to verify against the public version held within this share.
Returns:: true if the questioned
Throws:: ShareException - Indication of an error with the argument.; ShareUtilException - Indication of an error attempting to calculate the public version of the questionedShare.

copy

public Share copy()
           throws ShareException

Creates an exact copy of the share.

Returns:: A copy of the Share.
Throws:: ShareException - Indication of an error during share creation. Specific information may be available in the exception's message.

corruptShare

public void corruptShare(int numBits)

This is not actually a normal function for the share, it creates random values for the secret share and the commitment share.

Parameters:: numBits - The number of bits for the secret share and the secret commitment.