A Novel (𝑡, 𝑛) Secret Sharing Scheme Based upon Euler’s Theorem

. The (𝑡,𝑛) secret sharing scheme is used to protect the privacy of information by distribution. More specifically, a dealer splits a secret into n shares and distributes them privately to n participants, in such a way that any t or more participants can reconstruct the secret, but no group of fewer than t participants who cooperate can determine it. Many schemes in literature are based on the polynomial interpolation or the Chinese remainder theorem. In this paper, we propose a new solution to the system of congruences different from Chinese remainder theorem and propose a new scheme for (𝑡,𝑛) secret sharing; its secret reconstruction is based upon Euler’s theorem. Furthermore, our generalized conclusion allows the dealer to refresh the shared secret without changing the original share of the participants.


Introduction
Secret sharing is used as one of basic cryptographic primitives in computer science including electronic voting [1], distributed cloud computing [2], key management [3], and data hiding [4]. The ( , ) secret sharing (SS) was first introduced by Shamir [5] based on the Lagrange interpolating polynomial and Blakley [6] based on the hyperplane geometry in 1979, independently. In 1983, Mignotte's scheme [7] and Asmuth-Bloom's scheme [8] were proposed based on the Chinese remainder theorem (CRT). A perfect ( , ) secret sharing scheme [5] has two properties: (1) Any or more shares can recover the secret. (2) Any − 1 or fewer shares reveal no information about the secret. The research on secret sharing has become the subject of many researchers; different types of secret sharing scheme have been designed to address different application requirements. For example, verifiable secret sharing [9,10] allows the participants to verify the correctness of their share without leaking the confidentiality of both shares and the secret; weighted secret sharing [11] allows the participants with different privileges by holding the shares with different weights; multi-secret sharing [12] allows more than one secret to be shared. However, the major techniques used can still be categorized in the above three methods.
The CRT is to reconstruct a positive integer from its remainders modulo a series of integer moduli. It is widely used in the calculation of large integers, because it allows replacing a calculation for which one knows a bound on the size of the result by several similar computations on small integers. The CRT has many applications in various areas, like secret sharing [3,4], the RSA decryption algorithm [13], the discrete logarithm algorithm [14], and the radio interferometric positioning system [15], etc.
The main contributions of our paper are summarized as follows: (a) Using Euler's theorem to present a new method of the solution to the system of congruence (d) Proposing a refreshable secret sharing scheme to implement the secret refresh mechanism with the same shares.
Based on the equivalence between the conclusion of this paper and the CRT, our method is sufficient to be directly applied with the CRT-based scheme to achieve the same goal.
The rest of this paper is organized as follows. In Section 2, we describe some preliminaries on number theory and prove that the system of congruence has another solution form which is different from the CRT. In Section 3, we review the Asmuth-Bloom's scheme. In Section 4, we propose the secret sharing scheme based upon Euler's theorem. In Section 5, the security and performance analysis are given. In Section 6, we generalize the conclusion in Section 2 and propose a refreshable secret sharing scheme. In Section 7, we conclude the paper.

New Solution to the Congruence System
In this section, we describe the CRT and Euler's theorem firstly. Then we present another method to give the unique solution of the congruent system, by utilizing the properties of them.
The Chinese remainder theorem states that if the remainders of the Euclidean division of an integer by several integers are known, then the remainder of the division of this integer by the product of these integers can be uniquely determined, under the condition that the divisors are pairwise coprime.
Euler's theorem is a generalization of Fermat's little theorem and is further generalized by Carmichael's theorem [17].
Lemma 2 (Euler's theorem [17]). If and are coprime positive integers, then where ( ) called Euler's phi function is the number of positive integers less than and relatively prime to .
An efficient way to calculate Euler's phi function ( ) is the following Euler product formula [17]: where the product is over the distinct prime numbers dividing . Now, we give another method of solving the systems of congruence and prove its correctness.
are pairwise relatively prime positive integers, and On the other hand, if ̸ = , because | , we have Then Since this is true for all , 1 ≤ ≤ , is a solution to the system of congruences.

Review of Asmuth-Bloom's Secret Sharing
In 1983, Asmuth and Bloom [8] proposed a novel ( , ) SS, in which the shares are the congruence classes of the secret and the corresponding modulus is broadcasted as the participant's public key. The secret reconstruction is based on CRT.

Initialization. The
are chosen subject to the following conditions: where = ∏ =1 , = / , and = −1 mod . Then the shared secret is 3.4. Security Analysis. However, Harn et al. [18] pointed out that the value need be in the t-threshold range ( − +2 ⋅ − +3 ⋅ ⋅ ⋅ ⋅ ⋅ , 1 ⋅ 2 ⋅ ⋅ ⋅ ⋅ ⋅ ); otherwise, it could be obtained by fewer than t participants. In the following, we give an example to illustrate this vulnerability.
Besides, Hwang and Chang [19] proposed a method to generate a pairwise relative prime integer set which satisfies the requirements of Asmuth-Bloom's and our schemes, and this specific integer set is not unique.

Proposed Secret Sharing Scheme
The traditional ( , ) secret sharing scheme is composed of a trusted dealer D and participants 1 , 2 , ⋅ ⋅ ⋅ , . Our secret sharing scheme consists of three phases, that is, initialization phase, share generation phase, and secret reconstruction phase. In secret generation phase, we improve Asmuth-Bloom's scheme by considering the -threshold range. We do the secret reconstruction by Euler's phi function, and the correctness is based upon Theorem 3 in Section 2.

Initialization. The dealer
The dealer D broadcasts the value 0 and sends the value to participant as his/her public information, for 1 ≤ ≤ .

Share Generation.
Suppose the dealer D wants to share the secret ∈ Z 0 .

Security and Performance Analysis
In this section, we first give security analysis of the scheme proposed in Section 4 and then compare the performance of our proposed secret sharing with that of two types of classical secret sharing.

Security
Analysis. Now we analyze the fact that our proposed ( , ) secret sharing is perfect, secure as follows.
Theorem 6. Our proposed ( , ) secret sharing scheme described in Section 4 is perfect, that is, the following two properties are satisfied: (1) If any participants pool their shares, then they can determine the value of .
(2) If any − 1 participants pool their shares, then they can determine nothing about the value of .
Proof. Based on the conditions of our scheme, where (1) If any participants pool their shares 1 , 2 , ⋅ ⋅ ⋅ , , as described in Theorem 3, the system of congruences  In reconstructing phase, suppose that 3 and 4 cooperate; by (19) we have = 3 × 12 (13) + 10 × 13 (12) mod (13 × 12) = 94, and, then, the secret can be reconstructed as As in many literatures, we assume that all participants pool the real shares when they collaborate to recover the shared secret. To enhance the security, it can be combined with other cheater detection mechanisms to check the validity of the shares before recovery of the secret.

Performance Analysis.
In this section, we analyze the computational cost of our proposed scheme and compare it with the other two classic secret sharing schemes, as summarized in Table 1. In Shamir's ( , ) scheme, the secret recovery using the usual polynomial interpolation requires O( log 2 ) operations. In the Asmuth-Bloom's scheme, the modular

Scheme
Secret recovery Shamir's scheme [5] O ( log 2 ) Asmuth-Bloom's scheme [8] O ( ) Our scheme O ( ) method of secret recovery requires only O( ) operations. In our scheme, the computation complexity of ( ) ( ) mod requires at most O(log ) operations. However, this can be improved at the cost of storage room by keeping a table. Once the value of ( ) ( ) mod (1 ≤ ≤ ) is known, it requires only O( ) operations to recover the secret.

Renewable Secret Sharing Scheme
The generalized Chinese remainder theorem (GCRT) [9,10] is a variation of CRT with an additional integer introduced as a common modulus. Inspired by GCRT, we have the following result.
Then the system of congruences has a unique solution modulo , which is given by where = / and = ⌈ ⋅ / ⌉ for 1 ≤ ≤ .
Proof. It amounts to showing that in (28) is a solution to the system of congruences (19). The proof of uniqueness is similar to Theorem 3. For 1 ≤ ≤ , consider a term ( ) ( ) in the above summation, reduced modulo .
Since ( ) ( ) mod = and < , we have If is a multiple of , then and we have If is not a multiple of , then because (1 − (( ⋅ mod )/ )) / < 1 and < .
Although more computation is required, more flexible performance can be achieved. In the traditional secret sharing scheme, if we want to refresh the secret, the corresponding congruences system should be modified. However, based upon Theorem 8, we can refresh the shared secret without changing the share and the public information of the participants.
Compared with the previous scheme, the refreshable secret sharing scheme adds a secret refresh phase. In share generation phase, the dealer needs to broadcast an additional parameter as follows.
6.2. Share Generation. Suppose the dealer D wants to share the secret ∈ Z 0 . The dealer D firstly selects and broadcasts an integer ∈ (0, min 1≤ ≤ { }). Secondly, the dealer D chooses a random integer then generating ≡ ⌊ + 0 / ⌋mod , which is the private share of the participant , for 1 ≤ ≤ . (38)

Conclusions
In this paper, we first show a new method to reconstruct the secret by the system of congruences utilizing Euler's theorem and propose a new type of perfect secret sharing scheme based on modular arithmetic. Furthermore, inspired by [20], we introduce an extra integer to help us to refresh the secret without changing the information the participant holds; only one public broadcasting parameter needs to be updated.

Data Availability
The relevant analysis data used to support the findings of this study are included in the article.

Conflicts of Interest
The authors declare that they have no conflicts of interest.